Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity
iwd/src/netdev.c

4768 lines
115 KiB
C
Raw Normal View History

core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
/*
*
* Wireless daemon for Linux
*
* Copyright (C) 2013-2014 Intel Corporation. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
core: Only enable RTNL debugging when IWD_RTNL_DEBUG is set
2014-08-07 05:28:58 +02:00
#include <stdlib.h>
netdev: Add netdev_get_path
2018-08-20 06:12:14 +02:00
#include <stdio.h>
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
#include <linux/rtnetlink.h>
#include <net/if_arp.h>
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
#include <linux/if.h>
netdev: Move eapol_io handling
2016-06-16 22:23:45 +02:00
#include <linux/if_packet.h>
wiphy: Rename netdev to device
2016-05-31 19:57:24 +02:00
#include <linux/if_ether.h>
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
#include <arpa/inet.h>
#include <linux/filter.h>
netdev: Move eapol_io handling
2016-06-16 22:23:45 +02:00
#include <sys/socket.h>
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
#include <errno.h>
netdev: Implement interface filtering
2016-06-24 00:34:29 +02:00
#include <fnmatch.h>
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
#include <ell/ell.h>
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
#include "linux/nl80211.h"
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
#include "src/iwd.h"
core: Add sanity check to sync RTNL link deletion with nl80211
2014-08-07 08:52:42 +02:00
#include "src/wiphy.h"
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
#include "src/ie.h"
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
#include "src/mpdu.h"
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
#include "src/eapol.h"
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
#include "src/handshake.h"
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
#include "src/crypto.h"
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
#include "src/device.h"
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
#include "src/scan.h"
core: Add missing include for network interface tracking
2014-06-21 20:51:26 +02:00
#include "src/netdev.h"
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
#include "src/wscutil.h"
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
#include "src/ftutil.h"
netdev: Add netdev_preauthenticate Add preauthentication logic. The callback receives the new PMK only.
2017-04-29 03:53:27 +02:00
#include "src/util.h"
netdev: Simplify event watches using watchlist
2017-09-01 01:18:41 +02:00
#include "src/watchlist.h"
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
#include "src/sae.h"
build: Rename nl80211_util.[ch] into nl80211util.[ch]
2018-10-14 05:41:06 +02:00
#include "src/nl80211util.h"
core: Add missing include for network interface tracking
2014-06-21 20:51:26 +02:00
netdev: Ignore CMD_SET_STATION errors Certain WiFi drivers do not support using CMD_SET_STATION (e.g. mwifiex). It is not completely clear how such drivers handle the AUTHORIZED state, but they don't seem to take it into account. So for such drivers, ignore the -ENOTSUPP error return from CMD_SET_STATION.
2017-05-30 23:55:56 +02:00
#ifndef ENOTSUPP
#define ENOTSUPP 524
#endif
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state {
struct handshake_state super;
uint32_t pairwise_new_key_cmd_id;
uint32_t group_new_key_cmd_id;
uint32_t group_management_new_key_cmd_id;
uint32_t set_station_cmd_id;
struct netdev *netdev;
};
netdev: Add netdev struct definition
2016-06-01 22:26:02 +02:00
struct netdev {
uint32_t index;
char name[IFNAMSIZ];
uint32_t type;
uint8_t addr[ETH_ALEN];
netdev: Remove device when netdev is freed
2016-06-25 06:04:01 +02:00
struct device *device;
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
struct wiphy *wiphy;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
unsigned int ifi_flags;
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
uint32_t frequency;
netdev: Move eapol_io handling
2016-06-16 22:23:45 +02:00
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
netdev_event_func_t event_filter;
netdev_connect_cb_t connect_cb;
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
netdev_disconnect_cb_t disconnect_cb;
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
netdev_neighbor_report_cb_t neighbor_report_cb;
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
netdev_command_cb_t adhoc_cb;
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
void *user_data;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
struct eapol_sm *sm;
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
struct sae_sm *sae_sm;
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
struct handshake_state *handshake;
netdev: Cancel the CMD_CONNECT genl command on disconnect CMD_DISCONNECT fails on some occasions when CMD_CONNECT is still running. When this happens the DBus disconnect command receives an error reply but iwd's device state is left as disconnected even though there's a connection at the kernel level which times out a few seconds later. If the CMD_CONNECT is cancelled I couldn't reproduce this so far. src/network.c:network_connect() src/network.c:network_connect_psk() src/network.c:network_connect_psk() psk: 69ae3f8b2f84a438cf6a44275913182dd2714510ccb8cbdf8da9dc8b61718560 src/network.c:network_connect_psk() len: 32 src/network.c:network_connect_psk() ask_psk: false src/device.c:device_enter_state() Old State: disconnected, new state: connecting src/scan.c:scan_notify() Scan notification 33 src/device.c:device_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 6, result: 5 src/device.c:device_enter_state() Old State: connecting, new state: disconnecting src/device.c:device_disconnect_cb() 6, success: 0 src/device.c:device_enter_state() Old State: disconnecting, new state: disconnected src/scan.c:scan_notify() Scan notification 34 src/netdev.c:netdev_mlme_notify() MLME notification 19 src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 37 src/netdev.c:netdev_authenticate_event() src/scan.c:get_scan_callback() get_scan_callback src/scan.c:get_scan_done() get_scan_done src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 19 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 38 src/netdev.c:netdev_associate_event() src/netdev.c:netdev_mlme_notify() MLME notification 46 src/netdev.c:netdev_connect_event() <delay> src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 src/netdev.c:netdev_mlme_notify() MLME notification 39 src/netdev.c:netdev_deauthenticate_event()
2016-08-05 14:25:34 +02:00
uint32_t connect_cmd_id;
netdev: Finalize disconnects on device removal When device is removed or otherwise freed, netdev_connect callbacks are invoked. Treat disconnects similarly
2016-09-21 22:20:51 +02:00
uint32_t disconnect_cmd_id;
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
uint32_t join_adhoc_cmd_id;
uint32_t leave_adhoc_cmd_id;
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
uint32_t set_interface_cmd_id;
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
enum netdev_result result;
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
struct l_timeout *neighbor_report_timeout;
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
struct l_timeout *sa_query_timeout;
uint16_t sa_query_id;
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
uint8_t prev_bssid[ETH_ALEN];
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
int8_t rssi_levels[16];
netdev: Fix off-by-one error rssi_levels_num should be able to hold a value of L_ARRAY_SIZE(rssi_levels) (which is 16). However, the maximum value is 15.
2017-05-30 18:31:14 +02:00
uint8_t rssi_levels_num;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
uint8_t cur_rssi_level_idx;
int8_t cur_rssi;
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
struct l_timeout *rssi_poll_timeout;
uint32_t rssi_poll_cmd_id;
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
uint32_t set_powered_cmd_id;
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
netdev_command_cb_t set_powered_cb;
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
void *set_powered_user_data;
netdev_destroy_func_t set_powered_destroy;
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
struct watchlist frame_watches;
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
struct watchlist station_watches;
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
struct l_io *pae_io; /* for drivers without EAPoL over NL80211 */
netdev: Properly cleanup removed interfaces
2016-07-20 00:45:48 +02:00
bool connected : 1;
netdev: keep track of operational state We should not attempt to call connect_failed if we're have become operational. E.g. successfully associated, ran eapol if necessary and set operstate.
2016-09-22 22:55:07 +02:00
bool operational : 1;
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
bool rekey_offload_support : 1;
netdev: Allow iwd.conf to specify PAE over NL80211 Right now iwd uses Control Port over NL80211 feature if the kernel / driver supports it. On some kernels this feature is still buggy, so add an iwd.conf entry to allow the user to override id. For now the default is to disable this feature until it is more stable.
2018-07-02 03:35:22 +02:00
bool pae_over_nl80211 : 1;
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
bool in_ft : 1;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
bool cur_rssi_low : 1;
netdev: add helper to set/unset 4ADDR property
2018-06-14 04:11:23 +02:00
bool use_4addr : 1;
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
};
netdev: Add netdev_preauthenticate Add preauthentication logic. The callback receives the new PMK only.
2017-04-29 03:53:27 +02:00
struct netdev_preauth_state {
netdev_preauthenticate_cb_t cb;
void *user_data;
struct netdev *netdev;
};
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
struct netdev_watch {
uint32_t id;
netdev_watch_func_t callback;
void *user_data;
netdev: Add netdev struct definition
2016-06-01 22:26:02 +02:00
};
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
struct netdev_frame_watch {
uint16_t frame_type;
uint8_t *prefix;
size_t prefix_len;
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
struct watchlist_item super;
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
};
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
static struct l_netlink *rtnl = NULL;
netdev: Make netdev_init accept nl80211
2016-06-01 21:58:51 +02:00
static struct l_genl_family *nl80211;
netdev: Add netdev_find
2016-06-01 22:35:26 +02:00
static struct l_queue *netdev_list;
netdev: Implement interface filtering
2016-06-24 00:34:29 +02:00
static char **whitelist_filter;
static char **blacklist_filter;
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
static struct watchlist netdev_watches;
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
static void do_debug(const char *str, void *user_data)
{
const char *prefix = user_data;
l_info("%s%s", prefix, str);
}
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
static void netdev_handshake_state_free(struct handshake_state *hs)
{
struct netdev_handshake_state *nhs =
container_of(hs, struct netdev_handshake_state, super);
if (nhs->pairwise_new_key_cmd_id) {
l_genl_family_cancel(nl80211, nhs->pairwise_new_key_cmd_id);
nhs->pairwise_new_key_cmd_id = 0;
}
if (nhs->group_new_key_cmd_id) {
l_genl_family_cancel(nl80211, nhs->group_new_key_cmd_id);
nhs->group_new_key_cmd_id = 0;
}
if (nhs->group_management_new_key_cmd_id) {
l_genl_family_cancel(nl80211,
nhs->group_management_new_key_cmd_id);
nhs->group_management_new_key_cmd_id = 0;
}
if (nhs->set_station_cmd_id) {
l_genl_family_cancel(nl80211, nhs->set_station_cmd_id);
nhs->set_station_cmd_id = 0;
}
l_free(nhs);
}
struct handshake_state *netdev_handshake_state_new(struct netdev *netdev)
{
struct netdev_handshake_state *nhs;
nhs = l_new(struct netdev_handshake_state, 1);
nhs->super.ifindex = netdev->index;
nhs->super.free = netdev_handshake_state_free;
nhs->netdev = netdev;
return &nhs->super;
}
netdev: added accessor for wiphy Added an accessor to get wiphy associated with a network device
2018-05-24 19:12:09 +02:00
struct wiphy *netdev_get_wiphy(struct netdev *netdev)
{
return netdev->wiphy;
}
netdev: Move rta_add_u8 Move closer to where it is used
2016-05-05 18:31:51 +02:00
static size_t rta_add_u8(void *rta_buf, unsigned short type, uint8_t value)
{
struct rtattr *rta = rta_buf;
rta->rta_len = RTA_LENGTH(sizeof(uint8_t));
rta->rta_type = type;
*((uint8_t *) RTA_DATA(rta)) = value;
return RTA_SPACE(sizeof(uint8_t));
}
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
static uint32_t rtnl_set_linkmode_and_operstate(int ifindex,
uint8_t linkmode, uint8_t operstate,
l_netlink_command_func_t cb,
void *user_data,
l_netlink_destroy_func_t destroy)
netdev: Add function to set the linkmode and operstate of the link This is needed after connecting successfully to AP.
2015-03-27 08:54:24 +01:00
{
struct ifinfomsg *rtmmsg;
void *rta_buf;
size_t bufsize;
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
uint32_t id;
netdev: Add function to set the linkmode and operstate of the link This is needed after connecting successfully to AP.
2015-03-27 08:54:24 +01:00
netdev: Add padding to netlink family headers Use the NLMSG_ALIGN macro on the family header size (struct ifinfomsg in this case). The ascii graphics in include/net/netlink.h show that both the netlink header and the family header should be padded. The netlink header (nlmsghdr) is already padded in ell. To "document" this requirementin ell what we could do is take two buffers, one for the family header and one for the attributes. This doesn't change anything for most people because ifinfomsg is already 16-byte long on the usual architectures.
2016-11-07 16:42:02 +01:00
bufsize = NLMSG_ALIGN(sizeof(struct ifinfomsg)) +
netdev: Add function to set the linkmode and operstate of the link This is needed after connecting successfully to AP.
2015-03-27 08:54:24 +01:00
RTA_SPACE(sizeof(uint8_t)) + RTA_SPACE(sizeof(uint8_t));
rtmmsg = l_malloc(bufsize);
memset(rtmmsg, 0, bufsize);
rtmmsg->ifi_family = AF_UNSPEC;
rtmmsg->ifi_index = ifindex;
netdev: Add padding to netlink family headers Use the NLMSG_ALIGN macro on the family header size (struct ifinfomsg in this case). The ascii graphics in include/net/netlink.h show that both the netlink header and the family header should be padded. The netlink header (nlmsghdr) is already padded in ell. To "document" this requirementin ell what we could do is take two buffers, one for the family header and one for the attributes. This doesn't change anything for most people because ifinfomsg is already 16-byte long on the usual architectures.
2016-11-07 16:42:02 +01:00
rta_buf = (void *) rtmmsg + NLMSG_ALIGN(sizeof(struct ifinfomsg));
netdev: Add function to set the linkmode and operstate of the link This is needed after connecting successfully to AP.
2015-03-27 08:54:24 +01:00
rta_buf += rta_add_u8(rta_buf, IFLA_LINKMODE, linkmode);
rta_buf += rta_add_u8(rta_buf, IFLA_OPERSTATE, operstate);
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
id = l_netlink_send(rtnl, RTM_SETLINK, 0, rtmmsg,
netdev: Add function to set the linkmode and operstate of the link This is needed after connecting successfully to AP.
2015-03-27 08:54:24 +01:00
rta_buf - (void *) rtmmsg,
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
cb, user_data, destroy);
netdev: Add function to set the linkmode and operstate of the link This is needed after connecting successfully to AP.
2015-03-27 08:54:24 +01:00
l_free(rtmmsg);
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
return id;
netdev: Add function to set the linkmode and operstate of the link This is needed after connecting successfully to AP.
2015-03-27 08:54:24 +01:00
}
netdev: Add netdev_get_address
2016-06-01 22:27:39 +02:00
const uint8_t *netdev_get_address(struct netdev *netdev)
{
return netdev->addr;
}
netdev: Add netdev_get_ifindex
2016-06-01 22:27:05 +02:00
uint32_t netdev_get_ifindex(struct netdev *netdev)
{
return netdev->index;
}
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
enum netdev_iftype netdev_get_iftype(struct netdev *netdev)
netdev: Add netdev_get_iftype
2016-06-02 00:04:10 +02:00
{
netdev: Add IFTYPE_ADHOC interface type netdev_set_iftype and get_iftype were also changed to account for all three interface types.
2018-07-17 00:29:14 +02:00
switch (netdev->type) {
case NL80211_IFTYPE_STATION:
return NETDEV_IFTYPE_STATION;
case NL80211_IFTYPE_AP:
return NETDEV_IFTYPE_AP;
case NL80211_IFTYPE_ADHOC:
return NETDEV_IFTYPE_ADHOC;
default:
/* cant really do much here */
l_error("invalid iftype %u", netdev->type);
return NETDEV_IFTYPE_STATION;
}
netdev: Add netdev_get_iftype
2016-06-02 00:04:10 +02:00
}
netdev: Add netdev_get_name
2016-06-02 00:05:56 +02:00
const char *netdev_get_name(struct netdev *netdev)
{
return netdev->name;
}
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
bool netdev_get_is_up(struct netdev *netdev)
{
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
return (netdev->ifi_flags & IFF_UP) != 0;
}
netdev: Add netdev_get_handshake Getter for current handshake_state object.
2016-12-23 11:38:07 +01:00
struct handshake_state *netdev_get_handshake(struct netdev *netdev)
{
return netdev->handshake;
}
netdev: Add netdev_get_device
2018-08-17 21:59:01 +02:00
struct device *netdev_get_device(struct netdev *netdev)
{
return netdev->device;
}
netdev: Add netdev_get_path
2018-08-20 06:12:14 +02:00
const char *netdev_get_path(struct netdev *netdev)
{
static char path[26];
snprintf(path, sizeof(path), "%s/%u", wiphy_get_path(netdev->wiphy),
netdev->index);
return path;
}
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
static void netdev_set_powered_result(int error, uint16_t type,
const void *data,
uint32_t len, void *user_data)
{
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
struct netdev *netdev = user_data;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
if (netdev->set_powered_cb)
netdev->set_powered_cb(netdev, error,
netdev->set_powered_user_data);
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
netdev->set_powered_cb = NULL;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
}
static void netdev_set_powered_destroy(void *user_data)
{
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
struct netdev *netdev = user_data;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
netdev->set_powered_cmd_id = 0;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
if (netdev->set_powered_destroy)
netdev->set_powered_destroy(netdev->set_powered_user_data);
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
netdev->set_powered_destroy = NULL;
netdev->set_powered_user_data = NULL;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
}
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
static uint32_t rtnl_set_powered(int ifindex, bool powered,
l_netlink_command_func_t cb, void *user_data,
l_netlink_destroy_func_t destroy)
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
{
struct ifinfomsg *rtmmsg;
size_t bufsize;
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
uint32_t id;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev: Add padding to netlink family headers Use the NLMSG_ALIGN macro on the family header size (struct ifinfomsg in this case). The ascii graphics in include/net/netlink.h show that both the netlink header and the family header should be padded. The netlink header (nlmsghdr) is already padded in ell. To "document" this requirementin ell what we could do is take two buffers, one for the family header and one for the attributes. This doesn't change anything for most people because ifinfomsg is already 16-byte long on the usual architectures.
2016-11-07 16:42:02 +01:00
bufsize = NLMSG_ALIGN(sizeof(struct ifinfomsg));
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
rtmmsg = l_malloc(bufsize);
memset(rtmmsg, 0, bufsize);
rtmmsg->ifi_family = AF_UNSPEC;
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
rtmmsg->ifi_index = ifindex;
rtmmsg->ifi_change = IFF_UP;
rtmmsg->ifi_flags = powered ? IFF_UP : 0;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
id = l_netlink_send(rtnl, RTM_SETLINK, 0, rtmmsg, bufsize,
cb, user_data, destroy);
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
l_free(rtmmsg);
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
return id;
}
int netdev_set_powered(struct netdev *netdev, bool powered,
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
netdev_command_cb_t callback, void *user_data,
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
netdev_destroy_func_t destroy)
{
netdev: Reject setting powered while setting iftype In netdev_set_powered also check that no NL80211_CMD_SET_INTERFACE is in progress because once it returned we would overwrite netdev->set_powered_cmd_id (could also add a check there but it seems more logical to just disallow Powered property changes while Mode is being changed, since we also disallow Mode changes while Powered is being changed.)
2018-09-25 17:43:47 +02:00
if (netdev->set_powered_cmd_id ||
netdev->set_interface_cmd_id)
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
return -EBUSY;
netdev->set_powered_cmd_id =
rtnl_set_powered(netdev->index, powered,
netdev_set_powered_result, netdev,
netdev_set_powered_destroy);
if (!netdev->set_powered_cmd_id)
return -EIO;
netdev->set_powered_cb = callback;
netdev->set_powered_user_data = user_data;
netdev->set_powered_destroy = destroy;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
return 0;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
}
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
static void netdev_set_rssi_level_idx(struct netdev *netdev)
{
uint8_t new_level;
for (new_level = 0; new_level < netdev->rssi_levels_num; new_level++)
if (netdev->cur_rssi >= netdev->rssi_levels[new_level])
break;
netdev->cur_rssi_level_idx = new_level;
}
static void netdev_rssi_poll_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = user_data;
struct l_genl_attr attr, nested;
uint16_t type, len;
const void *data;
bool found;
uint8_t prev_rssi_level_idx = netdev->cur_rssi_level_idx;
netdev->rssi_poll_cmd_id = 0;
if (!l_genl_attr_init(&attr, msg))
goto done;
found = false;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
if (type != NL80211_ATTR_STA_INFO)
continue;
found = true;
break;
}
if (!found || !l_genl_attr_recurse(&attr, &nested))
goto done;
found = false;
while (l_genl_attr_next(&nested, &type, &len, &data)) {
if (type != NL80211_STA_INFO_SIGNAL_AVG)
continue;
if (len != 1)
continue;
found = true;
netdev->cur_rssi = *(const int8_t *) data;
break;
}
if (!found)
goto done;
/*
* Note we don't have to handle LOW_SIGNAL_THRESHOLD here. The
* CQM single threshold RSSI monitoring should work even if the
* kernel driver doesn't support multiple thresholds. So the
* polling only handles the client-supplied threshold list.
*/
netdev_set_rssi_level_idx(netdev);
if (netdev->cur_rssi_level_idx != prev_rssi_level_idx)
netdev->event_filter(netdev, NETDEV_EVENT_RSSI_LEVEL_NOTIFY,
netdev->user_data);
done:
/* Rearm timer */
l_timeout_modify(netdev->rssi_poll_timeout, 6);
}
static void netdev_rssi_poll(struct l_timeout *timeout, void *user_data)
{
struct netdev *netdev = user_data;
struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_GET_STATION, 64);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN,
netdev->handshake->aa);
netdev->rssi_poll_cmd_id = l_genl_family_send(nl80211, msg,
netdev_rssi_poll_cb,
netdev, NULL);
}
/* To be called whenever operational or rssi_levels_num are updated */
static void netdev_rssi_polling_update(struct netdev *netdev)
{
wiphy: Rename get_ext_feature API to has_ext_feature
2018-05-24 20:12:36 +02:00
if (wiphy_has_ext_feature(netdev->wiphy,
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
NL80211_EXT_FEATURE_CQM_RSSI_LIST))
return;
if (netdev->operational && netdev->rssi_levels_num > 0) {
if (netdev->rssi_poll_timeout)
return;
netdev->rssi_poll_timeout =
l_timeout_create(1, netdev_rssi_poll, netdev, NULL);
} else {
if (!netdev->rssi_poll_timeout)
return;
l_timeout_remove(netdev->rssi_poll_timeout);
netdev->rssi_poll_timeout = NULL;
if (netdev->rssi_poll_cmd_id) {
l_genl_family_cancel(nl80211, netdev->rssi_poll_cmd_id);
netdev->rssi_poll_cmd_id = 0;
}
}
}
netdev: Add netdev_preauthenticate Add preauthentication logic. The callback receives the new PMK only.
2017-04-29 03:53:27 +02:00
static void netdev_preauth_destroy(void *data)
{
struct netdev_preauth_state *state = data;
if (state->cb)
state->cb(state->netdev, NETDEV_RESULT_ABORTED, NULL,
state->user_data);
l_free(state);
}
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
static void netdev_connect_free(struct netdev *netdev)
{
if (netdev->sm) {
eapol_sm_free(netdev->sm);
netdev->sm = NULL;
}
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
if (netdev->sae_sm) {
sae_sm_free(netdev->sae_sm);
netdev->sae_sm = NULL;
}
netdev: Add netdev_preauthenticate Add preauthentication logic. The callback receives the new PMK only.
2017-04-29 03:53:27 +02:00
eapol_preauth_cancel(netdev->index);
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
if (netdev->handshake) {
handshake_state_free(netdev->handshake);
netdev->handshake = NULL;
netdev: Fix double-free We should only call eapol_cancel if netdev_connect_free was not triggered as a result of handshake failure.
2016-08-23 20:15:00 +02:00
}
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev: More neighbor_report_req error handling Make sure that the Neighbor Report timeout is cancelled when connection breaks or device is being destroyed, and call the callback. Add an errno parameter to the callback to indicate the cause.
2017-01-23 12:38:40 +01:00
if (netdev->neighbor_report_cb) {
netdev->neighbor_report_cb(netdev, -ENOTCONN, NULL, 0,
netdev->user_data);
netdev->neighbor_report_cb = NULL;
l_timeout_remove(netdev->neighbor_report_timeout);
}
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
if (netdev->sa_query_timeout) {
l_timeout_remove(netdev->sa_query_timeout);
netdev->sa_query_timeout = NULL;
}
netdev: keep track of operational state We should not attempt to call connect_failed if we're have become operational. E.g. successfully associated, ran eapol if necessary and set operstate.
2016-09-22 22:55:07 +02:00
netdev->operational = false;
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev->connected = false;
netdev->connect_cb = NULL;
netdev->event_filter = NULL;
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
netdev->user_data = NULL;
netdev->result = NETDEV_RESULT_OK;
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
netdev->in_ft = false;
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
netdev_rssi_polling_update(netdev);
netdev: Cancel the CMD_CONNECT genl command on disconnect CMD_DISCONNECT fails on some occasions when CMD_CONNECT is still running. When this happens the DBus disconnect command receives an error reply but iwd's device state is left as disconnected even though there's a connection at the kernel level which times out a few seconds later. If the CMD_CONNECT is cancelled I couldn't reproduce this so far. src/network.c:network_connect() src/network.c:network_connect_psk() src/network.c:network_connect_psk() psk: 69ae3f8b2f84a438cf6a44275913182dd2714510ccb8cbdf8da9dc8b61718560 src/network.c:network_connect_psk() len: 32 src/network.c:network_connect_psk() ask_psk: false src/device.c:device_enter_state() Old State: disconnected, new state: connecting src/scan.c:scan_notify() Scan notification 33 src/device.c:device_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 6, result: 5 src/device.c:device_enter_state() Old State: connecting, new state: disconnecting src/device.c:device_disconnect_cb() 6, success: 0 src/device.c:device_enter_state() Old State: disconnecting, new state: disconnected src/scan.c:scan_notify() Scan notification 34 src/netdev.c:netdev_mlme_notify() MLME notification 19 src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 37 src/netdev.c:netdev_authenticate_event() src/scan.c:get_scan_callback() get_scan_callback src/scan.c:get_scan_done() get_scan_done src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 19 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 38 src/netdev.c:netdev_associate_event() src/netdev.c:netdev_mlme_notify() MLME notification 46 src/netdev.c:netdev_connect_event() <delay> src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 src/netdev.c:netdev_mlme_notify() MLME notification 39 src/netdev.c:netdev_deauthenticate_event()
2016-08-05 14:25:34 +02:00
if (netdev->connect_cmd_id) {
l_genl_family_cancel(nl80211, netdev->connect_cmd_id);
netdev->connect_cmd_id = 0;
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
} else if (netdev->disconnect_cmd_id) {
l_genl_family_cancel(nl80211, netdev->disconnect_cmd_id);
netdev->disconnect_cmd_id = 0;
netdev: Cancel the CMD_CONNECT genl command on disconnect CMD_DISCONNECT fails on some occasions when CMD_CONNECT is still running. When this happens the DBus disconnect command receives an error reply but iwd's device state is left as disconnected even though there's a connection at the kernel level which times out a few seconds later. If the CMD_CONNECT is cancelled I couldn't reproduce this so far. src/network.c:network_connect() src/network.c:network_connect_psk() src/network.c:network_connect_psk() psk: 69ae3f8b2f84a438cf6a44275913182dd2714510ccb8cbdf8da9dc8b61718560 src/network.c:network_connect_psk() len: 32 src/network.c:network_connect_psk() ask_psk: false src/device.c:device_enter_state() Old State: disconnected, new state: connecting src/scan.c:scan_notify() Scan notification 33 src/device.c:device_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 6, result: 5 src/device.c:device_enter_state() Old State: connecting, new state: disconnecting src/device.c:device_disconnect_cb() 6, success: 0 src/device.c:device_enter_state() Old State: disconnecting, new state: disconnected src/scan.c:scan_notify() Scan notification 34 src/netdev.c:netdev_mlme_notify() MLME notification 19 src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 37 src/netdev.c:netdev_authenticate_event() src/scan.c:get_scan_callback() get_scan_callback src/scan.c:get_scan_done() get_scan_done src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 19 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 38 src/netdev.c:netdev_associate_event() src/netdev.c:netdev_mlme_notify() MLME notification 46 src/netdev.c:netdev_connect_event() <delay> src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 src/netdev.c:netdev_mlme_notify() MLME notification 39 src/netdev.c:netdev_deauthenticate_event()
2016-08-05 14:25:34 +02:00
}
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
}
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
static void netdev_connect_failed(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = user_data;
netdev_connect_cb_t connect_cb = netdev->connect_cb;
netdev: Emit DISCONNECT_BY_SME event on eapol failures There are situations when a CMD_DISCONNECT or deauthenticate will be issued locally because of an error detected locally where netdev would not be able to emit a event to the device object. The CMD_DISCONNECT handler can only send an event if the disconnect is triggered by the AP because we don't have an enum value defined for other diconnects. We have these values defined for the connect callback but those errors may happen when the connect callback is already NULL because a connection has been estabilshed. So add an event type for local errors. These situations may occur in a transition negotiation or in an eapol handshake failure during rekeying resulting in a call to netdev_handshake_failed.
2016-12-12 18:34:28 +01:00
netdev_event_func_t event_filter = netdev->event_filter;
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
void *connect_data = netdev->user_data;
enum netdev_result result = netdev->result;
netdev: Make sure to set disconnect_cmd_id to 0
2016-09-23 04:03:00 +02:00
netdev->disconnect_cmd_id = 0;
netdev: Fix typo
2016-12-20 17:31:33 +01:00
/* Done this way to allow re-entrant netdev_connect calls */
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
netdev_connect_free(netdev);
if (connect_cb)
connect_cb(netdev, result, connect_data);
netdev: Emit DISCONNECT_BY_SME event on eapol failures There are situations when a CMD_DISCONNECT or deauthenticate will be issued locally because of an error detected locally where netdev would not be able to emit a event to the device object. The CMD_DISCONNECT handler can only send an event if the disconnect is triggered by the AP because we don't have an enum value defined for other diconnects. We have these values defined for the connect callback but those errors may happen when the connect callback is already NULL because a connection has been estabilshed. So add an event type for local errors. These situations may occur in a transition negotiation or in an eapol handshake failure during rekeying resulting in a call to netdev_handshake_failed.
2016-12-12 18:34:28 +01:00
else if (event_filter)
event_filter(netdev, NETDEV_EVENT_DISCONNECT_BY_SME,
connect_data);
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
}
netdev: Add netdev_find
2016-06-01 22:35:26 +02:00
static void netdev_free(void *data)
{
struct netdev *netdev = data;
l_debug("Freeing netdev %s[%d]", netdev->name, netdev->index);
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
netdev: More neighbor_report_req error handling Make sure that the Neighbor Report timeout is cancelled when connection breaks or device is being destroyed, and call the callback. Add an errno parameter to the callback to indicate the cause.
2017-01-23 12:38:40 +01:00
if (netdev->neighbor_report_cb) {
netdev->neighbor_report_cb(netdev, -ENODEV, NULL, 0,
netdev->user_data);
netdev->neighbor_report_cb = NULL;
l_timeout_remove(netdev->neighbor_report_timeout);
}
[PATCH netdev: Don't generate disconnect event in netdev_free As discussed previously there's no point in having device.c change state to autoconnect when device_remove will be called next.
2017-02-10 03:23:15 +01:00
if (netdev->connected)
netdev_connect_free(netdev);
else if (netdev->disconnect_cmd_id) {
netdev: Finalize disconnects on device removal When device is removed or otherwise freed, netdev_connect callbacks are invoked. Treat disconnects similarly
2016-09-21 22:20:51 +02:00
l_genl_family_cancel(nl80211, netdev->disconnect_cmd_id);
netdev->disconnect_cmd_id = 0;
if (netdev->disconnect_cb)
netdev->disconnect_cb(netdev, true, netdev->user_data);
netdev->disconnect_cb = NULL;
netdev->user_data = NULL;
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
}
netdev: Move eapol_read to eapol.c
2016-06-28 23:58:17 +02:00
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
if (netdev->join_adhoc_cmd_id) {
l_genl_family_cancel(nl80211, netdev->join_adhoc_cmd_id);
netdev->join_adhoc_cmd_id = 0;
}
if (netdev->leave_adhoc_cmd_id) {
l_genl_family_cancel(nl80211, netdev->leave_adhoc_cmd_id);
netdev->leave_adhoc_cmd_id = 0;
}
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
if (netdev->set_powered_cmd_id) {
l_netlink_cancel(rtnl, netdev->set_powered_cmd_id);
netdev->set_powered_cmd_id = 0;
}
netdev: Check that netdev->device is not NULL Check that netdev->device is not NULL before doing device_remove() (which would crash) and emitting NETDEV_WATCH_EVENT_DEL. It may be NULL if the initial RTM_SETLINK has failed to bring device UP.
2018-10-05 03:53:14 +02:00
if (netdev->device) {
WATCHLIST_NOTIFY(&netdev_watches, netdev_watch_func_t,
netdev, NETDEV_WATCH_EVENT_DEL);
device_remove(netdev->device);
}
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
watchlist_destroy(&netdev->frame_watches);
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
watchlist_destroy(&netdev->station_watches);
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
l_io_destroy(netdev->pae_io);
netdev: Properly cleanup removed interfaces
2016-07-20 00:45:48 +02:00
l_free(netdev);
}
static void netdev_shutdown_one(void *data, void *user_data)
{
struct netdev *netdev = data;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
if (netdev_get_is_up(netdev))
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
rtnl_set_powered(netdev->index, false, NULL, NULL, NULL);
netdev: Add netdev_find
2016-06-01 22:35:26 +02:00
}
static bool netdev_match(const void *a, const void *b)
{
const struct netdev *netdev = a;
uint32_t ifindex = L_PTR_TO_UINT(b);
return (netdev->index == ifindex);
}
struct netdev *netdev_find(int ifindex)
{
return l_queue_find(netdev_list, netdev_match, L_UINT_TO_PTR(ifindex));
}
netdev: Move CQM event handling out of wiphy.c
2016-06-16 18:06:17 +02:00
static void netdev_lost_beacon(struct netdev *netdev)
{
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
if (!netdev->connected)
netdev: Move CQM event handling out of wiphy.c
2016-06-16 18:06:17 +02:00
return;
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
if (netdev->event_filter)
netdev->event_filter(netdev, NETDEV_EVENT_LOST_BEACON,
netdev: Move CQM event handling out of wiphy.c
2016-06-16 18:06:17 +02:00
netdev->user_data);
}
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
/* -70 dBm is a popular choice for low signal threshold for roaming */
#define LOW_SIGNAL_THRESHOLD -70
static void netdev_cqm_event_rssi_threshold(struct netdev *netdev,
uint32_t rssi_event)
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
{
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
int event;
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
if (!netdev->connected)
return;
if (rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH)
return;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
if (!netdev->event_filter)
return;
netdev->cur_rssi_low =
(rssi_event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW);
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
event = netdev->cur_rssi_low ? NETDEV_EVENT_RSSI_THRESHOLD_LOW :
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
NETDEV_EVENT_RSSI_THRESHOLD_HIGH;
netdev->event_filter(netdev, event, netdev->user_data);
}
static void netdev_rssi_level_init(struct netdev *netdev)
{
if (netdev->connected && netdev->rssi_levels_num)
netdev_set_rssi_level_idx(netdev);
}
static void netdev_cqm_event_rssi_value(struct netdev *netdev, int rssi_val)
{
bool new_rssi_low;
uint8_t prev_rssi_level_idx = netdev->cur_rssi_level_idx;
if (!netdev->connected)
return;
if (rssi_val > 127)
rssi_val = 127;
else if (rssi_val < -127)
rssi_val = -127;
netdev->cur_rssi = rssi_val;
if (!netdev->event_filter)
return;
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
new_rssi_low = rssi_val < LOW_SIGNAL_THRESHOLD;
if (netdev->cur_rssi_low != new_rssi_low) {
int event = new_rssi_low ?
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
NETDEV_EVENT_RSSI_THRESHOLD_LOW :
NETDEV_EVENT_RSSI_THRESHOLD_HIGH;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
netdev->cur_rssi_low = new_rssi_low;
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
netdev->event_filter(netdev, event, netdev->user_data);
}
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
if (!netdev->rssi_levels_num)
return;
netdev_set_rssi_level_idx(netdev);
if (netdev->cur_rssi_level_idx != prev_rssi_level_idx)
netdev->event_filter(netdev, NETDEV_EVENT_RSSI_LEVEL_NOTIFY,
netdev->user_data);
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
}
netdev: Move CQM event handling out of wiphy.c
2016-06-16 18:06:17 +02:00
static void netdev_cqm_event(struct l_genl_msg *msg, struct netdev *netdev)
{
struct l_genl_attr attr;
struct l_genl_attr nested;
uint16_t type, len;
const void *data;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
uint32_t *rssi_event = NULL;
int32_t *rssi_val = NULL;
netdev: Move CQM event handling out of wiphy.c
2016-06-16 18:06:17 +02:00
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_CQM:
if (!l_genl_attr_recurse(&attr, &nested))
return;
while (l_genl_attr_next(&nested, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_CQM_BEACON_LOSS_EVENT:
netdev_lost_beacon(netdev);
break;
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
case NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT:
if (len != 4)
continue;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
rssi_event = (uint32_t *) data;
break;
case NL80211_ATTR_CQM_RSSI_LEVEL:
if (len != 4)
continue;
rssi_val = (int32_t *) data;
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
break;
netdev: Move CQM event handling out of wiphy.c
2016-06-16 18:06:17 +02:00
}
}
break;
}
}
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
if (rssi_event) {
if (rssi_val)
netdev_cqm_event_rssi_value(netdev, *rssi_val);
else
netdev_cqm_event_rssi_threshold(netdev, *rssi_event);
}
netdev: Move CQM event handling out of wiphy.c
2016-06-16 18:06:17 +02:00
}
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
static void netdev_rekey_offload_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
struct l_genl_attr attr;
struct l_genl_attr nested;
uint16_t type, len;
const void *data;
uint64_t replay_ctr;
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
netdev: simplify
2016-07-20 00:52:36 +02:00
if (type != NL80211_ATTR_REKEY_DATA)
continue;
if (!l_genl_attr_recurse(&attr, &nested))
return;
while (l_genl_attr_next(&nested, &type, &len, &data)) {
if (type != NL80211_REKEY_DATA_REPLAY_CTR)
continue;
if (len != sizeof(uint64_t)) {
l_warn("Invalid replay_ctr");
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
return;
netdev: simplify
2016-07-20 00:52:36 +02:00
}
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
netdev: simplify
2016-07-20 00:52:36 +02:00
replay_ctr = *((uint64_t *) data);
__eapol_update_replay_counter(netdev->index,
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
netdev->addr,
netdev: Drop netdev->remote_addr
2016-12-12 18:34:21 +01:00
netdev->handshake->aa,
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
replay_ctr);
netdev: simplify
2016-07-20 00:52:36 +02:00
return;
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
}
}
}
netdev: Move disconnect event handling .. out of wiphy.c
2016-06-16 18:21:12 +02:00
static void netdev_disconnect_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
uint16_t reason_code = 0;
bool disconnect_by_ap = false;
netdev: Allow disconnect_by_ap to be re-entrant
2016-10-11 08:53:59 +02:00
netdev_event_func_t event_filter;
void *event_data;
netdev: Move disconnect event handling .. out of wiphy.c
2016-06-16 18:21:12 +02:00
l_debug("");
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
if (!netdev->connected || netdev->disconnect_cmd_id > 0 ||
netdev->in_ft)
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
return;
netdev: Move disconnect event handling .. out of wiphy.c
2016-06-16 18:21:12 +02:00
if (!l_genl_attr_init(&attr, msg)) {
l_error("attr init failed");
return;
}
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_REASON_CODE:
if (len != sizeof(uint16_t))
l_warn("Invalid reason code attribute");
else
reason_code = *((uint16_t *) data);
break;
case NL80211_ATTR_DISCONNECTED_BY_AP:
disconnect_by_ap = true;
break;
}
}
l_info("Received Deauthentication event, reason: %hu, from_ap: %s",
reason_code, disconnect_by_ap ? "true" : "false");
netdev: Allow disconnect_by_ap to be re-entrant
2016-10-11 08:53:59 +02:00
event_filter = netdev->event_filter;
event_data = netdev->user_data;
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev_connect_free(netdev);
netdev: Allow disconnect_by_ap to be re-entrant
2016-10-11 08:53:59 +02:00
netdev: Handle CMD_DISCONNECT without "by AP" flag There are situations including after beacon loss and during FT where the cfg80211 will detect we're now disconnected (in some cases will send a Deauthenticate frame too) and generate this event, or the driver may do this. For example in ieee80211_report_disconnect in net/mac80211/mlme.c will (through cfg80211) generate a CMD_DEAUTHENTICATE followed by a CMD_DISCONNECT.
2017-08-14 14:31:17 +02:00
if (!event_filter)
return;
if (disconnect_by_ap)
netdev: Allow disconnect_by_ap to be re-entrant
2016-10-11 08:53:59 +02:00
event_filter(netdev, NETDEV_EVENT_DISCONNECT_BY_AP,
event_data);
netdev: Handle CMD_DISCONNECT without "by AP" flag There are situations including after beacon loss and during FT where the cfg80211 will detect we're now disconnected (in some cases will send a Deauthenticate frame too) and generate this event, or the driver may do this. For example in ieee80211_report_disconnect in net/mac80211/mlme.c will (through cfg80211) generate a CMD_DEAUTHENTICATE followed by a CMD_DISCONNECT.
2017-08-14 14:31:17 +02:00
else
event_filter(netdev, NETDEV_EVENT_DISCONNECT_BY_SME,
event_data);
netdev: Move disconnect event handling .. out of wiphy.c
2016-06-16 18:21:12 +02:00
}
netdev: Use CMD_DISCONNECT for non-FT cases CMD_DEAUTHENTICATE is not available for FullMAC based cards. We already use CMD_CONNECT in the non-FT cases, which works on all cards. However, for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT. For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 18:08:40 +02:00
static void netdev_cmd_disconnect_cb(struct l_genl_msg *msg, void *user_data)
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
{
struct netdev *netdev = user_data;
netdev: Make invoking disconnect_cb reentrant safe
2016-09-22 23:20:33 +02:00
void *disconnect_data;
netdev_disconnect_cb_t disconnect_cb;
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
bool r;
netdev: Make sure to set disconnect_cmd_id to 0
2016-09-23 04:03:00 +02:00
netdev->disconnect_cmd_id = 0;
netdev: Make invoking disconnect_cb reentrant safe
2016-09-22 23:20:33 +02:00
if (!netdev->disconnect_cb) {
netdev->user_data = NULL;
return;
}
disconnect_data = netdev->user_data;
disconnect_cb = netdev->disconnect_cb;
netdev->user_data = NULL;
netdev->disconnect_cb = NULL;
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
if (l_genl_msg_get_error(msg) < 0)
r = false;
else
r = true;
netdev: Make invoking disconnect_cb reentrant safe
2016-09-22 23:20:33 +02:00
disconnect_cb(netdev, r, disconnect_data);
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
}
netdev: Use CMD_DISCONNECT for non-FT cases CMD_DEAUTHENTICATE is not available for FullMAC based cards. We already use CMD_CONNECT in the non-FT cases, which works on all cards. However, for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT. For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 18:08:40 +02:00
static struct l_genl_msg *netdev_build_cmd_disconnect(struct netdev *netdev,
uint16_t reason_code)
{
struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_DISCONNECT, 64);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_REASON_CODE, 2, &reason_code);
return msg;
}
static void netdev_deauthenticate_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
l_debug("");
}
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
static struct l_genl_msg *netdev_build_cmd_deauthenticate(struct netdev *netdev,
uint16_t reason_code)
{
struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_DEAUTHENTICATE, 128);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_REASON_CODE, 2, &reason_code);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN,
netdev: Drop netdev->remote_addr
2016-12-12 18:34:21 +01:00
netdev->handshake->aa);
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
return msg;
}
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
static struct l_genl_msg *netdev_build_cmd_del_station(struct netdev *netdev,
const uint8_t *sta,
uint16_t reason_code,
bool disassociate)
{
struct l_genl_msg *msg;
uint8_t subtype = disassociate ?
MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION :
MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION;
msg = l_genl_msg_new_sized(NL80211_CMD_DEL_STATION, 64);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, 6, sta);
l_genl_msg_append_attr(msg, NL80211_ATTR_MGMT_SUBTYPE, 1, &subtype);
l_genl_msg_append_attr(msg, NL80211_ATTR_REASON_CODE, 2, &reason_code);
return msg;
}
netdev: expose netdev_del_station This removes the need for duplicate code in AP/netdev for issuing a DEL_STATION command. Now AP can issue a DEL_STATION with netdev_del_station, and specify to either disassociate or deauth depending on state.
2018-07-03 23:36:34 +02:00
static void netdev_del_sta_cb(struct l_genl_msg *msg, void *user_data)
{
if (l_genl_msg_get_error(msg) < 0)
l_error("DEL_STATION failed: %i", l_genl_msg_get_error(msg));
}
int netdev_del_station(struct netdev *netdev, const uint8_t *sta,
uint16_t reason_code, bool disassociate)
{
struct l_genl_msg *msg;
msg = netdev_build_cmd_del_station(netdev, sta, reason_code,
disassociate);
if (!l_genl_family_send(nl80211, msg, netdev_del_sta_cb, NULL, NULL))
return -EIO;
return 0;
}
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
static void netdev_operstate_cb(int error, uint16_t type,
const void *data,
uint32_t len, void *user_data)
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
{
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
if (!error)
return;
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
l_debug("netdev: %u, error: %s", L_PTR_TO_UINT(user_data),
strerror(-error));
netdev: On connect success don't wait for netdev_operstate_cb Send the link_mode and operstate RTNL command in parallel with the connect Ok event, don't wait for the RTNL callback as it's non-critical.
2017-05-30 14:26:19 +02:00
}
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
netdev: On connect success don't wait for netdev_operstate_cb Send the link_mode and operstate RTNL command in parallel with the connect Ok event, don't wait for the RTNL callback as it's non-critical.
2017-05-30 14:26:19 +02:00
static void netdev_connect_ok(struct netdev *netdev)
{
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
rtnl_set_linkmode_and_operstate(netdev->index, IF_LINK_MODE_DORMANT,
IF_OPER_UP, netdev_operstate_cb,
L_UINT_TO_PTR(netdev->index), NULL);
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
netdev: keep track of operational state We should not attempt to call connect_failed if we're have become operational. E.g. successfully associated, ran eapol if necessary and set operstate.
2016-09-22 22:55:07 +02:00
netdev->operational = true;
netdev: Clear connect_cb when connected Prevents situations like this: src/device.c:device_enter_state() Old State: connecting, new state: connected src/scan.c:scan_periodic_stop() Stopping periodic scan for ifindex: 3 src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 3 src/device.c:device_disassociated() 3 src/device.c:device_enter_state() Old State: connected, new state: autoconnect
2016-08-04 17:46:41 +02:00
if (netdev->connect_cb) {
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev->connect_cb(netdev, NETDEV_RESULT_OK, netdev->user_data);
netdev: Clear connect_cb when connected Prevents situations like this: src/device.c:device_enter_state() Old State: connecting, new state: connected src/scan.c:scan_periodic_stop() Stopping periodic scan for ifindex: 3 src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 3 src/device.c:device_disassociated() 3 src/device.c:device_enter_state() Old State: connected, new state: autoconnect
2016-08-04 17:46:41 +02:00
netdev->connect_cb = NULL;
}
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
netdev_rssi_polling_update(netdev);
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
}
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
static void netdev_setting_keys_failed(struct netdev_handshake_state *nhs,
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
uint16_t reason_code)
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev *netdev = nhs->netdev;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
struct l_genl_msg *msg;
/*
netdev: Remove un-needed pairwise set_key call This seems to be no longer needed as the kernel looks up the key by the sta specific key index.
2018-06-22 02:32:54 +02:00
* Something went wrong with our sequence:
* 1. new_key(ptk)
* 2. new_key(gtk) [optional]
* 3. new_key(igtk) [optional]
* 4. set_station
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
*
* Cancel all pending commands, then de-authenticate
*/
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
l_genl_family_cancel(nl80211, nhs->pairwise_new_key_cmd_id);
nhs->pairwise_new_key_cmd_id = 0;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
l_genl_family_cancel(nl80211, nhs->group_new_key_cmd_id);
nhs->group_new_key_cmd_id = 0;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
l_genl_family_cancel(nl80211, nhs->group_management_new_key_cmd_id);
nhs->group_management_new_key_cmd_id = 0;
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
l_genl_family_cancel(nl80211, nhs->set_station_cmd_id);
nhs->set_station_cmd_id = 0;
netdev: Track the id of the SET_STATION netlink command This way we make sure it gets cancelled any sort of connect abort of netdev removal and don't leak the message on error.
2017-10-21 01:27:21 +02:00
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
netdev->result = NETDEV_RESULT_KEY_SETTING_FAILED;
handshake: remove handshake related netdev events Handshake related netdev events were removed in favor of handshake events. Now events will be emitted on the handshake object related to the 4-way handshake and key settings. Events are: HANDSHAKE_EVENT_STARTED HANDSHAKE_EVENT_SETTING_KEYS HANDSHAKE_EVENT_COMPLETE HANDSHAKE_EVENT_FAILED Right now, since netdev only operates in station mode, nothing listens for COMPLETE/FAILED, as device/wsc gets notified by the connect_cb when the connection was successful. The COMPLETE/ FAILED were added in preperation for AP moving into eapol/netdev.
2018-06-22 20:13:27 +02:00
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
handshake_event(&nhs->super, HANDSHAKE_EVENT_SETTING_KEYS_FAILED, NULL);
netdev: added checks for station/ap iftype These checks allow both a station and authenticator to use the same netdev key install functions. For NEW_KEY and SET_STATION, the iftype is checked and either handshake->aa or ->spa is used as the station address for the KEY/STATION commands. Also, in the failure cases, a disconnect command is issued only if the iftype is station as this doesn't apply to AP.
2018-06-22 20:13:28 +02:00
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
switch (netdev->type) {
case NL80211_IFTYPE_STATION:
msg = netdev_build_cmd_disconnect(netdev, reason_code);
netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg,
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
netdev_connect_failed,
netdev, NULL);
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
break;
case NL80211_IFTYPE_AP:
msg = netdev_build_cmd_del_station(netdev, nhs->super.spa,
reason_code, false);
if (!l_genl_family_send(nl80211, msg, NULL, NULL, NULL))
l_error("error sending DEL_STATION");
}
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
}
static void netdev_set_station_cb(struct l_genl_msg *msg, void *user_data)
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs = user_data;
struct netdev *netdev = nhs->netdev;
netdev: Ignore CMD_SET_STATION errors Certain WiFi drivers do not support using CMD_SET_STATION (e.g. mwifiex). It is not completely clear how such drivers handle the AUTHORIZED state, but they don't seem to take it into account. So for such drivers, ignore the -ENOTSUPP error return from CMD_SET_STATION.
2017-05-30 23:55:56 +02:00
int err;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->set_station_cmd_id = 0;
netdev: Track the id of the SET_STATION netlink command This way we make sure it gets cancelled any sort of connect abort of netdev removal and don't leak the message on error.
2017-10-21 01:27:21 +02:00
netdev: choose correct address on NEW_KEY/SET_STATION With the introduction of Ad-Hoc, its not as simple as choosing aa/spa addresses when setting the keys. Since Ad-Hoc acts as both the authenticator and supplicant we must check how the netdev address relates to the particular handshake object as well as choose the correct key depending on the value of the AA/SPA address. 802.11 states that the higher of the two addresses is to be used to set the key for the Ad-Hoc connection. A simple helper was added to choose the correct addressed based on netdev type and handshake state. netdev_set_tk also checks that aa > spa in the handshake object when in Ad-Hoc mode. If this is true then the keys from that handshake are used, otherwise return and the other handshake key will be used (aa will be > spa). The station/ap mode behaves exactly the same as before.
2018-07-17 00:29:18 +02:00
if (netdev->type == NL80211_IFTYPE_STATION && !netdev->connected)
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
return;
netdev: Ignore CMD_SET_STATION errors Certain WiFi drivers do not support using CMD_SET_STATION (e.g. mwifiex). It is not completely clear how such drivers handle the AUTHORIZED state, but they don't seem to take it into account. So for such drivers, ignore the -ENOTSUPP error return from CMD_SET_STATION.
2017-05-30 23:55:56 +02:00
err = l_genl_msg_get_error(msg);
if (err == -ENOTSUPP)
goto done;
if (err < 0) {
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
l_error("Set Station failed for ifindex %d", netdev->index);
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
netdev_setting_keys_failed(nhs,
mpdu: Refactor mpdu structs Refactor management frame structures to take into account optional presence of some parts of the header: * drop the single structure for management header and body since the body offset is variable. * add mmpdu_get_body to locate the start of frame body. * drop the union of different management frame type bodies. * prefix names specific to management frames with "mmpdu" instead of "mpdu" including any enums based on 802.11-2012 section 8.4. * move the FC field to the mmpdu_header structure.
2017-08-31 04:04:41 +02:00
MMPDU_REASON_CODE_UNSPECIFIED);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
return;
}
handshake: remove handshake related netdev events Handshake related netdev events were removed in favor of handshake events. Now events will be emitted on the handshake object related to the 4-way handshake and key settings. Events are: HANDSHAKE_EVENT_STARTED HANDSHAKE_EVENT_SETTING_KEYS HANDSHAKE_EVENT_COMPLETE HANDSHAKE_EVENT_FAILED Right now, since netdev only operates in station mode, nothing listens for COMPLETE/FAILED, as device/wsc gets notified by the connect_cb when the connection was successful. The COMPLETE/ FAILED were added in preperation for AP moving into eapol/netdev.
2018-06-22 20:13:27 +02:00
handshake_event(&nhs->super, HANDSHAKE_EVENT_COMPLETE, NULL);
netdev: Ignore CMD_SET_STATION errors Certain WiFi drivers do not support using CMD_SET_STATION (e.g. mwifiex). It is not completely clear how such drivers handle the AUTHORIZED state, but they don't seem to take it into account. So for such drivers, ignore the -ENOTSUPP error return from CMD_SET_STATION.
2017-05-30 23:55:56 +02:00
done:
netdev: On connect success don't wait for netdev_operstate_cb Send the link_mode and operstate RTNL command in parallel with the connect Ok event, don't wait for the RTNL callback as it's non-critical.
2017-05-30 14:26:19 +02:00
netdev_connect_ok(netdev);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
}
static void netdev_new_group_key_cb(struct l_genl_msg *msg, void *data)
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs = data;
struct netdev *netdev = nhs->netdev;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->group_new_key_cmd_id = 0;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
netdev: Send SET STATION in pairwise key callback When the 4-Way Handshake is done eapol.c calls netdev_set_tk, then optionally netdev_set_gtk and netdev_set_igtk. To support the no group key option send the final SET STATION enabling the controlled port inside the callback for the netdev_set_tk operation which always means the end of a 4-Way Handshake rather than in the netdev_set_gtk callback. The spec says exactly that the controlled port is enabled at the end of the 4-Way Handshake. The netlink operations will still be queued in the same order because the netdev_set_tk/netdev_set_gtk/netdev_set_igtk calls happen in one main loop iteration but even if the order changed it wouldn't matter. On failure of any of the three operations netdev_setting_keys_failed gets called and the remaining operations are cancelled.
2017-10-21 01:27:20 +02:00
if (l_genl_msg_get_error(msg) >= 0)
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
return;
netdev: Send SET STATION in pairwise key callback When the 4-Way Handshake is done eapol.c calls netdev_set_tk, then optionally netdev_set_gtk and netdev_set_igtk. To support the no group key option send the final SET STATION enabling the controlled port inside the callback for the netdev_set_tk operation which always means the end of a 4-Way Handshake rather than in the netdev_set_gtk callback. The spec says exactly that the controlled port is enabled at the end of the 4-Way Handshake. The netlink operations will still be queued in the same order because the netdev_set_tk/netdev_set_gtk/netdev_set_igtk calls happen in one main loop iteration but even if the order changed it wouldn't matter. On failure of any of the three operations netdev_setting_keys_failed gets called and the remaining operations are cancelled.
2017-10-21 01:27:20 +02:00
l_error("New Key for Group Key failed for ifindex: %d", netdev->index);
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
netdev_setting_keys_failed(nhs, MMPDU_REASON_CODE_UNSPECIFIED);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
}
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
static void netdev_new_group_management_key_cb(struct l_genl_msg *msg,
void *data)
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs = data;
struct netdev *netdev = nhs->netdev;
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->group_management_new_key_cmd_id = 0;
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
if (l_genl_msg_get_error(msg) < 0) {
l_error("New Key for Group Mgmt failed for ifindex: %d",
netdev->index);
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
netdev_setting_keys_failed(nhs, MMPDU_REASON_CODE_UNSPECIFIED);
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
}
}
netdev: refactored code to prep for AP code Added several helpers for code that will be reused by AP
2018-06-20 20:05:13 +02:00
static bool netdev_copy_tk(uint8_t *tk_buf, const uint8_t *tk,
uint32_t cipher, bool authenticator)
{
switch (cipher) {
case CRYPTO_CIPHER_CCMP:
/*
* 802.11-2016 12.8.3 Mapping PTK to CCMP keys:
* "A STA shall use the temporal key as the CCMP key
* for MPDUs between the two communicating STAs."
*/
memcpy(tk_buf, tk, 16);
break;
case CRYPTO_CIPHER_TKIP:
/*
* 802.11-2016 12.8.1 Mapping PTK to TKIP keys:
* "A STA shall use bits 0-127 of the temporal key as its
* input to the TKIP Phase 1 and Phase 2 mixing functions.
*
* A STA shall use bits 128-191 of the temporal key as
* the michael key for MSDUs from the Authenticator's STA
* to the Supplicant's STA.
*
* A STA shall use bits 192-255 of the temporal key as
* the michael key for MSDUs from the Supplicant's STA
* to the Authenticator's STA."
*/
if (authenticator) {
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_ENCR_KEY,
tk, 16);
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY,
tk + 16, 8);
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY,
tk + 24, 8);
} else {
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_ENCR_KEY,
tk, 16);
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY,
tk + 16, 8);
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY,
tk + 24, 8);
}
break;
default:
l_error("Unexpected cipher: %x", cipher);
return false;
}
return true;
}
netdev: simplify netdev_choose_key_address The key address can be chosen regardless of iftype. The deciding factor is the authenticator bit in the handshake.
2018-10-06 01:03:12 +02:00
static const uint8_t *netdev_choose_key_address(
struct netdev_handshake_state *nhs)
{
return (nhs->super.authenticator) ? nhs->super.spa : nhs->super.aa;
}
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
static void netdev_set_gtk(struct handshake_state *hs, uint8_t key_index,
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
const uint8_t *gtk, uint8_t gtk_len,
const uint8_t *rsc, uint8_t rsc_len,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
uint32_t cipher)
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs =
container_of(hs, struct netdev_handshake_state, super);
struct netdev *netdev = nhs->netdev;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
uint8_t gtk_buf[32];
struct l_genl_msg *msg;
nl80211: support per-mac GTK on _new_key_group AdHoc will require a per-mac GTK to be set. For this reason nl80211_build_new_key_group has been updated to optionally take a MAC address.
2018-10-08 22:44:12 +02:00
const uint8_t *addr = (netdev->type == NL80211_IFTYPE_ADHOC) ?
nhs->super.aa : NULL;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
l_debug("%d", netdev->index);
netdev: Check GTK / IGTK buffer length before memcpying from it Move key length checks in netdev_set_gtk/netdev_set_igtk to before we memcpy from the buffer.
2017-01-31 03:42:54 +01:00
if (crypto_cipher_key_len(cipher) != gtk_len) {
l_error("Unexpected key length: %d", gtk_len);
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
netdev_setting_keys_failed(nhs,
mpdu: Refactor mpdu structs Refactor management frame structures to take into account optional presence of some parts of the header: * drop the single structure for management header and body since the body offset is variable. * add mmpdu_get_body to locate the start of frame body. * drop the union of different management frame type bodies. * prefix names specific to management frames with "mmpdu" instead of "mpdu" including any enums based on 802.11-2012 section 8.4. * move the FC field to the mmpdu_header structure.
2017-08-31 04:04:41 +02:00
MMPDU_REASON_CODE_INVALID_GROUP_CIPHER);
netdev: Check GTK / IGTK buffer length before memcpying from it Move key length checks in netdev_set_gtk/netdev_set_igtk to before we memcpy from the buffer.
2017-01-31 03:42:54 +01:00
return;
}
netdev: refactored code to prep for AP code Added several helpers for code that will be reused by AP
2018-06-20 20:05:13 +02:00
if (!netdev_copy_tk(gtk_buf, gtk, cipher, false)) {
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
netdev_setting_keys_failed(nhs,
mpdu: Refactor mpdu structs Refactor management frame structures to take into account optional presence of some parts of the header: * drop the single structure for management header and body since the body offset is variable. * add mmpdu_get_body to locate the start of frame body. * drop the union of different management frame type bodies. * prefix names specific to management frames with "mmpdu" instead of "mpdu" including any enums based on 802.11-2012 section 8.4. * move the FC field to the mmpdu_header structure.
2017-08-31 04:04:41 +02:00
MMPDU_REASON_CODE_INVALID_GROUP_CIPHER);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
return;
}
nl80211: introduce nl80211 utility API's Netdev/AP share several NL80211 commands and each has their own builder API's. These were moved into a common file nl80211_util.[ch]. A helper was added to AP for building NEW_STATION to make the associate callback look cleaner (rather than manually building NEW_STATION).
2018-10-08 22:44:09 +02:00
msg = nl80211_build_new_key_group(netdev->index, cipher, key_index,
nl80211: support per-mac GTK on _new_key_group AdHoc will require a per-mac GTK to be set. For this reason nl80211_build_new_key_group has been updated to optionally take a MAC address.
2018-10-08 22:44:12 +02:00
gtk_buf, gtk_len, rsc, rsc_len, addr);
nl80211: introduce nl80211 utility API's Netdev/AP share several NL80211 commands and each has their own builder API's. These were moved into a common file nl80211_util.[ch]. A helper was added to AP for building NEW_STATION to make the associate callback look cleaner (rather than manually building NEW_STATION).
2018-10-08 22:44:09 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->group_new_key_cmd_id =
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
l_genl_family_send(nl80211, msg, netdev_new_group_key_cb,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs, NULL);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
if (nhs->group_new_key_cmd_id > 0)
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
return;
l_genl_msg_unref(msg);
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
netdev_setting_keys_failed(nhs, MMPDU_REASON_CODE_UNSPECIFIED);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
}
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
static void netdev_set_igtk(struct handshake_state *hs, uint8_t key_index,
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
const uint8_t *igtk, uint8_t igtk_len,
const uint8_t *ipn, uint8_t ipn_len,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
uint32_t cipher)
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs =
container_of(hs, struct netdev_handshake_state, super);
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
uint8_t igtk_buf[16];
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev *netdev = nhs->netdev;
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
struct l_genl_msg *msg;
l_debug("%d", netdev->index);
netdev: Check GTK / IGTK buffer length before memcpying from it Move key length checks in netdev_set_gtk/netdev_set_igtk to before we memcpy from the buffer.
2017-01-31 03:42:54 +01:00
if (crypto_cipher_key_len(cipher) != igtk_len) {
l_error("Unexpected key length: %d", igtk_len);
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
netdev_setting_keys_failed(nhs,
mpdu: Refactor mpdu structs Refactor management frame structures to take into account optional presence of some parts of the header: * drop the single structure for management header and body since the body offset is variable. * add mmpdu_get_body to locate the start of frame body. * drop the union of different management frame type bodies. * prefix names specific to management frames with "mmpdu" instead of "mpdu" including any enums based on 802.11-2012 section 8.4. * move the FC field to the mmpdu_header structure.
2017-08-31 04:04:41 +02:00
MMPDU_REASON_CODE_INVALID_GROUP_CIPHER);
netdev: Check GTK / IGTK buffer length before memcpying from it Move key length checks in netdev_set_gtk/netdev_set_igtk to before we memcpy from the buffer.
2017-01-31 03:42:54 +01:00
return;
}
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
switch (cipher) {
case CRYPTO_CIPHER_BIP:
memcpy(igtk_buf, igtk, 16);
break;
default:
l_error("Unexpected cipher: %x", cipher);
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
netdev_setting_keys_failed(nhs,
mpdu: Refactor mpdu structs Refactor management frame structures to take into account optional presence of some parts of the header: * drop the single structure for management header and body since the body offset is variable. * add mmpdu_get_body to locate the start of frame body. * drop the union of different management frame type bodies. * prefix names specific to management frames with "mmpdu" instead of "mpdu" including any enums based on 802.11-2012 section 8.4. * move the FC field to the mmpdu_header structure.
2017-08-31 04:04:41 +02:00
MMPDU_REASON_CODE_INVALID_GROUP_CIPHER);
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
return;
}
nl80211: introduce nl80211 utility API's Netdev/AP share several NL80211 commands and each has their own builder API's. These were moved into a common file nl80211_util.[ch]. A helper was added to AP for building NEW_STATION to make the associate callback look cleaner (rather than manually building NEW_STATION).
2018-10-08 22:44:09 +02:00
msg = nl80211_build_new_key_group(netdev->index, cipher, key_index,
nl80211: support per-mac GTK on _new_key_group AdHoc will require a per-mac GTK to be set. For this reason nl80211_build_new_key_group has been updated to optionally take a MAC address.
2018-10-08 22:44:12 +02:00
igtk_buf, igtk_len, ipn, ipn_len, NULL);
nl80211: introduce nl80211 utility API's Netdev/AP share several NL80211 commands and each has their own builder API's. These were moved into a common file nl80211_util.[ch]. A helper was added to AP for building NEW_STATION to make the associate callback look cleaner (rather than manually building NEW_STATION).
2018-10-08 22:44:09 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->group_management_new_key_cmd_id =
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
l_genl_family_send(nl80211, msg,
netdev_new_group_management_key_cb,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs, NULL);
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
if (nhs->group_management_new_key_cmd_id > 0)
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
return;
l_genl_msg_unref(msg);
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
netdev_setting_keys_failed(nhs, MMPDU_REASON_CODE_UNSPECIFIED);
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
}
netdev: Remove un-needed pairwise set_key call This seems to be no longer needed as the kernel looks up the key by the sta specific key index.
2018-06-22 02:32:54 +02:00
static void netdev_new_pairwise_key_cb(struct l_genl_msg *msg, void *data)
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs = data;
struct netdev *netdev = nhs->netdev;
netdev: choose correct address on NEW_KEY/SET_STATION With the introduction of Ad-Hoc, its not as simple as choosing aa/spa addresses when setting the keys. Since Ad-Hoc acts as both the authenticator and supplicant we must check how the netdev address relates to the particular handshake object as well as choose the correct key depending on the value of the AA/SPA address. 802.11 states that the higher of the two addresses is to be used to set the key for the Ad-Hoc connection. A simple helper was added to choose the correct addressed based on netdev type and handshake state. netdev_set_tk also checks that aa > spa in the handshake object when in Ad-Hoc mode. If this is true then the keys from that handshake are used, otherwise return and the other handshake key will be used (aa will be > spa). The station/ap mode behaves exactly the same as before.
2018-07-17 00:29:18 +02:00
const uint8_t *addr = netdev_choose_key_address(nhs);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->pairwise_new_key_cmd_id = 0;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
netdev: Send SET STATION in pairwise key callback When the 4-Way Handshake is done eapol.c calls netdev_set_tk, then optionally netdev_set_gtk and netdev_set_igtk. To support the no group key option send the final SET STATION enabling the controlled port inside the callback for the netdev_set_tk operation which always means the end of a 4-Way Handshake rather than in the netdev_set_gtk callback. The spec says exactly that the controlled port is enabled at the end of the 4-Way Handshake. The netlink operations will still be queued in the same order because the netdev_set_tk/netdev_set_gtk/netdev_set_igtk calls happen in one main loop iteration but even if the order changed it wouldn't matter. On failure of any of the three operations netdev_setting_keys_failed gets called and the remaining operations are cancelled.
2017-10-21 01:27:20 +02:00
if (l_genl_msg_get_error(msg) < 0) {
netdev: Remove un-needed pairwise set_key call This seems to be no longer needed as the kernel looks up the key by the sta specific key index.
2018-06-22 02:32:54 +02:00
l_error("New Key for Pairwise Key failed for ifindex: %d",
netdev->index);
netdev: Send SET STATION in pairwise key callback When the 4-Way Handshake is done eapol.c calls netdev_set_tk, then optionally netdev_set_gtk and netdev_set_igtk. To support the no group key option send the final SET STATION enabling the controlled port inside the callback for the netdev_set_tk operation which always means the end of a 4-Way Handshake rather than in the netdev_set_gtk callback. The spec says exactly that the controlled port is enabled at the end of the 4-Way Handshake. The netlink operations will still be queued in the same order because the netdev_set_tk/netdev_set_gtk/netdev_set_igtk calls happen in one main loop iteration but even if the order changed it wouldn't matter. On failure of any of the three operations netdev_setting_keys_failed gets called and the remaining operations are cancelled.
2017-10-21 01:27:20 +02:00
goto error;
}
netdev: Make sure we send SET_STATION after FT Make sure that we set the AUTHORIZED sta flag after an FT in netdev_set_pairwise_key_cb, I broke this in a03839f8efa080ec13e0eca5b0c6f142984deb45.
2018-01-15 14:31:22 +01:00
/*
* Set the AUTHORIZED flag using a SET_STATION command even if
* we're already operational, it will not hurt during re-keying
* and is necessary after an FT.
*/
nl80211: introduce nl80211 utility API's Netdev/AP share several NL80211 commands and each has their own builder API's. These were moved into a common file nl80211_util.[ch]. A helper was added to AP for building NEW_STATION to make the associate callback look cleaner (rather than manually building NEW_STATION).
2018-10-08 22:44:09 +02:00
msg = nl80211_build_set_station_authorized(netdev->index, addr);
netdev: Send SET STATION in pairwise key callback When the 4-Way Handshake is done eapol.c calls netdev_set_tk, then optionally netdev_set_gtk and netdev_set_igtk. To support the no group key option send the final SET STATION enabling the controlled port inside the callback for the netdev_set_tk operation which always means the end of a 4-Way Handshake rather than in the netdev_set_gtk callback. The spec says exactly that the controlled port is enabled at the end of the 4-Way Handshake. The netlink operations will still be queued in the same order because the netdev_set_tk/netdev_set_gtk/netdev_set_igtk calls happen in one main loop iteration but even if the order changed it wouldn't matter. On failure of any of the three operations netdev_setting_keys_failed gets called and the remaining operations are cancelled.
2017-10-21 01:27:20 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->set_station_cmd_id =
netdev: Track the id of the SET_STATION netlink command This way we make sure it gets cancelled any sort of connect abort of netdev removal and don't leak the message on error.
2017-10-21 01:27:21 +02:00
l_genl_family_send(nl80211, msg, netdev_set_station_cb,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs, NULL);
if (nhs->set_station_cmd_id > 0)
netdev: Track the id of the SET_STATION netlink command This way we make sure it gets cancelled any sort of connect abort of netdev removal and don't leak the message on error.
2017-10-21 01:27:21 +02:00
return;
netdev: Send SET STATION in pairwise key callback When the 4-Way Handshake is done eapol.c calls netdev_set_tk, then optionally netdev_set_gtk and netdev_set_igtk. To support the no group key option send the final SET STATION enabling the controlled port inside the callback for the netdev_set_tk operation which always means the end of a 4-Way Handshake rather than in the netdev_set_gtk callback. The spec says exactly that the controlled port is enabled at the end of the 4-Way Handshake. The netlink operations will still be queued in the same order because the netdev_set_tk/netdev_set_gtk/netdev_set_igtk calls happen in one main loop iteration but even if the order changed it wouldn't matter. On failure of any of the three operations netdev_setting_keys_failed gets called and the remaining operations are cancelled.
2017-10-21 01:27:20 +02:00
netdev: Track the id of the SET_STATION netlink command This way we make sure it gets cancelled any sort of connect abort of netdev removal and don't leak the message on error.
2017-10-21 01:27:21 +02:00
l_genl_msg_unref(msg);
netdev: Send SET STATION in pairwise key callback When the 4-Way Handshake is done eapol.c calls netdev_set_tk, then optionally netdev_set_gtk and netdev_set_igtk. To support the no group key option send the final SET STATION enabling the controlled port inside the callback for the netdev_set_tk operation which always means the end of a 4-Way Handshake rather than in the netdev_set_gtk callback. The spec says exactly that the controlled port is enabled at the end of the 4-Way Handshake. The netlink operations will still be queued in the same order because the netdev_set_tk/netdev_set_gtk/netdev_set_igtk calls happen in one main loop iteration but even if the order changed it wouldn't matter. On failure of any of the three operations netdev_setting_keys_failed gets called and the remaining operations are cancelled.
2017-10-21 01:27:20 +02:00
error:
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
netdev_setting_keys_failed(nhs, MMPDU_REASON_CODE_UNSPECIFIED);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
}
static struct l_genl_msg *netdev_build_cmd_new_key_pairwise(
struct netdev *netdev,
uint32_t cipher,
const uint8_t *aa,
const uint8_t *tk,
size_t tk_len)
{
uint8_t key_id = 0;
struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_NEW_KEY, 512);
l_genl_msg_append_attr(msg, NL80211_ATTR_KEY_DATA, tk_len, tk);
l_genl_msg_append_attr(msg, NL80211_ATTR_KEY_CIPHER, 4, &cipher);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, aa);
l_genl_msg_append_attr(msg, NL80211_ATTR_KEY_IDX, 1, &key_id);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
return msg;
}
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
static void netdev_set_tk(struct handshake_state *hs,
const uint8_t *tk, uint32_t cipher)
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs =
container_of(hs, struct netdev_handshake_state, super);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
uint8_t tk_buf[32];
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev *netdev = nhs->netdev;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
struct l_genl_msg *msg;
netdev: refactored code to prep for AP code Added several helpers for code that will be reused by AP
2018-06-20 20:05:13 +02:00
enum mmpdu_reason_code rc;
netdev: choose correct address on NEW_KEY/SET_STATION With the introduction of Ad-Hoc, its not as simple as choosing aa/spa addresses when setting the keys. Since Ad-Hoc acts as both the authenticator and supplicant we must check how the netdev address relates to the particular handshake object as well as choose the correct key depending on the value of the AA/SPA address. 802.11 states that the higher of the two addresses is to be used to set the key for the Ad-Hoc connection. A simple helper was added to choose the correct addressed based on netdev type and handshake state. netdev_set_tk also checks that aa > spa in the handshake object when in Ad-Hoc mode. If this is true then the keys from that handshake are used, otherwise return and the other handshake key will be used (aa will be > spa). The station/ap mode behaves exactly the same as before.
2018-07-17 00:29:18 +02:00
const uint8_t *addr = netdev_choose_key_address(nhs);
/*
* 802.11 Section 4.10.4.3:
* Because in an IBSS there are two 4-way handshakes between
* any two Supplicants and Authenticators, the pairwise key used
* between any two STAs is from the 4-way handshake initiated
* by the STA Authenticator with the higher MAC address...
*/
if (netdev->type == NL80211_IFTYPE_ADHOC &&
memcmp(nhs->super.aa, nhs->super.spa, 6) < 0)
return;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
l_debug("%d", netdev->index);
netdev: refactored code to prep for AP code Added several helpers for code that will be reused by AP
2018-06-20 20:05:13 +02:00
rc = MMPDU_REASON_CODE_INVALID_PAIRWISE_CIPHER;
if (!netdev_copy_tk(tk_buf, tk, cipher, false))
goto invalid_key;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
netdev: refactored code to prep for AP code Added several helpers for code that will be reused by AP
2018-06-20 20:05:13 +02:00
rc = MMPDU_REASON_CODE_UNSPECIFIED;
netdev: added checks for station/ap iftype These checks allow both a station and authenticator to use the same netdev key install functions. For NEW_KEY and SET_STATION, the iftype is checked and either handshake->aa or ->spa is used as the station address for the KEY/STATION commands. Also, in the failure cases, a disconnect command is issued only if the iftype is station as this doesn't apply to AP.
2018-06-22 20:13:28 +02:00
msg = netdev_build_cmd_new_key_pairwise(netdev, cipher, addr, tk_buf,
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
crypto_cipher_key_len(cipher));
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->pairwise_new_key_cmd_id =
netdev: Remove un-needed pairwise set_key call This seems to be no longer needed as the kernel looks up the key by the sta specific key index.
2018-06-22 02:32:54 +02:00
l_genl_family_send(nl80211, msg, netdev_new_pairwise_key_cb,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs, NULL);
if (nhs->pairwise_new_key_cmd_id > 0)
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
return;
l_genl_msg_unref(msg);
netdev: refactored code to prep for AP code Added several helpers for code that will be reused by AP
2018-06-20 20:05:13 +02:00
invalid_key:
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
netdev_setting_keys_failed(nhs, rc);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
}
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
void netdev_handshake_failed(struct handshake_state *hs, uint16_t reason_code)
wiphy: Move handshake_failed handler out of wiphy.c
2016-06-16 18:35:45 +02:00
{
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
struct netdev_handshake_state *nhs =
container_of(hs, struct netdev_handshake_state, super);
struct netdev *netdev = nhs->netdev;
wiphy: Move handshake_failed handler out of wiphy.c
2016-06-16 18:35:45 +02:00
struct l_genl_msg *msg;
netdev: Print handshake failure reason code
2018-05-02 00:05:42 +02:00
l_error("4-Way handshake failed for ifindex: %d, reason: %u",
netdev/eapol: removed eapol deauthenticate This removes the need for the eapol/netdev deauthenticate function. netdev_handshake_failed was exposed so device.c could issue the disconnect.
2018-06-27 23:08:24 +02:00
netdev->index, reason_code);
wiphy: Move handshake_failed handler out of wiphy.c
2016-06-16 18:35:45 +02:00
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
netdev->sm = NULL;
netdev: Properly cleanup removed interfaces
2016-07-20 00:45:48 +02:00
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
netdev->result = NETDEV_RESULT_HANDSHAKE_FAILED;
netdev: added checks for station/ap iftype These checks allow both a station and authenticator to use the same netdev key install functions. For NEW_KEY and SET_STATION, the iftype is checked and either handshake->aa or ->spa is used as the station address for the KEY/STATION commands. Also, in the failure cases, a disconnect command is issued only if the iftype is station as this doesn't apply to AP.
2018-06-22 20:13:28 +02:00
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
switch (netdev->type) {
case NL80211_IFTYPE_STATION:
msg = netdev_build_cmd_disconnect(netdev, reason_code);
netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg,
netdev_connect_failed,
netdev, NULL);
break;
case NL80211_IFTYPE_AP:
msg = netdev_build_cmd_del_station(netdev, nhs->super.spa,
reason_code, false);
if (!l_genl_family_send(nl80211, msg, NULL, NULL, NULL))
l_error("error sending DEL_STATION");
}
wiphy: Move handshake_failed handler out of wiphy.c
2016-06-16 18:35:45 +02:00
}
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
static void hardware_rekey_cb(struct l_genl_msg *msg, void *data)
{
struct netdev *netdev = data;
int err;
err = l_genl_msg_get_error(msg);
if (err < 0) {
if (err == -EOPNOTSUPP) {
l_error("hardware_rekey not supported");
netdev->rekey_offload_support = false;
}
}
}
static struct l_genl_msg *netdev_build_cmd_replay_counter(struct netdev *netdev,
const uint8_t *kek,
const uint8_t *kck,
uint64_t replay_ctr)
{
struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_SET_REKEY_OFFLOAD, 512);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_enter_nested(msg, NL80211_ATTR_REKEY_DATA);
l_genl_msg_append_attr(msg, NL80211_REKEY_DATA_KEK,
NL80211_KEK_LEN, kek);
l_genl_msg_append_attr(msg, NL80211_REKEY_DATA_KCK,
NL80211_KCK_LEN, kck);
l_genl_msg_append_attr(msg, NL80211_REKEY_DATA_REPLAY_CTR,
NL80211_REPLAY_CTR_LEN, &replay_ctr);
l_genl_msg_leave_nested(msg);
return msg;
}
static void netdev_set_rekey_offload(uint32_t ifindex,
const uint8_t *kek,
const uint8_t *kck,
uint64_t replay_counter,
void *user_data)
{
struct netdev *netdev;
struct l_genl_msg *msg;
netdev = netdev_find(ifindex);
if (!netdev)
return;
netdev: added checks for station/ap iftype These checks allow both a station and authenticator to use the same netdev key install functions. For NEW_KEY and SET_STATION, the iftype is checked and either handshake->aa or ->spa is used as the station address for the KEY/STATION commands. Also, in the failure cases, a disconnect command is issued only if the iftype is station as this doesn't apply to AP.
2018-06-22 20:13:28 +02:00
if (netdev->type != NL80211_IFTYPE_STATION)
return;
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
if (!netdev->rekey_offload_support)
return;
l_debug("%d", netdev->index);
msg = netdev_build_cmd_replay_counter(netdev, kek, kck,
replay_counter);
l_genl_family_send(nl80211, msg, hardware_rekey_cb, netdev, NULL);
}
netdev: Handle the FT Reassociation Response message Validate the fourth message of the fast transition sequence and save the new keys and state as current values in the netdev object. The FT-specific IE validation that was already present in the initial MD is moved to a new function.
2017-01-12 09:36:02 +01:00
/*
* Handle the Association Response IE contents either as part of an
* FT initial Mobility Domain association (12.4) or a Fast Transition
* (12.8.5).
*/
static bool netdev_handle_associate_resp_ies(struct handshake_state *hs,
const uint8_t *rsne, const uint8_t *mde,
const uint8_t *fte, bool transition)
{
const uint8_t *sent_mde = hs->mde;
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
bool is_rsn = hs->supplicant_ie != NULL;
netdev: Handle the FT Reassociation Response message Validate the fourth message of the fast transition sequence and save the new keys and state as current values in the netdev object. The FT-specific IE validation that was already present in the initial MD is moved to a new function.
2017-01-12 09:36:02 +01:00
/*
* During a transition in an RSN, check for an RSNE containing the
* PMK-R1-Name and the remaining fields same as in the advertised
* RSNE.
*
* 12.8.5: "The RSNE shall be present only if dot11RSNAActivated is
* true. If present, the RSNE shall be set as follows:
* Version field shall be set to 1.
* PMKID Count field shall be set to 1.
* PMKID field shall contain the PMKR1Name
* All other fields shall be identical to the contents of the RSNE
* advertised by the target AP in Beacon and Probe Response frames."
*/
if (transition && is_rsn) {
struct ie_rsn_info msg4_rsne;
if (!rsne)
return false;
if (ie_parse_rsne_from_data(rsne, rsne[1] + 2,
&msg4_rsne) < 0)
return false;
if (msg4_rsne.num_pmkids != 1 ||
memcmp(msg4_rsne.pmkids, hs->pmk_r1_name, 16))
return false;
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
if (!handshake_util_ap_ie_matches(rsne, hs->authenticator_ie,
false))
netdev: Handle the FT Reassociation Response message Validate the fourth message of the fast transition sequence and save the new keys and state as current values in the netdev object. The FT-specific IE validation that was already present in the initial MD is moved to a new function.
2017-01-12 09:36:02 +01:00
return false;
} else {
if (rsne)
return false;
}
/* An MD IE identical to the one we sent must be present */
if (sent_mde && (!mde || memcmp(sent_mde, mde, sent_mde[1] + 2)))
return false;
/*
* An FT IE is required in an initial mobility domain
* association and re-associations in an RSN but not present
* in a non-RSN (12.4.2 vs. 12.4.3).
*/
if (sent_mde && is_rsn && !fte)
return false;
if (!(sent_mde && is_rsn) && fte)
return false;
if (fte) {
struct ie_ft_info ft_info;
if (ie_parse_fast_bss_transition_from_data(fte, fte[1] + 2,
&ft_info) < 0)
return false;
/* Validate the FTE contents */
if (transition) {
/*
* In an RSN, check for an FT IE with the same
* R0KH-ID, R1KH-ID, ANonce and SNonce that we
* received in message 2, MIC Element Count
* of 6 and the correct MIC.
*/
uint8_t mic[16];
if (!ft_calculate_fte_mic(hs, 6, rsne, fte, NULL, mic))
return false;
if (ft_info.mic_element_count != 3 ||
memcmp(ft_info.mic, mic, 16))
return false;
if (hs->r0khid_len != ft_info.r0khid_len ||
memcmp(hs->r0khid, ft_info.r0khid,
hs->r0khid_len) ||
!ft_info.r1khid_present ||
memcmp(hs->r1khid, ft_info.r1khid, 6))
return false;
if (memcmp(ft_info.anonce, hs->anonce, 32))
return false;
if (memcmp(ft_info.snonce, hs->snonce, 32))
return false;
netdev: Handle the GTK & IGTK received in a FT Parse the GTK and IGTK FT subelements and set the keys through netlink.
2017-02-01 11:58:41 +01:00
if (ft_info.gtk_len) {
uint8_t gtk[32];
if (!handshake_decode_fte_key(hs, ft_info.gtk,
ft_info.gtk_len,
gtk))
return false;
if (ft_info.gtk_rsc[6] != 0x00 ||
ft_info.gtk_rsc[7] != 0x00)
return false;
handshake_state_install_gtk(hs,
ft_info.gtk_key_id,
gtk, ft_info.gtk_len,
ft_info.gtk_rsc, 6);
}
if (ft_info.igtk_len) {
uint8_t igtk[16];
if (!handshake_decode_fte_key(hs, ft_info.igtk,
ft_info.igtk_len, igtk))
return false;
handshake_state_install_igtk(hs,
ft_info.igtk_key_id,
igtk, ft_info.igtk_len,
ft_info.igtk_ipn);
}
netdev: Handle the FT Reassociation Response message Validate the fourth message of the fast transition sequence and save the new keys and state as current values in the netdev object. The FT-specific IE validation that was already present in the initial MD is moved to a new function.
2017-01-12 09:36:02 +01:00
} else {
/* Initial MD association */
uint8_t zeros[32] = {};
handshake_state_set_fte(hs, fte);
/*
* 12.4.2: "The FTE shall have a MIC information
* element count of zero (i.e., no MIC present)
* and have ANonce, SNonce, and MIC fields set to 0."
*/
if (ft_info.mic_element_count != 0 ||
memcmp(ft_info.mic, zeros, 16) ||
memcmp(ft_info.anonce, zeros, 32) ||
memcmp(ft_info.snonce, zeros, 32))
return false;
handshake_state_set_kh_ids(hs, ft_info.r0khid,
ft_info.r0khid_len,
ft_info.r1khid);
}
}
return true;
}
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
static void netdev_connect_event(struct l_genl_msg *msg,
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
struct netdev *netdev)
{
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
const uint16_t *status_code = NULL;
netdev: FT version of association messages If an MD IE is supplied to netdev_connect, pass that MD IE in the associate request, then validate and handle the MD IE and FT IE in the associate response from AP.
2016-11-02 23:46:16 +01:00
const uint8_t *ies = NULL;
size_t ies_len;
netdev: Handle the FT Reassociation Response message Validate the fourth message of the fast transition sequence and save the new keys and state as current values in the netdev object. The FT-specific IE validation that was already present in the initial MD is moved to a new function.
2017-01-12 09:36:02 +01:00
const uint8_t *rsne = NULL;
const uint8_t *mde = NULL;
const uint8_t *fte = NULL;
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
l_debug("");
netdev: Add sanity checks In the case we get a connect or authenticate event, make sure we're actually trying to connect. Otherwise, it could be another supplicant is running
2017-03-24 17:44:26 +01:00
if (!netdev->connected) {
l_warn("Unexpected connection related event -- "
"is another supplicant running?");
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
return;
netdev: Add sanity checks In the case we get a connect or authenticate event, make sure we're actually trying to connect. Otherwise, it could be another supplicant is running
2017-03-24 17:44:26 +01:00
}
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
if (!l_genl_attr_init(&attr, msg)) {
l_debug("attr init failed");
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
goto error;
}
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_TIMED_OUT:
l_warn("authentication timed out");
goto error;
case NL80211_ATTR_STATUS_CODE:
if (len == sizeof(uint16_t))
status_code = data;
break;
netdev: FT version of association messages If an MD IE is supplied to netdev_connect, pass that MD IE in the associate request, then validate and handle the MD IE and FT IE in the associate response from AP.
2016-11-02 23:46:16 +01:00
case NL80211_ATTR_RESP_IE:
ies = data;
ies_len = len;
break;
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
}
}
/* AP Rejected the authenticate / associate */
if (!status_code || *status_code != 0)
goto error;
netdev: FT version of association messages If an MD IE is supplied to netdev_connect, pass that MD IE in the associate request, then validate and handle the MD IE and FT IE in the associate response from AP.
2016-11-02 23:46:16 +01:00
/* Check 802.11r IEs */
if (ies) {
struct ie_tlv_iter iter;
ie_tlv_iter_init(&iter, ies, ies_len);
while (ie_tlv_iter_next(&iter)) {
switch (ie_tlv_iter_get_tag(&iter)) {
netdev: Handle the FT Reassociation Response message Validate the fourth message of the fast transition sequence and save the new keys and state as current values in the netdev object. The FT-specific IE validation that was already present in the initial MD is moved to a new function.
2017-01-12 09:36:02 +01:00
case IE_TYPE_RSN:
if (rsne)
goto error;
rsne = ie_tlv_iter_get_data(&iter) - 2;
break;
netdev: FT version of association messages If an MD IE is supplied to netdev_connect, pass that MD IE in the associate request, then validate and handle the MD IE and FT IE in the associate response from AP.
2016-11-02 23:46:16 +01:00
case IE_TYPE_MOBILITY_DOMAIN:
if (mde)
goto error;
mde = ie_tlv_iter_get_data(&iter) - 2;
break;
case IE_TYPE_FAST_BSS_TRANSITION:
if (fte)
goto error;
fte = ie_tlv_iter_get_data(&iter) - 2;
break;
}
}
}
netdev: Handle the FT Reassociation Response message Validate the fourth message of the fast transition sequence and save the new keys and state as current values in the netdev object. The FT-specific IE validation that was already present in the initial MD is moved to a new function.
2017-01-12 09:36:02 +01:00
if (!netdev_handle_associate_resp_ies(netdev->handshake, rsne, mde, fte,
netdev->in_ft))
goto error;
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
if (netdev->sm) {
eapol: Cache early EAPoL frames until ready to process Split eapol_start into two calls, one to register the state machine so that the PAE read handler knows not to discard frames for that ifindex, and eapol_start to actually start processing the frames. This is needed because, as per the comment in netdev.c, due to scheduling the PAE socket read handler may trigger before the CMD_CONNECT event handler, which needs to parse the FTE from the Associate Response frame and supply it to the eapol SM before it can do anything with the message 1 of 4 of the FT handshake. Another issue is that depending on the driver or timing, the underlying link might not be marked as 'ready' by the kernel. In this case, our response to Message 1 of the 4-way Handshake is written and accepted by the kernel, but gets dropped on the floor internally. Which leads to timeouts if the AP doesn't retransmit.
2016-10-04 05:48:08 +02:00
/*
* Start processing EAPoL frames now that the state machine
* has all the input data even in FT mode.
*/
netdev: fail early on unsuccessful eapol_start
2017-10-27 23:41:01 +02:00
if (!eapol_start(netdev->sm))
goto error;
netdev: Rework link_mode and operstate setting These flags are documented in RFC2863 and kernel's Documentation/networking/operstates.txt. Operstate doesn't have any siginificant effect on normal connectivity or on our autotests because it is not used by the kernel except in some rare cases but it is supposed to affect some userspace daemons that watch for RTM_NEWLINK events, so I believe we *should* set them according to this documentation. Changes: * There's no point setting link_mode or operstate of the netdev when we're bringing the admin state DOWN as that overrides operstate. * Instead of numerical values for link_mode use the if.h defines. * Set IF_OPER_UP when association succeeds also in the Fast Transition case. The driver will have set carrier off and then on so the operstate should be IF_OPER_DORMANT at this point and needs to be reset to UP.
2017-05-30 14:26:18 +02:00
handshake: remove handshake related netdev events Handshake related netdev events were removed in favor of handshake events. Now events will be emitted on the handshake object related to the 4-way handshake and key settings. Events are: HANDSHAKE_EVENT_STARTED HANDSHAKE_EVENT_SETTING_KEYS HANDSHAKE_EVENT_COMPLETE HANDSHAKE_EVENT_FAILED Right now, since netdev only operates in station mode, nothing listens for COMPLETE/FAILED, as device/wsc gets notified by the connect_cb when the connection was successful. The COMPLETE/ FAILED were added in preperation for AP moving into eapol/netdev.
2018-06-22 20:13:27 +02:00
if (!netdev->in_ft)
netdev: Rework link_mode and operstate setting These flags are documented in RFC2863 and kernel's Documentation/networking/operstates.txt. Operstate doesn't have any siginificant effect on normal connectivity or on our autotests because it is not used by the kernel except in some rare cases but it is supposed to affect some userspace daemons that watch for RTM_NEWLINK events, so I believe we *should* set them according to this documentation. Changes: * There's no point setting link_mode or operstate of the netdev when we're bringing the admin state DOWN as that overrides operstate. * Instead of numerical values for link_mode use the if.h defines. * Set IF_OPER_UP when association succeeds also in the Fast Transition case. The driver will have set carrier off and then on so the operstate should be IF_OPER_DORMANT at this point and needs to be reset to UP.
2017-05-30 14:26:18 +02:00
return;
netdev: Handle the FT Reassociation Response message Validate the fourth message of the fast transition sequence and save the new keys and state as current values in the netdev object. The FT-specific IE validation that was already present in the initial MD is moved to a new function.
2017-01-12 09:36:02 +01:00
}
if (netdev->in_ft) {
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
bool is_rsn = netdev->handshake->supplicant_ie != NULL;
netdev: Add sanity checks In the case we get a connect or authenticate event, make sure we're actually trying to connect. Otherwise, it could be another supplicant is running
2017-03-24 17:44:26 +01:00
netdev: Handle the FT Reassociation Response message Validate the fourth message of the fast transition sequence and save the new keys and state as current values in the netdev object. The FT-specific IE validation that was already present in the initial MD is moved to a new function.
2017-01-12 09:36:02 +01:00
netdev->in_ft = false;
eapol: Cache early EAPoL frames until ready to process Split eapol_start into two calls, one to register the state machine so that the PAE read handler knows not to discard frames for that ifindex, and eapol_start to actually start processing the frames. This is needed because, as per the comment in netdev.c, due to scheduling the PAE socket read handler may trigger before the CMD_CONNECT event handler, which needs to parse the FTE from the Associate Response frame and supply it to the eapol SM before it can do anything with the message 1 of 4 of the FT handshake. Another issue is that depending on the driver or timing, the underlying link might not be marked as 'ready' by the kernel. In this case, our response to Message 1 of the 4-way Handshake is written and accepted by the kernel, but gets dropped on the floor internally. Which leads to timeouts if the AP doesn't retransmit.
2016-10-04 05:48:08 +02:00
netdev: Avoid calling netdev_connect_ok twice in FT handshake_state_install_ptk triggers a call to netdev_set_pairwise_key_cb which calls netdev_connect_ok, so don't call netdev_connect_ok after handshake_state_install_ptk. This doesn't fix any specific problem though.
2018-02-26 13:27:35 +01:00
if (is_rsn) {
netdev: Handle the FT Reassociation Response message Validate the fourth message of the fast transition sequence and save the new keys and state as current values in the netdev object. The FT-specific IE validation that was already present in the initial MD is moved to a new function.
2017-01-12 09:36:02 +01:00
handshake_state_install_ptk(netdev->handshake);
netdev: Avoid calling netdev_connect_ok twice in FT handshake_state_install_ptk triggers a call to netdev_set_pairwise_key_cb which calls netdev_connect_ok, so don't call netdev_connect_ok after handshake_state_install_ptk. This doesn't fix any specific problem though.
2018-02-26 13:27:35 +01:00
return;
}
netdev: Rework link_mode and operstate setting These flags are documented in RFC2863 and kernel's Documentation/networking/operstates.txt. Operstate doesn't have any siginificant effect on normal connectivity or on our autotests because it is not used by the kernel except in some rare cases but it is supposed to affect some userspace daemons that watch for RTM_NEWLINK events, so I believe we *should* set them according to this documentation. Changes: * There's no point setting link_mode or operstate of the netdev when we're bringing the admin state DOWN as that overrides operstate. * Instead of numerical values for link_mode use the if.h defines. * Set IF_OPER_UP when association succeeds also in the Fast Transition case. The driver will have set carrier off and then on so the operstate should be IF_OPER_DORMANT at this point and needs to be reset to UP.
2017-05-30 14:26:18 +02:00
}
netdev: Handle the FT Reassociation Response message Validate the fourth message of the fast transition sequence and save the new keys and state as current values in the netdev object. The FT-specific IE validation that was already present in the initial MD is moved to a new function.
2017-01-12 09:36:02 +01:00
netdev: On connect success don't wait for netdev_operstate_cb Send the link_mode and operstate RTNL command in parallel with the connect Ok event, don't wait for the RTNL callback as it's non-critical.
2017-05-30 14:26:19 +02:00
netdev_connect_ok(netdev);
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
return;
error:
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
netdev->result = NETDEV_RESULT_ASSOCIATION_FAILED;
netdev_connect_failed(NULL, netdev);
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
}
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
static unsigned int ie_rsn_akm_suite_to_nl80211(enum ie_rsn_akm_suite akm)
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
{
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
switch (akm) {
case IE_RSN_AKM_SUITE_8021X:
return CRYPTO_AKM_8021X;
case IE_RSN_AKM_SUITE_PSK:
return CRYPTO_AKM_PSK;
case IE_RSN_AKM_SUITE_FT_OVER_8021X:
return CRYPTO_AKM_FT_OVER_8021X;
case IE_RSN_AKM_SUITE_FT_USING_PSK:
return CRYPTO_AKM_FT_USING_PSK;
case IE_RSN_AKM_SUITE_8021X_SHA256:
return CRYPTO_AKM_8021X_SHA256;
case IE_RSN_AKM_SUITE_PSK_SHA256:
return CRYPTO_AKM_PSK_SHA256;
case IE_RSN_AKM_SUITE_TDLS:
return CRYPTO_AKM_TDLS;
case IE_RSN_AKM_SUITE_SAE_SHA256:
return CRYPTO_AKM_SAE_SHA256;
case IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256:
return CRYPTO_AKM_FT_OVER_SAE_SHA256;
case IE_RSN_AKM_SUITE_AP_PEER_KEY_SHA256:
return CRYPTO_AKM_AP_PEER_KEY_SHA256;
case IE_RSN_AKM_SUITE_8021X_SUITE_B_SHA256:
return CRYPTO_AKM_8021X_SUITE_B_SHA256;
case IE_RSN_AKM_SUITE_8021X_SUITE_B_SHA384:
return CRYPTO_AKM_8021X_SUITE_B_SHA384;
case IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384:
return CRYPTO_AKM_FT_OVER_8021X_SHA384;
}
return 0;
}
static struct l_genl_msg *netdev_build_cmd_associate_common(
struct netdev *netdev)
{
struct handshake_state *hs = netdev->handshake;
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
bool is_rsn = hs->supplicant_ie != NULL;
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
struct l_genl_msg *msg;
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
msg = l_genl_msg_new_sized(NL80211_CMD_ASSOCIATE, 600);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_WIPHY_FREQ, 4,
&netdev->frequency);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, hs->aa);
l_genl_msg_append_attr(msg, NL80211_ATTR_SSID, hs->ssid_len, hs->ssid);
netdev: Use NL80211_ATTR_SOCKET_OWNER flag Use the new NL80211_ATTR_SOCKET_OWNER with CMD_CONNECT and CMD_ASSOCIATE to make sure an iwd crash results in deauthentication.
2017-05-22 10:49:48 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_SOCKET_OWNER, 0, NULL);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
if (is_rsn) {
uint32_t nl_cipher;
uint32_t nl_akm;
uint32_t wpa_version;
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_CONTROL_PORT, 0, NULL);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
netdev: Use EAPoL over nl80211 if CONTROL_PORT set Our logic would set CONTROL_PORT_OVER_NL80211 even in cases where CONTROL_PORT wasn't used (e.g. for open networks). While the kernel ignored this attribute in this case, it is nicer to set this only if CONTROL_PORT is intended to be used.
2018-08-09 22:16:45 +02:00
if (netdev->pae_over_nl80211)
l_genl_msg_append_attr(msg,
NL80211_ATTR_CONTROL_PORT_OVER_NL80211,
0, NULL);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
if (hs->pairwise_cipher == IE_RSN_CIPHER_SUITE_CCMP)
nl_cipher = CRYPTO_CIPHER_CCMP;
else
nl_cipher = CRYPTO_CIPHER_TKIP;
l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
4, &nl_cipher);
if (hs->group_cipher == IE_RSN_CIPHER_SUITE_CCMP)
nl_cipher = CRYPTO_CIPHER_CCMP;
else
nl_cipher = CRYPTO_CIPHER_TKIP;
l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
4, &nl_cipher);
if (hs->mfp) {
uint32_t use_mfp = NL80211_MFP_REQUIRED;
l_genl_msg_append_attr(msg, NL80211_ATTR_USE_MFP,
4, &use_mfp);
}
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
nl_akm = ie_rsn_akm_suite_to_nl80211(hs->akm_suite);
if (nl_akm)
l_genl_msg_append_attr(msg, NL80211_ATTR_AKM_SUITES,
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
4, &nl_akm);
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
if (hs->wpa_ie)
wpa_version = NL80211_WPA_VERSION_1;
else
wpa_version = NL80211_WPA_VERSION_2;
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
l_genl_msg_append_attr(msg, NL80211_ATTR_WPA_VERSIONS,
4, &wpa_version);
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
}
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
return msg;
}
/*
* Build an FT Reassociation Request frame according to 12.5.2 / 12.5.4:
* RSN or non-RSN Over-the-air FT Protocol, and with the IE contents
* according to 12.8.4: FT authentication sequence: contents of third message.
*/
static struct l_genl_msg *netdev_build_cmd_ft_reassociate(
struct netdev *netdev)
{
struct l_genl_msg *msg;
struct iovec iov[3];
int iov_elems = 0;
struct handshake_state *hs = netdev_get_handshake(netdev);
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
bool is_rsn = hs->supplicant_ie != NULL;
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
uint8_t *rsne = NULL;
msg = netdev_build_cmd_associate_common(netdev);
l_genl_msg_append_attr(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
netdev->prev_bssid);
if (is_rsn) {
struct ie_rsn_info rsn_info;
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
/*
* Rebuild the RSNE to include the PMKR1Name and append
* MDE + FTE.
*
* 12.8.4: "If present, the RSNE shall be set as follows:
* Version field shall be set to 1.
* PMKID Count field shall be set to 1.
* PMKID field shall contain the PMKR1Name.
* All other fields shall be as specified in 8.4.2.27
* and 11.5.3."
*/
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
if (ie_parse_rsne_from_data(hs->supplicant_ie,
hs->supplicant_ie[1] + 2,
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
&rsn_info) < 0)
goto error;
rsn_info.num_pmkids = 1;
rsn_info.pmkids = hs->pmk_r1_name;
rsne = alloca(256);
ie_build_rsne(&rsn_info, rsne);
iov[iov_elems].iov_base = rsne;
iov[iov_elems].iov_len = rsne[1] + 2;
iov_elems += 1;
}
/* The MDE advertised by the BSS must be passed verbatim */
iov[iov_elems].iov_base = (void *) hs->mde;
iov[iov_elems].iov_len = hs->mde[1] + 2;
iov_elems += 1;
if (is_rsn) {
struct ie_ft_info ft_info;
uint8_t *fte;
/*
* 12.8.4: "If present, the FTE shall be set as follows:
* ANonce, SNonce, R0KH-ID, and R1KH-ID shall be set to
* the values contained in the second message of this
* sequence.
* The Element Count field of the MIC Control field shall
* be set to the number of elements protected in this
* frame (variable).
* [...]
* All other fields shall be set to 0."
*/
memset(&ft_info, 0, sizeof(ft_info));
ft_info.mic_element_count = 3;
memcpy(ft_info.r0khid, hs->r0khid, hs->r0khid_len);
ft_info.r0khid_len = hs->r0khid_len;
memcpy(ft_info.r1khid, hs->r1khid, 6);
ft_info.r1khid_present = true;
memcpy(ft_info.anonce, hs->anonce, 32);
memcpy(ft_info.snonce, hs->snonce, 32);
fte = alloca(256);
ie_build_fast_bss_transition(&ft_info, fte);
if (!ft_calculate_fte_mic(hs, 5, rsne, fte, NULL, ft_info.mic))
goto error;
/* Rebuild the FT IE now with the MIC included */
ie_build_fast_bss_transition(&ft_info, fte);
iov[iov_elems].iov_base = fte;
iov[iov_elems].iov_len = fte[1] + 2;
iov_elems += 1;
}
l_genl_msg_append_attrv(msg, NL80211_ATTR_IE, iov, iov_elems);
return msg;
error:
l_genl_msg_unref(msg);
return NULL;
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
}
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
static void netdev_cmd_ft_reassociate_cb(struct l_genl_msg *msg,
void *user_data)
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
{
struct netdev *netdev = user_data;
netdev: Cancel the CMD_CONNECT genl command on disconnect CMD_DISCONNECT fails on some occasions when CMD_CONNECT is still running. When this happens the DBus disconnect command receives an error reply but iwd's device state is left as disconnected even though there's a connection at the kernel level which times out a few seconds later. If the CMD_CONNECT is cancelled I couldn't reproduce this so far. src/network.c:network_connect() src/network.c:network_connect_psk() src/network.c:network_connect_psk() psk: 69ae3f8b2f84a438cf6a44275913182dd2714510ccb8cbdf8da9dc8b61718560 src/network.c:network_connect_psk() len: 32 src/network.c:network_connect_psk() ask_psk: false src/device.c:device_enter_state() Old State: disconnected, new state: connecting src/scan.c:scan_notify() Scan notification 33 src/device.c:device_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 6, result: 5 src/device.c:device_enter_state() Old State: connecting, new state: disconnecting src/device.c:device_disconnect_cb() 6, success: 0 src/device.c:device_enter_state() Old State: disconnecting, new state: disconnected src/scan.c:scan_notify() Scan notification 34 src/netdev.c:netdev_mlme_notify() MLME notification 19 src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 37 src/netdev.c:netdev_authenticate_event() src/scan.c:get_scan_callback() get_scan_callback src/scan.c:get_scan_done() get_scan_done src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 19 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 38 src/netdev.c:netdev_associate_event() src/netdev.c:netdev_mlme_notify() MLME notification 46 src/netdev.c:netdev_connect_event() <delay> src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 src/netdev.c:netdev_mlme_notify() MLME notification 39 src/netdev.c:netdev_deauthenticate_event()
2016-08-05 14:25:34 +02:00
netdev->connect_cmd_id = 0;
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
if (l_genl_msg_get_error(msg) < 0) {
struct l_genl_msg *cmd_deauth;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
netdev->result = NETDEV_RESULT_ASSOCIATION_FAILED;
cmd_deauth = netdev_build_cmd_deauthenticate(netdev,
mpdu: Refactor mpdu structs Refactor management frame structures to take into account optional presence of some parts of the header: * drop the single structure for management header and body since the body offset is variable. * add mmpdu_get_body to locate the start of frame body. * drop the union of different management frame type bodies. * prefix names specific to management frames with "mmpdu" instead of "mpdu" including any enums based on 802.11-2012 section 8.4. * move the FC field to the mmpdu_header structure.
2017-08-31 04:04:41 +02:00
MMPDU_REASON_CODE_UNSPECIFIED);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
netdev->disconnect_cmd_id = l_genl_family_send(nl80211,
cmd_deauth,
netdev_connect_failed,
netdev, NULL);
}
}
netdev: Start eapol earlier
2016-09-23 00:34:27 +02:00
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
static void netdev_ft_process(struct netdev *netdev, const uint8_t *frame,
size_t frame_len)
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
{
struct l_genl_msg *cmd_associate, *cmd_deauth;
uint16_t status_code;
const uint8_t *ies = NULL;
size_t ies_len;
struct ie_tlv_iter iter;
const uint8_t *rsne = NULL;
const uint8_t *mde = NULL;
const uint8_t *fte = NULL;
struct handshake_state *hs = netdev->handshake;
netdev: Add sanity checks In the case we get a connect or authenticate event, make sure we're actually trying to connect. Otherwise, it could be another supplicant is running
2017-03-24 17:44:26 +01:00
bool is_rsn;
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
/*
* Parse the Authentication Response and validate the contents
* according to 12.5.2 / 12.5.4: RSN or non-RSN Over-the-air
* FT Protocol.
*/
if (!ft_parse_authentication_resp_frame(frame, frame_len,
netdev->addr, hs->aa, hs->aa, 2,
&status_code, &ies, &ies_len))
goto auth_error;
/* AP Rejected the authenticate / associate */
if (status_code != 0)
goto auth_error;
/* Check 802.11r IEs */
if (!ies)
goto ft_error;
ie_tlv_iter_init(&iter, ies, ies_len);
while (ie_tlv_iter_next(&iter)) {
switch (ie_tlv_iter_get_tag(&iter)) {
case IE_TYPE_RSN:
if (rsne)
goto ft_error;
rsne = ie_tlv_iter_get_data(&iter) - 2;
break;
case IE_TYPE_MOBILITY_DOMAIN:
if (mde)
goto ft_error;
mde = ie_tlv_iter_get_data(&iter) - 2;
break;
case IE_TYPE_FAST_BSS_TRANSITION:
if (fte)
goto ft_error;
fte = ie_tlv_iter_get_data(&iter) - 2;
break;
}
}
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
is_rsn = hs->supplicant_ie != NULL;
netdev: Add sanity checks In the case we get a connect or authenticate event, make sure we're actually trying to connect. Otherwise, it could be another supplicant is running
2017-03-24 17:44:26 +01:00
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
/*
* In an RSN, check for an RSNE containing the PMK-R0-Name and
* the remaining fields same as in the advertised RSNE.
*
* 12.8.3: "The RSNE shall be present only if dot11RSNAActivated
* is true. If present, the RSNE shall be set as follows:
* Version field shall be set to 1.
* PMKID Count field shall be set to 1.
* PMKID List field shall be set to the value contained in the
* first message of this sequence.
* All other fields shall be identical to the contents of the
* RSNE advertised by the AP in Beacon and Probe Response frames."
*/
if (is_rsn) {
struct ie_rsn_info msg2_rsne;
if (!rsne)
goto ft_error;
if (ie_parse_rsne_from_data(rsne, rsne[1] + 2,
&msg2_rsne) < 0)
goto ft_error;
if (msg2_rsne.num_pmkids != 1 ||
memcmp(msg2_rsne.pmkids, hs->pmk_r0_name, 16))
goto ft_error;
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
if (!handshake_util_ap_ie_matches(rsne, hs->authenticator_ie,
false))
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
goto ft_error;
} else if (rsne)
goto ft_error;
/*
* Check for an MD IE identical to the one we sent in message 1
*
* 12.8.3: "The MDE shall contain the MDID and FT Capability and
* Policy fields. This element shall be the same as the MDE
* advertised by the target AP in Beacon and Probe Response frames."
*/
if (!mde || memcmp(hs->mde, mde, hs->mde[1] + 2))
goto ft_error;
/*
* In an RSN, check for an FT IE with the same R0KH-ID and the same
* SNonce that we sent, and check that the R1KH-ID and the ANonce
* are present. Use them to generate new PMK-R1, PMK-R1-Name and PTK
* in handshake.c.
*
* 12.8.3: "The FTE shall be present only if dot11RSNAActivated is
* true. If present, the FTE shall be set as follows:
* R0KH-ID shall be identical to the R0KH-ID provided by the FTO
* in the first message.
* R1KH-ID shall be set to the R1KH-ID of the target AP, from
* dot11FTR1KeyHolderID.
* ANonce shall be set to a value chosen randomly by the target AP,
* following the recommendations of 11.6.5.
* SNonce shall be set to the value contained in the first message
* of this sequence.
* All other fields shall be set to 0."
*/
if (is_rsn) {
struct ie_ft_info ft_info;
uint8_t zeros[16] = {};
if (!fte)
goto ft_error;
if (ie_parse_fast_bss_transition_from_data(fte, fte[1] + 2,
&ft_info) < 0)
goto ft_error;
if (ft_info.mic_element_count != 0 ||
memcmp(ft_info.mic, zeros, 16))
goto ft_error;
if (hs->r0khid_len != ft_info.r0khid_len ||
memcmp(hs->r0khid, ft_info.r0khid,
hs->r0khid_len) ||
!ft_info.r1khid_present)
goto ft_error;
if (memcmp(ft_info.snonce, hs->snonce, 32))
goto ft_error;
handshake_state_set_fte(hs, fte);
handshake_state_set_anonce(hs, ft_info.anonce);
handshake_state_set_kh_ids(hs, ft_info.r0khid,
ft_info.r0khid_len,
ft_info.r1khid);
handshake_state_derive_ptk(hs);
} else if (fte)
goto ft_error;
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
cmd_associate = netdev_build_cmd_ft_reassociate(netdev);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
if (!cmd_associate)
goto ft_error;
netdev->connect_cmd_id = l_genl_family_send(nl80211,
cmd_associate,
netdev_cmd_ft_reassociate_cb,
netdev, NULL);
if (!netdev->connect_cmd_id) {
l_genl_msg_unref(cmd_associate);
goto ft_error;
}
if (netdev->sm)
eapol_register(netdev->sm); /* See netdev_cmd_connect_cb */
return;
auth_error:
netdev->result = NETDEV_RESULT_AUTHENTICATION_FAILED;
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
netdev_connect_failed(NULL, netdev);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
return;
ft_error:
netdev->result = NETDEV_RESULT_AUTHENTICATION_FAILED;
cmd_deauth = netdev_build_cmd_deauthenticate(netdev,
mpdu: Refactor mpdu structs Refactor management frame structures to take into account optional presence of some parts of the header: * drop the single structure for management header and body since the body offset is variable. * add mmpdu_get_body to locate the start of frame body. * drop the union of different management frame type bodies. * prefix names specific to management frames with "mmpdu" instead of "mpdu" including any enums based on 802.11-2012 section 8.4. * move the FC field to the mmpdu_header structure.
2017-08-31 04:04:41 +02:00
MMPDU_REASON_CODE_UNSPECIFIED);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
netdev->disconnect_cmd_id = l_genl_family_send(nl80211, cmd_deauth,
netdev_connect_failed,
netdev, NULL);
}
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
static void netdev_sae_process(struct netdev *netdev, const uint8_t *from,
const uint8_t *frame, size_t frame_len)
{
sae_rx_packet(netdev->sae_sm, from, frame, frame_len);
}
static void netdev_authenticate_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
const uint8_t *frame = NULL;
size_t frame_len = 0;
l_debug("");
if (!netdev->connected) {
l_warn("Unexpected connection related event -- "
"is another supplicant running?");
return;
}
/*
* During Fast Transition we use the authenticate event to start the
* reassociation step because the FTE necessary before we can build
* the FT Associate command is included in the attached frame and is
* not available in the Authenticate command callback.
*/
if (!netdev->in_ft && !netdev->sae_sm)
return;
if (!l_genl_attr_init(&attr, msg)) {
l_debug("attr init failed");
goto auth_error;
}
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_TIMED_OUT:
l_warn("authentication timed out");
if (netdev->sae_sm) {
sae_timeout(netdev->sae_sm);
return;
}
goto auth_error;
case NL80211_ATTR_FRAME:
if (frame)
goto auth_error;
frame = data;
frame_len = len;
break;
}
}
if (!frame)
goto auth_error;
if (netdev->in_ft)
netdev_ft_process(netdev, frame, frame_len);
else if (netdev->sae_sm)
netdev_sae_process(netdev,
((struct mmpdu_header *)frame)->address_2,
frame + 26, frame_len - 26);
else
goto auth_error;
return;
auth_error:
netdev->result = NETDEV_RESULT_AUTHENTICATION_FAILED;
netdev_connect_failed(NULL, netdev);
}
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
static void netdev_associate_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
l_debug("");
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
}
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
static void netdev_cmd_connect_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = user_data;
netdev->connect_cmd_id = 0;
/* Wait for connect event */
if (l_genl_msg_get_error(msg) >= 0) {
if (netdev->event_filter)
netdev->event_filter(netdev,
NETDEV_EVENT_ASSOCIATING,
netdev->user_data);
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
/* the SAE SM can be freed */
if (netdev->sae_sm) {
sae_sm_free(netdev->sae_sm);
netdev->sae_sm = NULL;
}
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
/*
* We register the eapol state machine here, in case the PAE
* socket receives EAPoL packets before the nl80211 socket
* receives the connected event. The logical sequence of
* events can be reversed (e.g. connect_event, then PAE data)
* due to scheduling
*/
if (netdev->sm)
eapol_register(netdev->sm);
return;
}
netdev->result = NETDEV_RESULT_ASSOCIATION_FAILED;
netdev_connect_failed(NULL, netdev);
}
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
static void netdev_sae_complete(uint16_t status, void *user_data)
{
struct netdev *netdev = user_data;
struct l_genl_msg *msg;
netdev: station: support FT over SAE Boiled down, FT over SAE is no different than FT over PSK, apart from the different AKM suite. The bulk of this change fixes the current netdev/station logic related to SAE by rebuilding the RSNE and adding the MDE if present in the handshake to match what the PSK logic does. A common function was introduced into station which will rebuild the handshake rsne's for a target network. This is used for both new network connections as well as fast transitions.
2018-09-19 20:30:36 +02:00
struct iovec iov[3];
int iov_elems = 0;
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
if (status != 0) {
l_error("SAE exchange failed on %u result %u",
netdev->index, status);
netdev->sae_sm = NULL;
goto auth_failed;
}
msg = netdev_build_cmd_associate_common(netdev);
netdev: station: support FT over SAE Boiled down, FT over SAE is no different than FT over PSK, apart from the different AKM suite. The bulk of this change fixes the current netdev/station logic related to SAE by rebuilding the RSNE and adding the MDE if present in the handshake to match what the PSK logic does. A common function was introduced into station which will rebuild the handshake rsne's for a target network. This is used for both new network connections as well as fast transitions.
2018-09-19 20:30:36 +02:00
iov[iov_elems].iov_base = netdev->handshake->supplicant_ie;
iov[iov_elems].iov_len = netdev->handshake->supplicant_ie[1] + 2;
iov_elems++;
if (netdev->handshake->mde) {
iov[iov_elems].iov_base = netdev->handshake->mde;
iov[iov_elems].iov_len = netdev->handshake->mde[1] + 2;
iov_elems++;
}
l_genl_msg_append_attrv(msg, NL80211_ATTR_IE, iov, iov_elems);
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
/* netdev_cmd_connect_cb can be reused */
netdev->connect_cmd_id = l_genl_family_send(nl80211, msg,
netdev_cmd_connect_cb,
netdev, NULL);
if (!netdev->connect_cmd_id)
goto auth_failed;
/*
* Kick off EAPoL sm early in case the first EAPoL packet comes prior
* to the netdev_cmd_connect_cb
*/
netdev->sm = eapol_sm_new(netdev->handshake);
return;
auth_failed:
netdev->result = NETDEV_RESULT_AUTHENTICATION_FAILED;
netdev_connect_failed(NULL, netdev);
}
static void netdev_tx_sae_frame_cb(struct l_genl_msg *msg,
void *user_data)
{
int err = l_genl_msg_get_error(msg);
if (err < 0)
l_debug("SAE: CMD_AUTHENTICATE failed: %s", strerror(err));
}
static int netdev_tx_sae_frame(const uint8_t *dest, const uint8_t *body,
size_t body_len, void *user_data)
{
struct netdev *netdev = user_data;
struct l_genl_msg *msg;
uint32_t auth_type = NL80211_AUTHTYPE_SAE;
msg = l_genl_msg_new_sized(NL80211_CMD_AUTHENTICATE, 512);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_WIPHY_FREQ,
4, &netdev->frequency);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, dest);
l_genl_msg_append_attr(msg, NL80211_ATTR_SSID,
strlen((char *) netdev->handshake->ssid),
netdev->handshake->ssid);
l_genl_msg_append_attr(msg, NL80211_ATTR_AUTH_TYPE, 4, &auth_type);
l_genl_msg_append_attr(msg, NL80211_ATTR_AUTH_DATA, body_len, body);
if (!l_genl_family_send(nl80211, msg, netdev_tx_sae_frame_cb,
netdev, NULL)) {
l_genl_msg_unref(msg);
return -EINVAL;
}
return 0;
}
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
struct scan_bss *bss,
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
struct handshake_state *hs,
const uint8_t *prev_bssid)
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
{
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
uint32_t auth_type = NL80211_AUTHTYPE_OPEN_SYSTEM;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
struct l_genl_msg *msg;
netdev: FT version of association messages If an MD IE is supplied to netdev_connect, pass that MD IE in the associate request, then validate and handle the MD IE and FT IE in the associate response from AP.
2016-11-02 23:46:16 +01:00
struct iovec iov[2];
int iov_elems = 0;
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
bool is_rsn = hs->supplicant_ie != NULL;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
msg = l_genl_msg_new_sized(NL80211_CMD_CONNECT, 512);
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_WIPHY_FREQ,
4, &bss->frequency);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, bss->addr);
l_genl_msg_append_attr(msg, NL80211_ATTR_SSID,
bss->ssid_len, bss->ssid);
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_AUTH_TYPE, 4, &auth_type);
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
if (prev_bssid)
l_genl_msg_append_attr(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
prev_bssid);
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
if (bss->capability & IE_BSS_CAP_PRIVACY)
l_genl_msg_append_attr(msg, NL80211_ATTR_PRIVACY, 0, NULL);
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
netdev: Use NL80211_ATTR_SOCKET_OWNER flag Use the new NL80211_ATTR_SOCKET_OWNER with CMD_CONNECT and CMD_ASSOCIATE to make sure an iwd crash results in deauthentication.
2017-05-22 10:49:48 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_SOCKET_OWNER, 0, NULL);
netdev: Always require handshake_state with netdev_connect
2016-12-12 18:34:19 +01:00
if (is_rsn) {
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
uint32_t nl_cipher;
netdev: Send additional attributes For fullmac drivers, these attributes are also needed
2016-11-15 20:15:45 +01:00
uint32_t nl_akm;
uint32_t wpa_version;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
if (hs->pairwise_cipher == IE_RSN_CIPHER_SUITE_CCMP)
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
nl_cipher = CRYPTO_CIPHER_CCMP;
else
nl_cipher = CRYPTO_CIPHER_TKIP;
l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
4, &nl_cipher);
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
if (hs->group_cipher == IE_RSN_CIPHER_SUITE_CCMP)
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
nl_cipher = CRYPTO_CIPHER_CCMP;
else
nl_cipher = CRYPTO_CIPHER_TKIP;
l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
4, &nl_cipher);
netdev: set NL80211_ATTR_USE_MFP if mfp is enabled
2016-12-08 15:26:16 +01:00
if (hs->mfp) {
netdev: Fixup USE_MFP atribute usage The kernel parses NL80211_ATTR_USE_MFP to mean an enumeration nl80211_mfp. So instead of using a boolean, we should be using the value NL80211_MFP_REQUIRED.
2016-12-13 16:26:42 +01:00
uint32_t use_mfp = NL80211_MFP_REQUIRED;
netdev: set NL80211_ATTR_USE_MFP if mfp is enabled
2016-12-08 15:26:16 +01:00
l_genl_msg_append_attr(msg, NL80211_ATTR_USE_MFP,
netdev: Fixup USE_MFP atribute usage The kernel parses NL80211_ATTR_USE_MFP to mean an enumeration nl80211_mfp. So instead of using a boolean, we should be using the value NL80211_MFP_REQUIRED.
2016-12-13 16:26:42 +01:00
4, &use_mfp);
netdev: set NL80211_ATTR_USE_MFP if mfp is enabled
2016-12-08 15:26:16 +01:00
}
netdev: Send additional attributes For fullmac drivers, these attributes are also needed
2016-11-15 20:15:45 +01:00
nl_akm = ie_rsn_akm_suite_to_nl80211(hs->akm_suite);
if (nl_akm)
l_genl_msg_append_attr(msg, NL80211_ATTR_AKM_SUITES,
4, &nl_akm);
if (hs->wpa_ie)
wpa_version = NL80211_WPA_VERSION_1;
else
wpa_version = NL80211_WPA_VERSION_2;
l_genl_msg_append_attr(msg, NL80211_ATTR_WPA_VERSIONS,
4, &wpa_version);
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_CONTROL_PORT, 0, NULL);
netdev: Use EAPoL over nl80211 if CONTROL_PORT set Our logic would set CONTROL_PORT_OVER_NL80211 even in cases where CONTROL_PORT wasn't used (e.g. for open networks). While the kernel ignored this attribute in this case, it is nicer to set this only if CONTROL_PORT is intended to be used.
2018-08-09 22:16:45 +02:00
if (netdev->pae_over_nl80211)
l_genl_msg_append_attr(msg,
NL80211_ATTR_CONTROL_PORT_OVER_NL80211,
0, NULL);
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
iov[iov_elems].iov_base = (void *) hs->supplicant_ie;
iov[iov_elems].iov_len = hs->supplicant_ie[1] + 2;
netdev: Always require handshake_state with netdev_connect
2016-12-12 18:34:19 +01:00
iov_elems += 1;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
}
netdev: Drop separate mde parameter, simplify
2016-12-12 18:34:20 +01:00
if (hs->mde) {
iov[iov_elems].iov_base = (void *) hs->mde;
iov[iov_elems].iov_len = hs->mde[1] + 2;
netdev: FT version of association messages If an MD IE is supplied to netdev_connect, pass that MD IE in the associate request, then validate and handle the MD IE and FT IE in the associate response from AP.
2016-11-02 23:46:16 +01:00
iov_elems += 1;
}
if (iov_elems)
l_genl_msg_append_attrv(msg, NL80211_ATTR_IE, iov, iov_elems);
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
return msg;
}
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
static int netdev_connect_common(struct netdev *netdev,
struct l_genl_msg *cmd_connect,
struct scan_bss *bss,
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
struct handshake_state *hs,
netdev: Drop separate mde parameter, simplify
2016-12-12 18:34:20 +01:00
struct eapol_sm *sm,
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
netdev_event_func_t event_filter,
netdev_connect_cb_t cb, void *user_data)
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
{
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
if (cmd_connect) {
netdev->connect_cmd_id = l_genl_family_send(nl80211,
cmd_connect, netdev_cmd_connect_cb,
netdev, NULL);
netdev: Cancel the CMD_CONNECT genl command on disconnect CMD_DISCONNECT fails on some occasions when CMD_CONNECT is still running. When this happens the DBus disconnect command receives an error reply but iwd's device state is left as disconnected even though there's a connection at the kernel level which times out a few seconds later. If the CMD_CONNECT is cancelled I couldn't reproduce this so far. src/network.c:network_connect() src/network.c:network_connect_psk() src/network.c:network_connect_psk() psk: 69ae3f8b2f84a438cf6a44275913182dd2714510ccb8cbdf8da9dc8b61718560 src/network.c:network_connect_psk() len: 32 src/network.c:network_connect_psk() ask_psk: false src/device.c:device_enter_state() Old State: disconnected, new state: connecting src/scan.c:scan_notify() Scan notification 33 src/device.c:device_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 6, result: 5 src/device.c:device_enter_state() Old State: connecting, new state: disconnecting src/device.c:device_disconnect_cb() 6, success: 0 src/device.c:device_enter_state() Old State: disconnecting, new state: disconnected src/scan.c:scan_notify() Scan notification 34 src/netdev.c:netdev_mlme_notify() MLME notification 19 src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 37 src/netdev.c:netdev_authenticate_event() src/scan.c:get_scan_callback() get_scan_callback src/scan.c:get_scan_done() get_scan_done src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 19 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 38 src/netdev.c:netdev_associate_event() src/netdev.c:netdev_mlme_notify() MLME notification 46 src/netdev.c:netdev_connect_event() <delay> src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 src/netdev.c:netdev_mlme_notify() MLME notification 39 src/netdev.c:netdev_deauthenticate_event()
2016-08-05 14:25:34 +02:00
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
if (!netdev->connect_cmd_id) {
l_genl_msg_unref(cmd_connect);
return -EIO;
}
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
}
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
netdev->event_filter = event_filter;
netdev->connect_cb = cb;
netdev->user_data = user_data;
netdev: Properly cleanup removed interfaces
2016-07-20 00:45:48 +02:00
netdev->connected = true;
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
netdev->handshake = hs;
netdev: Move eapol_read to eapol.c
2016-06-28 23:58:17 +02:00
netdev->sm = sm;
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
netdev->frequency = bss->frequency;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
netdev->cur_rssi_low = false; /* Gets udpated on the 1st CQM event */
netdev->cur_rssi = bss->signal_strength / 100;
netdev_rssi_level_init(netdev);
netdev: Move eapol_read to eapol.c
2016-06-28 23:58:17 +02:00
netdev: Always require handshake_state with netdev_connect
2016-12-12 18:34:19 +01:00
handshake_state_set_authenticator_address(hs, bss->addr);
handshake_state_set_supplicant_address(hs, netdev->addr);
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
if (netdev->sae_sm)
sae_start(netdev->sae_sm);
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
return 0;
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
}
int netdev_connect(struct netdev *netdev, struct scan_bss *bss,
netdev: Drop separate mde parameter, simplify
2016-12-12 18:34:20 +01:00
struct handshake_state *hs,
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
netdev_event_func_t event_filter,
netdev_connect_cb_t cb, void *user_data)
{
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
struct l_genl_msg *cmd_connect = NULL;
wsc: Move eapol_sm creation to netdev_connect_wsc
2016-12-12 18:34:18 +01:00
struct eapol_sm *sm = NULL;
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
bool is_rsn = hs->supplicant_ie != NULL;
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
netdev: ensure proper iftype on connect/disconnect Now that the device mode can be changed, netdev must check that the iftype is correct before starting a connection or disconnecting. netdev_connect, netdev_connect_wsc, and netdev_disconnect now check that the iftype is station before continuing.
2018-07-17 23:15:58 +02:00
if (netdev->type != NL80211_IFTYPE_STATION)
return -ENOTSUP;
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
if (netdev->connected)
return -EISCONN;
ie: introduce IE_AKM_IS_SAE macro To prepare for FT over SAE, several case/if statements needed to include IE_RSN_AKM_SUITE_FT_OVER_SAE. Also a new macro was introduced to remove duplicate if statement code checking for both FT_OVER_SAE and SAE AKM's.
2018-09-19 20:30:35 +02:00
if (IE_AKM_IS_SAE(hs->akm_suite)) {
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
netdev->sae_sm = sae_sm_new(hs, netdev_tx_sae_frame,
netdev_sae_complete, netdev);
} else {
cmd_connect = netdev_build_cmd_connect(netdev, bss, hs, NULL);
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
if (!cmd_connect)
return -EINVAL;
if (is_rsn)
sm = eapol_sm_new(hs);
}
wsc: Move eapol_sm creation to netdev_connect_wsc
2016-12-12 18:34:18 +01:00
netdev: Drop separate mde parameter, simplify
2016-12-12 18:34:20 +01:00
return netdev_connect_common(netdev, cmd_connect, bss, hs, sm,
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
event_filter, cb, user_data);
}
int netdev_connect_wsc(struct netdev *netdev, struct scan_bss *bss,
wsc: Move eapol_sm creation to netdev_connect_wsc
2016-12-12 18:34:18 +01:00
struct handshake_state *hs,
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
netdev_event_func_t event_filter,
wsc: Move eapol_sm creation to netdev_connect_wsc
2016-12-12 18:34:18 +01:00
netdev_connect_cb_t cb,
netdev_eapol_event_func_t eapol_cb,
void *user_data)
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
{
struct l_genl_msg *cmd_connect;
struct wsc_association_request request;
uint8_t *pdu;
size_t pdu_len;
void *ie;
size_t ie_len;
wsc: Move eapol_sm creation to netdev_connect_wsc
2016-12-12 18:34:18 +01:00
struct eapol_sm *sm;
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
netdev: ensure proper iftype on connect/disconnect Now that the device mode can be changed, netdev must check that the iftype is correct before starting a connection or disconnecting. netdev_connect, netdev_connect_wsc, and netdev_disconnect now check that the iftype is station before continuing.
2018-07-17 23:15:58 +02:00
if (netdev->type != NL80211_IFTYPE_STATION)
return -ENOTSUP;
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
if (netdev->connected)
return -EISCONN;
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
cmd_connect = netdev_build_cmd_connect(netdev, bss, hs, NULL);
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
if (!cmd_connect)
return -EINVAL;
request.version2 = true;
request.request_type = WSC_REQUEST_TYPE_ENROLLEE_OPEN_8021X;
pdu = wsc_build_association_request(&request, &pdu_len);
if (!pdu)
goto error;
ie = ie_tlv_encapsulate_wsc_payload(pdu, pdu_len, &ie_len);
l_free(pdu);
if (!ie)
goto error;
l_genl_msg_append_attr(cmd_connect, NL80211_ATTR_IE, ie_len, ie);
l_free(ie);
wsc: Move eapol_sm creation to netdev_connect_wsc
2016-12-12 18:34:18 +01:00
sm = eapol_sm_new(hs);
eapol_sm_set_user_data(sm, user_data);
eapol_sm_set_event_func(sm, eapol_cb);
netdev: Drop separate mde parameter, simplify
2016-12-12 18:34:20 +01:00
return netdev_connect_common(netdev, cmd_connect, bss, hs, sm,
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
event_filter, cb, user_data);
error:
l_genl_msg_unref(cmd_connect);
return -ENOMEM;
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
}
netdev: Add stubs for netdev_disconnect
2016-06-14 19:15:18 +02:00
int netdev_disconnect(struct netdev *netdev,
netdev_disconnect_cb_t cb, void *user_data)
{
netdev: Use CMD_DISCONNECT for non-FT cases CMD_DEAUTHENTICATE is not available for FullMAC based cards. We already use CMD_CONNECT in the non-FT cases, which works on all cards. However, for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT. For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 18:08:40 +02:00
struct l_genl_msg *disconnect;
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
netdev: ensure proper iftype on connect/disconnect Now that the device mode can be changed, netdev must check that the iftype is correct before starting a connection or disconnecting. netdev_connect, netdev_connect_wsc, and netdev_disconnect now check that the iftype is station before continuing.
2018-07-17 23:15:58 +02:00
if (netdev->type != NL80211_IFTYPE_STATION)
return -ENOTSUP;
netdev: Properly cleanup removed interfaces
2016-07-20 00:45:48 +02:00
if (!netdev->connected)
return -ENOTCONN;
netdev: Return -EINPROGRESS if already disconnecting
2016-09-22 18:48:32 +02:00
if (netdev->disconnect_cmd_id)
return -EINPROGRESS;
netdev: keep track of operational state We should not attempt to call connect_failed if we're have become operational. E.g. successfully associated, ran eapol if necessary and set operstate.
2016-09-22 22:55:07 +02:00
/* Only perform this if we haven't successfully fully associated yet */
if (!netdev->operational) {
netdev->result = NETDEV_RESULT_ABORTED;
netdev_connect_failed(NULL, netdev);
} else {
netdev_connect_free(netdev);
}
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev: Use CMD_DISCONNECT for non-FT cases CMD_DEAUTHENTICATE is not available for FullMAC based cards. We already use CMD_CONNECT in the non-FT cases, which works on all cards. However, for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT. For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 18:08:40 +02:00
disconnect = netdev_build_cmd_disconnect(netdev,
mpdu: Refactor mpdu structs Refactor management frame structures to take into account optional presence of some parts of the header: * drop the single structure for management header and body since the body offset is variable. * add mmpdu_get_body to locate the start of frame body. * drop the union of different management frame type bodies. * prefix names specific to management frames with "mmpdu" instead of "mpdu" including any enums based on 802.11-2012 section 8.4. * move the FC field to the mmpdu_header structure.
2017-08-31 04:04:41 +02:00
MMPDU_REASON_CODE_DEAUTH_LEAVING);
netdev: Use CMD_DISCONNECT for non-FT cases CMD_DEAUTHENTICATE is not available for FullMAC based cards. We already use CMD_CONNECT in the non-FT cases, which works on all cards. However, for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT. For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 18:08:40 +02:00
netdev->disconnect_cmd_id = l_genl_family_send(nl80211, disconnect,
netdev_cmd_disconnect_cb, netdev, NULL);
netdev: Finalize disconnects on device removal When device is removed or otherwise freed, netdev_connect callbacks are invoked. Treat disconnects similarly
2016-09-21 22:20:51 +02:00
if (!netdev->disconnect_cmd_id) {
netdev: Use CMD_DISCONNECT for non-FT cases CMD_DEAUTHENTICATE is not available for FullMAC based cards. We already use CMD_CONNECT in the non-FT cases, which works on all cards. However, for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT. For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 18:08:40 +02:00
l_genl_msg_unref(disconnect);
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
return -EIO;
}
netdev->disconnect_cb = cb;
netdev->user_data = user_data;
netdev: Add stubs for netdev_disconnect
2016-06-14 19:15:18 +02:00
return 0;
}
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
int netdev_reassociate(struct netdev *netdev, struct scan_bss *target_bss,
netdev: Allow reassociation if not currently connected Allow attempts to connect to a new AP using the Reassociation frame even if netdev->operational is false. This is needed if we want to continue an ongoing roam attempt after the original connection broke and will be needed when we start using cached PMKSAs in the future.
2017-08-14 14:31:19 +02:00
struct scan_bss *orig_bss, struct handshake_state *hs,
netdev_event_func_t event_filter,
netdev_connect_cb_t cb, void *user_data)
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
{
struct l_genl_msg *cmd_connect;
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state;
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
struct handshake_state *old_hs;
struct eapol_sm *sm = NULL, *old_sm;
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
bool is_rsn = hs->supplicant_ie != NULL;
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
int err;
cmd_connect = netdev_build_cmd_connect(netdev, target_bss, hs,
netdev: Allow reassociation if not currently connected Allow attempts to connect to a new AP using the Reassociation frame even if netdev->operational is false. This is needed if we want to continue an ongoing roam attempt after the original connection broke and will be needed when we start using cached PMKSAs in the future.
2017-08-14 14:31:19 +02:00
orig_bss->addr);
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
if (!cmd_connect)
return -EINVAL;
if (is_rsn)
sm = eapol_sm_new(hs);
old_sm = netdev->sm;
old_hs = netdev->handshake;
err = netdev_connect_common(netdev, cmd_connect, target_bss, hs, sm,
netdev: Allow reassociation if not currently connected Allow attempts to connect to a new AP using the Reassociation frame even if netdev->operational is false. This is needed if we want to continue an ongoing roam attempt after the original connection broke and will be needed when we start using cached PMKSAs in the future.
2017-08-14 14:31:19 +02:00
event_filter, cb, user_data);
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
if (err < 0)
return err;
netdev: Allow reassociation if not currently connected Allow attempts to connect to a new AP using the Reassociation frame even if netdev->operational is false. This is needed if we want to continue an ongoing roam attempt after the original connection broke and will be needed when we start using cached PMKSAs in the future.
2017-08-14 14:31:19 +02:00
memcpy(netdev->prev_bssid, orig_bss->addr, ETH_ALEN);
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
netdev->operational = false;
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
netdev_rssi_polling_update(netdev);
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
if (old_sm)
eapol_sm_free(old_sm);
netdev: Allow reassociation if not currently connected Allow attempts to connect to a new AP using the Reassociation frame even if netdev->operational is false. This is needed if we want to continue an ongoing roam attempt after the original connection broke and will be needed when we start using cached PMKSAs in the future.
2017-08-14 14:31:19 +02:00
if (old_hs)
handshake_state_free(old_hs);
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
return err;
}
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
static void netdev_join_adhoc_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = user_data;
netdev->join_adhoc_cmd_id = 0;
if (netdev->adhoc_cb)
netdev->adhoc_cb(netdev, l_genl_msg_get_error(msg),
netdev->user_data);
}
int netdev_join_adhoc(struct netdev *netdev, const char *ssid,
struct iovec *extra_ie, size_t extra_ie_elems,
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
bool control_port, netdev_command_cb_t cb,
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
void *user_data)
{
struct l_genl_msg *cmd;
netdev: Don't use device_get_ifindex in join_adhoc This is pointless as the ifindex is already available on the netdev object.
2018-08-17 21:42:07 +02:00
uint32_t ifindex = netdev->index;
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
uint32_t ch_freq = scan_channel_to_freq(6, SCAN_BAND_2_4_GHZ);
uint32_t ch_type = NL80211_CHAN_HT20;
if (netdev->type != NL80211_IFTYPE_ADHOC) {
l_error("iftype is invalid for adhoc: %u",
netdev_get_iftype(netdev));
return -ENOTSUP;
}
if (netdev->join_adhoc_cmd_id || netdev->leave_adhoc_cmd_id)
return -EBUSY;
netdev->adhoc_cb = cb;
netdev->user_data = user_data;
cmd = l_genl_msg_new_sized(NL80211_CMD_JOIN_IBSS, 128);
l_genl_msg_append_attr(cmd, NL80211_ATTR_IFINDEX, 4, &ifindex);
l_genl_msg_append_attr(cmd, NL80211_ATTR_SSID, strlen(ssid), ssid);
l_genl_msg_append_attr(cmd, NL80211_ATTR_WIPHY_FREQ, 4, &ch_freq);
l_genl_msg_append_attr(cmd, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 4,
&ch_type);
l_genl_msg_append_attrv(cmd, NL80211_ATTR_IE, extra_ie, extra_ie_elems);
l_genl_msg_append_attr(cmd, NL80211_ATTR_SOCKET_OWNER, 0, NULL);
netdev: Use EAPoL over nl80211 if CONTROL_PORT set Our logic would set CONTROL_PORT_OVER_NL80211 even in cases where CONTROL_PORT wasn't used (e.g. for open networks). While the kernel ignored this attribute in this case, it is nicer to set this only if CONTROL_PORT is intended to be used.
2018-08-09 22:16:45 +02:00
if (control_port) {
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
l_genl_msg_append_attr(cmd, NL80211_ATTR_CONTROL_PORT, 0, NULL);
netdev: Use EAPoL over nl80211 if CONTROL_PORT set Our logic would set CONTROL_PORT_OVER_NL80211 even in cases where CONTROL_PORT wasn't used (e.g. for open networks). While the kernel ignored this attribute in this case, it is nicer to set this only if CONTROL_PORT is intended to be used.
2018-08-09 22:16:45 +02:00
if (netdev->pae_over_nl80211)
l_genl_msg_append_attr(cmd,
NL80211_ATTR_CONTROL_PORT_OVER_NL80211,
0, NULL);
}
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
netdev->join_adhoc_cmd_id = l_genl_family_send(nl80211, cmd,
netdev_join_adhoc_cb, netdev, NULL);
if (!netdev->join_adhoc_cmd_id) {
netdev->adhoc_cb = NULL;
netdev->user_data = NULL;
return -EIO;
}
return 0;
}
static void netdev_leave_adhoc_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = user_data;
netdev->leave_adhoc_cmd_id = 0;
if (netdev->adhoc_cb)
netdev->adhoc_cb(netdev, l_genl_msg_get_error(msg),
netdev->user_data);
netdev->adhoc_cb = NULL;
}
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
int netdev_leave_adhoc(struct netdev *netdev, netdev_command_cb_t cb,
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
void *user_data)
{
struct l_genl_msg *cmd;
if (netdev->type != NL80211_IFTYPE_ADHOC) {
l_error("iftype is invalid for adhoc: %u",
netdev_get_iftype(netdev));
return -ENOTSUP;
}
if (netdev->join_adhoc_cmd_id || netdev->leave_adhoc_cmd_id)
return -EBUSY;
netdev->adhoc_cb = cb;
netdev->user_data = user_data;
cmd = l_genl_msg_new_sized(NL80211_CMD_LEAVE_IBSS, 64);
l_genl_msg_append_attr(cmd, NL80211_ATTR_IFINDEX, 4, &netdev->index);
netdev->leave_adhoc_cmd_id = l_genl_family_send(nl80211, cmd,
netdev_leave_adhoc_cb, netdev,
NULL);
if (!netdev->leave_adhoc_cmd_id)
return -EIO;
return 0;
}
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
/*
* Build an FT Authentication Request frame according to 12.5.2 / 12.5.4:
* RSN or non-RSN Over-the-air FT Protocol, with the IE contents
* according to 12.8.2: FT authentication sequence: contents of first message.
*/
static struct l_genl_msg *netdev_build_cmd_ft_authenticate(
struct netdev *netdev,
const struct scan_bss *bss,
const struct handshake_state *hs)
{
uint32_t auth_type = NL80211_AUTHTYPE_FT;
struct l_genl_msg *msg;
struct iovec iov[3];
int iov_elems = 0;
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
bool is_rsn = hs->supplicant_ie != NULL;
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
uint8_t mde[5];
msg = l_genl_msg_new_sized(NL80211_CMD_AUTHENTICATE, 512);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_WIPHY_FREQ,
4, &bss->frequency);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, bss->addr);
l_genl_msg_append_attr(msg, NL80211_ATTR_SSID,
bss->ssid_len, bss->ssid);
l_genl_msg_append_attr(msg, NL80211_ATTR_AUTH_TYPE, 4, &auth_type);
if (is_rsn) {
struct ie_rsn_info rsn_info;
uint8_t *rsne;
/*
* Rebuild the RSNE to include the PMKR0Name and append
* MDE + FTE.
*
* 12.8.2: "If present, the RSNE shall be set as follows:
* Version field shall be set to 1.
* PMKID Count field shall be set to 1.
* PMKID List field shall contain the PMKR0Name.
* All other fields shall be as specified in 8.4.2.27
* and 11.5.3."
*/
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
if (ie_parse_rsne_from_data(hs->supplicant_ie,
hs->supplicant_ie[1] + 2,
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
&rsn_info) < 0)
goto error;
rsn_info.num_pmkids = 1;
rsn_info.pmkids = hs->pmk_r0_name;
rsne = alloca(256);
ie_build_rsne(&rsn_info, rsne);
iov[iov_elems].iov_base = rsne;
iov[iov_elems].iov_len = rsne[1] + 2;
iov_elems += 1;
}
/* The MDE advertised by the BSS must be passed verbatim */
mde[0] = IE_TYPE_MOBILITY_DOMAIN;
mde[1] = 3;
memcpy(mde + 2, bss->mde, 3);
iov[iov_elems].iov_base = mde;
iov[iov_elems].iov_len = 5;
iov_elems += 1;
if (is_rsn) {
struct ie_ft_info ft_info;
uint8_t *fte;
/*
* 12.8.2: "If present, the FTE shall be set as follows:
* R0KH-ID shall be the value of R0KH-ID obtained by the
* FTO during its FT initial mobility domain association
* exchange.
* SNonce shall be set to a value chosen randomly by the
* FTO, following the recommendations of 11.6.5.
* All other fields shall be set to 0."
*/
memset(&ft_info, 0, sizeof(ft_info));
memcpy(ft_info.r0khid, hs->r0khid, hs->r0khid_len);
ft_info.r0khid_len = hs->r0khid_len;
memcpy(ft_info.snonce, hs->snonce, 32);
fte = alloca(256);
ie_build_fast_bss_transition(&ft_info, fte);
iov[iov_elems].iov_base = fte;
iov[iov_elems].iov_len = fte[1] + 2;
iov_elems += 1;
}
l_genl_msg_append_attrv(msg, NL80211_ATTR_IE, iov, iov_elems);
return msg;
error:
l_genl_msg_unref(msg);
return NULL;
}
static void netdev_cmd_authenticate_ft_cb(struct l_genl_msg *msg,
void *user_data)
{
struct netdev *netdev = user_data;
netdev->connect_cmd_id = 0;
if (l_genl_msg_get_error(msg) < 0) {
netdev->result = NETDEV_RESULT_AUTHENTICATION_FAILED;
netdev_connect_failed(NULL, netdev);
}
}
int netdev_fast_transition(struct netdev *netdev, struct scan_bss *target_bss,
netdev_connect_cb_t cb)
{
struct l_genl_msg *cmd_authenticate;
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs;
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
uint8_t orig_snonce[32];
int err;
if (!netdev->operational)
return -ENOTCONN;
if (!netdev->handshake->mde || !target_bss->mde_present ||
l_get_le16(netdev->handshake->mde + 2) !=
l_get_le16(target_bss->mde))
return -EINVAL;
/*
* We reuse the handshake_state object and reset what's needed.
* Could also create a new object and copy most of the state but
* we would end up doing more work.
*/
memcpy(orig_snonce, netdev->handshake->snonce, 32);
handshake_state_new_snonce(netdev->handshake);
cmd_authenticate = netdev_build_cmd_ft_authenticate(netdev, target_bss,
netdev->handshake);
if (!cmd_authenticate) {
err = -EINVAL;
goto restore_snonce;
}
netdev->connect_cmd_id = l_genl_family_send(nl80211,
cmd_authenticate,
netdev_cmd_authenticate_ft_cb,
netdev, NULL);
if (!netdev->connect_cmd_id) {
l_genl_msg_unref(cmd_authenticate);
err = -EIO;
goto restore_snonce;
}
memcpy(netdev->prev_bssid, netdev->handshake->aa, ETH_ALEN);
handshake_state_set_authenticator_address(netdev->handshake,
target_bss->addr);
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
handshake_state_set_authenticator_rsn(netdev->handshake,
target_bss->rsne);
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
memcpy(netdev->handshake->mde + 2, target_bss->mde, 3);
if (netdev->sm) {
eapol_sm_free(netdev->sm);
netdev->sm = eapol_sm_new(netdev->handshake);
eapol: Add eapol_sm_set_require_handshake Function to allow netdev.c to explicitly tell eapol.c whether to expect EAP / 4-Way handshake. This is to potentially make the code more descriptive, until now we'd look at sm->handshake->ptk_complete to see if a new PTK was needed. A 4-Way handshake is required on association to an AP except after FT.
2017-08-18 14:22:55 +02:00
eapol_sm_set_require_handshake(netdev->sm, false);
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
}
netdev->operational = false;
netdev->in_ft = true;
netdev->connect_cb = cb;
netdev->frequency = target_bss->frequency;
/*
* Cancel commands that could be running because of EAPoL activity
* like re-keying, this way the callbacks for those commands don't
* have to check if failures resulted from the transition.
*/
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs = container_of(netdev->handshake,
struct netdev_handshake_state, super);
if (nhs->group_new_key_cmd_id) {
l_genl_family_cancel(nl80211, nhs->group_new_key_cmd_id);
nhs->group_new_key_cmd_id = 0;
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
}
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
if (nhs->group_management_new_key_cmd_id) {
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
l_genl_family_cancel(nl80211,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->group_management_new_key_cmd_id);
nhs->group_management_new_key_cmd_id = 0;
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
}
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
netdev_rssi_polling_update(netdev);
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
return 0;
restore_snonce:
memcpy(netdev->handshake->snonce, orig_snonce, 32);
return err;
}
netdev: Add netdev_preauthenticate Add preauthentication logic. The callback receives the new PMK only.
2017-04-29 03:53:27 +02:00
static void netdev_preauth_cb(const uint8_t *pmk, void *user_data)
{
struct netdev_preauth_state *preauth = user_data;
netdev_preauthenticate_cb_t cb = preauth->cb;
preauth->cb = NULL;
cb(preauth->netdev,
pmk ? NETDEV_RESULT_OK : NETDEV_RESULT_HANDSHAKE_FAILED,
pmk, preauth->user_data);
}
int netdev_preauthenticate(struct netdev *netdev, struct scan_bss *target_bss,
netdev_preauthenticate_cb_t cb, void *user_data)
{
struct netdev_preauth_state *preauth;
if (!netdev->operational)
return -ENOTCONN;
preauth = l_new(struct netdev_preauth_state, 1);
if (!eapol_preauth_start(target_bss->addr, netdev->handshake,
netdev_preauth_cb, preauth,
netdev_preauth_destroy)) {
l_free(preauth);
return -EIO;
}
preauth->cb = cb;
preauth->user_data = user_data;
preauth->netdev = netdev;
return 0;
}
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
static uint32_t netdev_send_action_frame(struct netdev *netdev,
const uint8_t *to,
const uint8_t *body, size_t body_len,
l_genl_msg_func_t callback)
{
struct l_genl_msg *msg;
const uint16_t frame_type = 0x00d0;
uint8_t action_frame[24 + body_len];
uint32_t id;
memset(action_frame, 0, 24);
l_put_le16(frame_type, action_frame + 0);
memcpy(action_frame + 4, to, 6);
memcpy(action_frame + 10, netdev->addr, 6);
memcpy(action_frame + 16, netdev->handshake->aa, 6);
memcpy(action_frame + 24, body, body_len);
msg = l_genl_msg_new_sized(NL80211_CMD_FRAME, 128 + body_len);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_WIPHY_FREQ, 4,
&netdev->frequency);
l_genl_msg_append_attr(msg, NL80211_ATTR_FRAME, sizeof(action_frame),
action_frame);
id = l_genl_family_send(nl80211, msg, callback, netdev, NULL);
if (!id)
l_genl_msg_unref(msg);
return id;
}
static void netdev_neighbor_report_req_cb(struct l_genl_msg *msg,
void *user_data)
{
struct netdev *netdev = user_data;
if (!netdev->neighbor_report_cb)
return;
if (l_genl_msg_get_error(msg) < 0) {
netdev: More neighbor_report_req error handling Make sure that the Neighbor Report timeout is cancelled when connection breaks or device is being destroyed, and call the callback. Add an errno parameter to the callback to indicate the cause.
2017-01-23 12:38:40 +01:00
netdev->neighbor_report_cb(netdev, l_genl_msg_get_error(msg),
NULL, 0, netdev->user_data);
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
netdev->neighbor_report_cb = NULL;
l_timeout_remove(netdev->neighbor_report_timeout);
}
}
static void netdev_neighbor_report_timeout(struct l_timeout *timeout,
void *user_data)
{
struct netdev *netdev = user_data;
netdev: More neighbor_report_req error handling Make sure that the Neighbor Report timeout is cancelled when connection breaks or device is being destroyed, and call the callback. Add an errno parameter to the callback to indicate the cause.
2017-01-23 12:38:40 +01:00
netdev->neighbor_report_cb(netdev, -ETIMEDOUT, NULL, 0,
netdev->user_data);
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
netdev->neighbor_report_cb = NULL;
netdev: More neighbor_report_req error handling Make sure that the Neighbor Report timeout is cancelled when connection breaks or device is being destroyed, and call the callback. Add an errno parameter to the callback to indicate the cause.
2017-01-23 12:38:40 +01:00
l_timeout_remove(netdev->neighbor_report_timeout);
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
}
int netdev_neighbor_report_req(struct netdev *netdev,
netdev_neighbor_report_cb_t cb)
{
const uint8_t action_frame[] = {
0x05, /* Category: Radio Measurement */
0x04, /* Radio Measurement Action: Neighbor Report Request */
0x01, /* Dialog Token: a non-zero value (unused) */
};
if (netdev->neighbor_report_cb || !netdev->connected)
return -EBUSY;
if (!netdev_send_action_frame(netdev, netdev->handshake->aa,
action_frame, sizeof(action_frame),
netdev_neighbor_report_req_cb))
return -EIO;
netdev->neighbor_report_cb = cb;
/* Set a 3-second timeout */
netdev->neighbor_report_timeout =
l_timeout_create(3, netdev_neighbor_report_timeout,
netdev, NULL);
return 0;
}
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
static void netdev_neighbor_report_frame_event(struct netdev *netdev,
const struct mmpdu_header *hdr,
const void *body, size_t body_len,
void *user_data)
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
{
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
if (body_len < 3) {
l_debug("Neighbor Report frame too short");
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
return;
}
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
if (!netdev->neighbor_report_cb)
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
return;
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
/*
* Don't use the dialog token (byte 3), return the first Neighbor
* Report Response received.
*
* Byte 1 is 0x05 for Radio Measurement, byte 2 is 0x05 for
* Neighbor Report.
*/
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
netdev->neighbor_report_cb(netdev, 0, body + 3, body_len - 3,
netdev->user_data);
netdev->neighbor_report_cb = NULL;
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
l_timeout_remove(netdev->neighbor_report_timeout);
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
}
netdev: basic support for receiving SA Query requests
2018-02-07 22:01:43 +01:00
static void netdev_sa_query_resp_cb(struct l_genl_msg *msg,
void *user_data)
{
if (l_genl_msg_get_error(msg) < 0)
l_debug("error sending SA Query request");
}
static void netdev_sa_query_req_frame_event(struct netdev *netdev,
const struct mmpdu_header *hdr,
const void *body, size_t body_len,
void *user_data)
{
uint8_t sa_resp[4];
uint16_t transaction;
if (body_len < 4) {
l_debug("SA Query request too short");
return;
}
if (!netdev->connected)
return;
/* only care about SA Queries from our connected AP */
if (memcmp(hdr->address_2, netdev->handshake->aa, 6))
return;
transaction = l_get_u16(body + 2);
sa_resp[0] = 0x08; /* SA Query */
sa_resp[1] = 0x01; /* Response */
memcpy(sa_resp + 2, &transaction, 2);
l_info("received SA Query request from "MAC", transaction=%u",
MAC_STR(hdr->address_2), transaction);
if (!netdev_send_action_frame(netdev, netdev->handshake->aa,
sa_resp, sizeof(sa_resp),
netdev_sa_query_resp_cb)) {
l_error("error sending SA Query response");
return;
}
}
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
static void netdev_sa_query_resp_frame_event(struct netdev *netdev,
const struct mmpdu_header *hdr,
const void *body, size_t body_len,
void *user_data)
{
if (body_len < 4) {
l_debug("SA Query frame too short");
return;
}
l_debug("SA Query src="MAC" dest="MAC" bssid="MAC" transaction=%u",
MAC_STR(hdr->address_2), MAC_STR(hdr->address_1),
MAC_STR(hdr->address_3), l_get_u16(body + 2));
if (!netdev->sa_query_timeout) {
l_debug("no SA Query request sent");
return;
}
/* check if this is from our connected BSS */
if (memcmp(hdr->address_2, netdev->handshake->aa, 6)) {
l_debug("received SA Query from non-connected AP");
return;
}
if (memcmp(body + 2, &netdev->sa_query_id, 2)) {
l_debug("SA Query transaction ID's did not match");
return;
}
l_info("SA Query response from connected BSS received, "
"keeping the connection active");
l_timeout_remove(netdev->sa_query_timeout);
netdev->sa_query_timeout = NULL;
}
static void netdev_sa_query_req_cb(struct l_genl_msg *msg,
void *user_data)
{
struct netdev *netdev = user_data;
if (l_genl_msg_get_error(msg) < 0) {
l_debug("error sending SA Query request");
l_timeout_remove(netdev->sa_query_timeout);
netdev->sa_query_timeout = NULL;
}
}
static void netdev_sa_query_timeout(struct l_timeout *timeout,
void *user_data)
{
struct netdev *netdev = user_data;
struct l_genl_msg *msg;
l_info("SA Query timed out, connection is invalid. Disconnecting...");
l_timeout_remove(netdev->sa_query_timeout);
netdev->sa_query_timeout = NULL;
msg = netdev_build_cmd_disconnect(netdev,
MMPDU_REASON_CODE_PREV_AUTH_NOT_VALID);
netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg,
netdev_connect_failed, netdev, NULL);
}
static void netdev_unprot_disconnect_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
const struct mmpdu_header *hdr = NULL;
struct l_genl_attr attr;
uint16_t type;
uint16_t len;
const void *data;
uint8_t action_frame[4];
uint8_t reason_code;
if (!netdev->connected)
return;
/* ignore excessive disassociate requests */
if (netdev->sa_query_timeout)
return;
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_FRAME:
hdr = mpdu_validate(data, len);
break;
}
}
/* check that ATTR_FRAME was actually included */
if (!hdr)
return;
/* get reason code, first byte of frame */
reason_code = l_get_u8(mmpdu_body(hdr));
l_info("disconnect event, src="MAC" dest="MAC" bssid="MAC" reason=%u",
MAC_STR(hdr->address_2), MAC_STR(hdr->address_1),
MAC_STR(hdr->address_3), reason_code);
if (memcmp(hdr->address_2, netdev->handshake->aa, 6)) {
l_debug("received invalid disassociate frame");
return;
}
if (reason_code != MMPDU_REASON_CODE_CLASS2_FRAME_FROM_NONAUTH_STA &&
reason_code !=
MMPDU_REASON_CODE_CLASS3_FRAME_FROM_NONASSOC_STA) {
l_debug("invalid reason code %u", reason_code);
return;
}
action_frame[0] = 0x08; /* Category: SA Query */
action_frame[1] = 0x00; /* SA Query Action: Request */
/* Transaction ID */
l_getrandom(action_frame + 2, 2);
if (!netdev_send_action_frame(netdev, netdev->handshake->aa,
action_frame, sizeof(action_frame),
netdev_sa_query_req_cb)) {
l_error("error sending SA Query action frame");
return;
}
netdev->sa_query_id = l_get_u16(action_frame + 2);
netdev->sa_query_timeout = l_timeout_create(3,
netdev_sa_query_timeout, netdev, NULL);
}
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
static void netdev_station_event(struct l_genl_msg *msg,
struct netdev *netdev, bool added)
{
struct l_genl_attr attr;
uint16_t type;
uint16_t len;
const void *data;
const uint8_t *mac = NULL;
if (netdev_get_iftype(netdev) != NETDEV_IFTYPE_ADHOC)
return;
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_MAC:
mac = data;
break;
}
}
if (!mac) {
l_error("%s station event did not include MAC attribute",
added ? "new" : "del");
return;
}
WATCHLIST_NOTIFY(&netdev->station_watches,
netdev_station_watch_func_t, netdev, mac, added);
}
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
static void netdev_mlme_notify(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = NULL;
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
uint8_t cmd;
cmd = l_genl_msg_get_command(msg);
l_debug("MLME notification %u", cmd);
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_IFINDEX:
if (len != sizeof(uint32_t)) {
l_warn("Invalid interface index attribute");
return;
}
netdev = netdev_find(*((uint32_t *) data));
break;
}
}
if (!netdev) {
l_warn("MLME notification is missing ifindex attribute");
return;
}
switch (cmd) {
case NL80211_CMD_AUTHENTICATE:
netdev_authenticate_event(msg, netdev);
netdev: Move deauthenticate event handling .. out of wiphy.c
2016-06-15 21:02:24 +02:00
break;
case NL80211_CMD_DEAUTHENTICATE:
netdev_deauthenticate_event(msg, netdev);
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
break;
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
case NL80211_CMD_ASSOCIATE:
netdev_associate_event(msg, netdev);
break;
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
case NL80211_CMD_CONNECT:
netdev_connect_event(msg, netdev);
break;
netdev: Move disconnect event handling .. out of wiphy.c
2016-06-16 18:21:12 +02:00
case NL80211_CMD_DISCONNECT:
netdev_disconnect_event(msg, netdev);
break;
netdev: Move CQM event handling out of wiphy.c
2016-06-16 18:06:17 +02:00
case NL80211_CMD_NOTIFY_CQM:
netdev_cqm_event(msg, netdev);
break;
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
case NL80211_CMD_SET_REKEY_OFFLOAD:
netdev_rekey_offload_event(msg, netdev);
break;
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
case NL80211_CMD_UNPROT_DEAUTHENTICATE:
case NL80211_CMD_UNPROT_DISASSOCIATE:
netdev_unprot_disconnect_event(msg, netdev);
break;
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
case NL80211_CMD_NEW_STATION:
netdev_station_event(msg, netdev, true);
break;
case NL80211_CMD_DEL_STATION:
netdev_station_event(msg, netdev, false);
break;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
}
}
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
struct frame_prefix_info {
uint16_t frame_type;
const uint8_t *body;
size_t body_len;
};
static bool netdev_frame_watch_match_prefix(const void *a, const void *b)
{
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
const struct watchlist_item *item = a;
const struct netdev_frame_watch *fw =
container_of(item, struct netdev_frame_watch, super);
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
const struct frame_prefix_info *info = b;
return fw->frame_type == info->frame_type &&
fw->prefix_len <= info->body_len &&
!memcmp(fw->prefix, info->body, fw->prefix_len);
}
static void netdev_mgmt_frame_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
struct l_genl_attr attr;
netdev: Use mpdu_validate on received registered frames This way the individual frame handlers have less validation to do.
2017-09-22 05:06:33 +02:00
uint16_t type, len, frame_len;
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
const void *data;
const struct mmpdu_header *mpdu = NULL;
const uint8_t *body;
struct frame_prefix_info info;
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_FRAME:
if (mpdu)
return;
netdev: Use mpdu_validate on received registered frames This way the individual frame handlers have less validation to do.
2017-09-22 05:06:33 +02:00
mpdu = mpdu_validate(data, len);
if (!mpdu)
l_error("Frame didn't validate as MMPDU");
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
frame_len = len;
break;
}
}
netdev: Use mpdu_validate on received registered frames This way the individual frame handlers have less validation to do.
2017-09-22 05:06:33 +02:00
if (!mpdu)
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
return;
body = mmpdu_body(mpdu);
if (memcmp(mpdu->address_1, netdev->addr, 6) &&
netdev: Use util_is_broadcast_address
2017-09-22 05:06:32 +02:00
!util_is_broadcast_address(mpdu->address_1))
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
return;
/* Only match the frame type and subtype like the kernel does */
#define FC_FTYPE_STYPE_MASK 0x00fc
info.frame_type = l_get_le16(mpdu) & FC_FTYPE_STYPE_MASK;
info.body = (const uint8_t *) body;
info.body_len = (const uint8_t *) mpdu + frame_len - body;
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
WATCHLIST_NOTIFY_MATCHES(&netdev->frame_watches,
netdev_frame_watch_match_prefix, &info,
netdev_frame_watch_func_t,
netdev, mpdu, body, info.body_len);
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
}
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
static void netdev_pae_destroy(void *user_data)
{
struct netdev *netdev = user_data;
netdev->pae_io = NULL;
}
static bool netdev_pae_read(struct l_io *io, void *user_data)
{
int fd = l_io_get_fd(io);
struct sockaddr_ll sll;
socklen_t sll_len;
ssize_t bytes;
uint8_t frame[IEEE80211_MAX_DATA_LEN];
memset(&sll, 0, sizeof(sll));
sll_len = sizeof(sll);
bytes = recvfrom(fd, frame, sizeof(frame), 0,
(struct sockaddr *) &sll, &sll_len);
if (bytes <= 0) {
l_error("EAPoL read socket: %s", strerror(errno));
return false;
}
if (sll.sll_halen != ETH_ALEN)
return true;
__eapol_rx_packet(sll.sll_ifindex, sll.sll_addr,
ntohs(sll.sll_protocol), frame, bytes, false);
return true;
}
netdev: React to CONTROL_PORT unicast
2018-03-13 21:27:20 +01:00
static void netdev_control_port_frame_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
struct l_genl_attr attr;
uint16_t type;
uint16_t len;
const void *data;
const uint8_t *frame = NULL;
uint16_t frame_len = 0;
const uint8_t *src = NULL;
uint16_t proto = 0;
bool unencrypted = false;
l_debug("");
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_FRAME:
if (frame)
return;
frame = data;
frame_len = len;
break;
case NL80211_ATTR_MAC:
if (src)
return;
src = data;
break;
case NL80211_ATTR_CONTROL_PORT_ETHERTYPE:
if (len != sizeof(proto))
return;
proto = *((const uint16_t *) data);
break;
case NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT:
unencrypted = true;
break;
}
}
if (!src || !frame || !proto)
return;
__eapol_rx_packet(netdev->index, src, proto,
frame, frame_len, unencrypted);
}
netdev: Handle Control Port TX path
2018-05-01 20:31:20 +02:00
static struct l_genl_msg *netdev_build_control_port_frame(struct netdev *netdev,
const uint8_t *to,
uint16_t proto,
bool unencrypted,
const void *body,
size_t body_len)
{
struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_CONTROL_PORT_FRAME,
128 + body_len);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_FRAME, body_len, body);
l_genl_msg_append_attr(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, 2,
&proto);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, to);
if (unencrypted)
l_genl_msg_append_attr(msg,
NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT, 0, NULL);
return msg;
}
static void netdev_control_port_frame_cb(struct l_genl_msg *msg,
void *user_data)
{
int err;
err = l_genl_msg_get_error(msg);
l_debug("%d", err);
if (err < 0)
l_info("CMD_CONTROL_PORT failed: %s", strerror(-err));
}
static int netdev_control_port_write_pae(struct netdev *netdev,
const uint8_t *dest,
uint16_t proto,
const struct eapol_frame *ef,
bool noencrypt)
{
int fd = l_io_get_fd(netdev->pae_io);
struct sockaddr_ll sll;
size_t frame_size = sizeof(struct eapol_header) +
L_BE16_TO_CPU(ef->header.packet_len);
ssize_t r;
memset(&sll, 0, sizeof(sll));
sll.sll_family = AF_PACKET;
sll.sll_ifindex = netdev->index;
sll.sll_protocol = htons(proto);
sll.sll_halen = ETH_ALEN;
memcpy(sll.sll_addr, dest, ETH_ALEN);
r = sendto(fd, ef, frame_size, 0,
(struct sockaddr *) &sll, sizeof(sll));
if (r < 0)
l_error("EAPoL write socket: %s", strerror(errno));
return r;
}
static int netdev_control_port_frame(uint32_t ifindex,
const uint8_t *dest, uint16_t proto,
const struct eapol_frame *ef,
bool noencrypt,
void *user_data)
{
struct l_genl_msg *msg;
struct netdev *netdev;
size_t frame_size;
netdev = netdev_find(ifindex);
if (!netdev)
return -ENOENT;
frame_size = sizeof(struct eapol_header) +
L_BE16_TO_CPU(ef->header.packet_len);
netdev: Allow iwd.conf to specify PAE over NL80211 Right now iwd uses Control Port over NL80211 feature if the kernel / driver supports it. On some kernels this feature is still buggy, so add an iwd.conf entry to allow the user to override id. For now the default is to disable this feature until it is more stable.
2018-07-02 03:35:22 +02:00
if (!netdev->pae_over_nl80211)
netdev: Handle Control Port TX path
2018-05-01 20:31:20 +02:00
return netdev_control_port_write_pae(netdev, dest, proto,
ef, noencrypt);
msg = netdev_build_control_port_frame(netdev, dest, proto, noencrypt,
ef, frame_size);
if (!msg)
return -ENOMEM;
if (!l_genl_family_send(nl80211, msg, netdev_control_port_frame_cb,
netdev, NULL)) {
l_genl_msg_unref(msg);
return -EINVAL;
}
return 0;
}
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
static void netdev_unicast_notify(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = NULL;
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
uint8_t cmd;
cmd = l_genl_msg_get_command(msg);
if (!cmd)
return;
l_debug("Unicast notification %u", cmd);
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_IFINDEX:
if (len != sizeof(uint32_t)) {
l_warn("Invalid interface index attribute");
return;
}
netdev = netdev_find(*((uint32_t *) data));
break;
}
}
if (!netdev) {
l_warn("Unicast notification is missing ifindex attribute");
return;
}
switch (cmd) {
case NL80211_CMD_FRAME:
netdev_mgmt_frame_event(msg, netdev);
break;
netdev: React to CONTROL_PORT unicast
2018-03-13 21:27:20 +01:00
case NL80211_CMD_CONTROL_PORT_FRAME:
netdev_control_port_frame_event(msg, netdev);
break;
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
}
}
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
static struct l_genl_msg *netdev_build_cmd_cqm_rssi_update(
struct netdev *netdev,
const int8_t *levels,
size_t levels_num)
{
struct l_genl_msg *msg;
uint32_t hyst = 5;
int thold_count;
int32_t thold_list[levels_num + 2];
if (levels_num == 0) {
thold_list[0] = LOW_SIGNAL_THRESHOLD;
thold_count = 1;
} else {
/*
* Build the list of all the threshold values we care about:
* - the low/high level threshold,
* - the value ranges requested by
* netdev_set_rssi_report_levels
*/
unsigned int i;
bool low_sig_added = false;
thold_count = 0;
for (i = 0; i < levels_num; i++) {
int32_t val = levels[levels_num - i - 1];
if (i && thold_list[thold_count - 1] >= val)
return NULL;
if (val >= LOW_SIGNAL_THRESHOLD && !low_sig_added) {
thold_list[thold_count++] =
LOW_SIGNAL_THRESHOLD;
low_sig_added = true;
/* Duplicate values are not allowed */
if (val == LOW_SIGNAL_THRESHOLD)
continue;
}
thold_list[thold_count++] = val;
}
}
msg = l_genl_msg_new_sized(NL80211_CMD_SET_CQM, 32 + thold_count * 4);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_enter_nested(msg, NL80211_ATTR_CQM);
l_genl_msg_append_attr(msg, NL80211_ATTR_CQM_RSSI_THOLD,
thold_count * 4, thold_list);
l_genl_msg_append_attr(msg, NL80211_ATTR_CQM_RSSI_HYST, 4, &hyst);
l_genl_msg_leave_nested(msg);
return msg;
}
static void netdev_cmd_set_cqm_cb(struct l_genl_msg *msg, void *user_data)
{
if (l_genl_msg_get_error(msg) < 0)
l_error("CMD_SET_CQM failed");
}
int netdev_set_rssi_report_levels(struct netdev *netdev, const int8_t *levels,
size_t levels_num)
{
struct l_genl_msg *cmd_set_cqm;
if (levels_num > L_ARRAY_SIZE(netdev->rssi_levels))
return -ENOSPC;
wiphy: Rename get_ext_feature API to has_ext_feature
2018-05-24 20:12:36 +02:00
if (!wiphy_has_ext_feature(netdev->wiphy,
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
NL80211_EXT_FEATURE_CQM_RSSI_LIST))
goto done;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
cmd_set_cqm = netdev_build_cmd_cqm_rssi_update(netdev, levels,
levels_num);
if (!cmd_set_cqm)
return -EINVAL;
if (!l_genl_family_send(nl80211, cmd_set_cqm, netdev_cmd_set_cqm_cb,
NULL, NULL)) {
l_error("CMD_SET_CQM failed");
l_genl_msg_unref(cmd_set_cqm);
return -EIO;
}
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
done:
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
memcpy(netdev->rssi_levels, levels, levels_num);
netdev->rssi_levels_num = levels_num;
netdev_rssi_level_init(netdev);
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
netdev_rssi_polling_update(netdev);
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
return 0;
}
int netdev_get_rssi_level(struct netdev *netdev)
{
return netdev->cur_rssi_level_idx;
}
static int netdev_cqm_rssi_update(struct netdev *netdev)
{
struct l_genl_msg *msg =
netdev_build_cmd_cqm_rssi_update(netdev,
netdev->rssi_levels,
netdev->rssi_levels_num);
if (!msg)
return -EINVAL;
if (!l_genl_family_send(nl80211, msg, netdev_cmd_set_cqm_cb,
NULL, NULL)) {
l_error("CMD_SET_CQM failed");
l_genl_msg_unref(msg);
return -EIO;
}
return 0;
}
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
static struct l_genl_msg *netdev_build_cmd_set_interface(struct netdev *netdev,
uint32_t iftype)
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
{
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
struct l_genl_msg *msg =
l_genl_msg_new_sized(NL80211_CMD_SET_INTERFACE, 32);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFTYPE, 4, &iftype);
return msg;
}
struct netdev_set_iftype_request {
netdev_command_cb_t cb;
void *user_data;
netdev_destroy_func_t destroy;
uint32_t pending_type;
uint32_t ref;
struct netdev *netdev;
bool bring_up;
};
static void netdev_set_iftype_request_destroy(void *user_data)
{
struct netdev_set_iftype_request *req = user_data;
struct netdev *netdev = req->netdev;
req->ref--;
if (req->ref)
return;
netdev->set_powered_cmd_id = 0;
netdev->set_interface_cmd_id = 0;
if (req->destroy)
req->destroy(req->user_data);
l_free(req);
}
static void netdev_set_iftype_up_cb(int error, uint16_t type,
const void *data,
uint32_t len, void *user_data)
{
struct netdev_set_iftype_request *req = user_data;
struct netdev *netdev = req->netdev;
if (req->cb)
req->cb(netdev, error, req->user_data);
}
static void netdev_set_iftype_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev_set_iftype_request *req = user_data;
struct netdev *netdev = req->netdev;
int error = l_genl_msg_get_error(msg);
if (error != 0)
goto done;
netdev->type = req->pending_type;
netdev: Issue initial SET_CQM when in STATION mode
2018-08-20 05:52:52 +02:00
/* Set RSSI threshold for CQM notifications */
if (netdev->type == NL80211_IFTYPE_STATION)
netdev_cqm_rssi_update(netdev);
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
/* If the netdev was down originally, we're done */
if (!req->bring_up)
goto done;
netdev->set_powered_cmd_id =
rtnl_set_powered(netdev->index, true,
netdev_set_iftype_up_cb, req,
netdev_set_iftype_request_destroy);
if (!netdev->set_powered_cmd_id) {
error = -EIO;
goto done;
}
req->ref++;
netdev->set_interface_cmd_id = 0;
return;
done:
if (req->cb)
req->cb(netdev, error, req->user_data);
}
static void netdev_set_iftype_down_cb(int error, uint16_t type,
const void *data,
uint32_t len, void *user_data)
{
struct netdev_set_iftype_request *req = user_data;
struct netdev *netdev = req->netdev;
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
struct l_genl_msg *msg;
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
if (error != 0)
goto error;
msg = netdev_build_cmd_set_interface(netdev, req->pending_type);
netdev->set_interface_cmd_id =
l_genl_family_send(nl80211, msg, netdev_set_iftype_cb, req,
netdev_set_iftype_request_destroy);
if (!netdev->set_interface_cmd_id) {
l_genl_msg_unref(msg);
error = -EIO;
goto error;
}
req->ref++;
netdev->set_powered_cmd_id = 0;
return;
error:
if (req->cb)
req->cb(netdev, error, req->user_data);
}
int netdev_set_iftype(struct netdev *netdev, enum netdev_iftype type,
netdev_command_cb_t cb, void *user_data,
netdev_destroy_func_t destroy)
{
netdev: Add IFTYPE_ADHOC interface type netdev_set_iftype and get_iftype were also changed to account for all three interface types.
2018-07-17 00:29:14 +02:00
uint32_t iftype;
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
struct netdev_set_iftype_request *req;
netdev: Add IFTYPE_ADHOC interface type netdev_set_iftype and get_iftype were also changed to account for all three interface types.
2018-07-17 00:29:14 +02:00
switch (type) {
case NETDEV_IFTYPE_AP:
iftype = NL80211_IFTYPE_AP;
break;
case NETDEV_IFTYPE_ADHOC:
iftype = NL80211_IFTYPE_ADHOC;
break;
case NETDEV_IFTYPE_STATION:
iftype = NL80211_IFTYPE_STATION;
break;
default:
l_error("unsupported iftype %u", type);
return -EINVAL;
}
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
if (netdev->set_powered_cmd_id ||
netdev->set_interface_cmd_id)
return -EBUSY;
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
req = l_new(struct netdev_set_iftype_request, 1);
req->cb = cb;
req->user_data = user_data;
req->destroy = destroy;
req->pending_type = iftype;
req->netdev = netdev;
req->ref = 1;
req->bring_up = netdev_get_is_up(netdev);
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
if (!req->bring_up) {
struct l_genl_msg *msg =
netdev_build_cmd_set_interface(netdev, iftype);
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
netdev->set_interface_cmd_id =
l_genl_family_send(nl80211, msg,
netdev_set_iftype_cb, req,
netdev_set_iftype_request_destroy);
if (netdev->set_interface_cmd_id)
return 0;
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
l_genl_msg_unref(msg);
} else {
netdev->set_powered_cmd_id =
rtnl_set_powered(netdev->index, false,
netdev_set_iftype_down_cb, req,
netdev_set_iftype_request_destroy);
if (netdev->set_powered_cmd_id)
return 0;
}
netdev: fixed netdev_set_iftype While this would issue a SET_INTERFACE to the kernel it would not actually set netdev->type, so netdev_get_iftype would return incorrectly.
2018-06-19 22:28:01 +02:00
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
l_free(req);
return -EIO;
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
}
netdev: handle netlink events on bridge ports When a wifi interface is added/removed to/from a bridge, a RTM_NEW/DELLINK event is issued. This is the same event used to signal when an interface is created/deleted. For this reason the event generated by the bridge code has to be properly distinguished and handled accordingly. Failing to do so will result in inconsistencies in iwd which will think an interface has been deleted when it was actually not. Detect incoming NEW/DELLINK bridge events and reacts accordingly. For now, this simply means printing a simple message, as there is no special logic in iwd for this yet.
2018-06-12 06:20:18 +02:00
static void netdev_bridge_port_event(const struct ifinfomsg *ifi, int bytes,
bool added)
{
struct netdev *netdev;
struct rtattr *attr;
uint32_t master = 0;
netdev = netdev_find(ifi->ifi_index);
if (!netdev)
return;
for (attr = IFLA_RTA(ifi); RTA_OK(attr, bytes);
attr = RTA_NEXT(attr, bytes)) {
switch (attr->rta_type) {
case IFLA_MASTER:
memcpy(&master, RTA_DATA(attr), sizeof(master));
break;
}
}
l_debug("netdev: %d %s bridge: %d", ifi->ifi_index,
(added ? "added to" : "removed from"), master);
}
netdev: add helper to set/unset 4ADDR property
2018-06-14 04:11:23 +02:00
struct set_4addr_cb_data {
struct netdev *netdev;
bool value;
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
netdev_command_cb_t callback;
netdev: add helper to set/unset 4ADDR property
2018-06-14 04:11:23 +02:00
void *user_data;
netdev_destroy_func_t destroy;
};
static void netdev_set_4addr_cb(struct l_genl_msg *msg, void *user_data)
{
struct set_4addr_cb_data *cb_data = user_data;
int error = l_genl_msg_get_error(msg);
if (!cb_data)
return;
/* cache the value that has just been set */
if (!error)
cb_data->netdev->use_4addr = cb_data->value;
netdev: Fix unneeded error negation device.c expects errors to be negative for both set_powered and set_4addr.
2018-06-14 04:25:01 +02:00
cb_data->callback(cb_data->netdev, error, cb_data->user_data);
netdev: add helper to set/unset 4ADDR property
2018-06-14 04:11:23 +02:00
}
static void netdev_set_4addr_destroy(void *user_data)
{
struct set_4addr_cb_data *cb_data = user_data;
if (!cb_data)
return;
if (cb_data->destroy)
cb_data->destroy(cb_data->user_data);
l_free(cb_data);
}
int netdev_set_4addr(struct netdev *netdev, bool use_4addr,
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
netdev_command_cb_t cb, void *user_data,
netdev: add helper to set/unset 4ADDR property
2018-06-14 04:11:23 +02:00
netdev_destroy_func_t destroy)
{
struct set_4addr_cb_data *cb_data = NULL;
uint8_t attr_4addr = (use_4addr ? 1 : 0);
struct l_genl_msg *msg;
l_debug("netdev: %d use_4addr: %d", netdev->index, use_4addr);
msg = l_genl_msg_new_sized(NL80211_CMD_SET_INTERFACE, 32);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_4ADDR, 1, &attr_4addr);
if (cb) {
cb_data = l_new(struct set_4addr_cb_data, 1);
cb_data->netdev = netdev;
cb_data->value = use_4addr;
cb_data->callback = cb;
cb_data->user_data = user_data;
cb_data->destroy = destroy;
}
if (!l_genl_family_send(nl80211, msg, netdev_set_4addr_cb, cb_data,
netdev_set_4addr_destroy)) {
l_error("CMD_SET_INTERFACE (4addr) failed");
l_genl_msg_unref(msg);
l_free(cb_data);
return -EIO;
}
return 0;
}
bool netdev_get_4addr(struct netdev *netdev)
{
return netdev->use_4addr;
}
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
static void netdev_newlink_notify(const struct ifinfomsg *ifi, int bytes)
{
struct netdev *netdev;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
bool old_up, new_up;
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
char old_name[IFNAMSIZ];
netdev: React to interface address change Handle the changes of interface address in RTNL New Link messages similarly to the name changes, emit a NETDEV_WATCH_EVENT_ADDRESS_CHANGE event and a propety change on dbus. Note this can only happen when the interface is down so it doesn't break anything but we need to handle it anyway.
2017-03-08 15:07:14 +01:00
uint8_t old_addr[ETH_ALEN];
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
struct rtattr *attr;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
netdev: handle netlink events on bridge ports When a wifi interface is added/removed to/from a bridge, a RTM_NEW/DELLINK event is issued. This is the same event used to signal when an interface is created/deleted. For this reason the event generated by the bridge code has to be properly distinguished and handled accordingly. Failing to do so will result in inconsistencies in iwd which will think an interface has been deleted when it was actually not. Detect incoming NEW/DELLINK bridge events and reacts accordingly. For now, this simply means printing a simple message, as there is no special logic in iwd for this yet.
2018-06-12 06:20:18 +02:00
if (ifi->ifi_family == AF_BRIDGE) {
netdev_bridge_port_event(ifi, bytes, true);
return;
}
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
netdev = netdev_find(ifi->ifi_index);
if (!netdev)
return;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
old_up = netdev_get_is_up(netdev);
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
strcpy(old_name, netdev->name);
netdev: React to interface address change Handle the changes of interface address in RTNL New Link messages similarly to the name changes, emit a NETDEV_WATCH_EVENT_ADDRESS_CHANGE event and a propety change on dbus. Note this can only happen when the interface is down so it doesn't break anything but we need to handle it anyway.
2017-03-08 15:07:14 +01:00
memcpy(old_addr, netdev->addr, ETH_ALEN);
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev->ifi_flags = ifi->ifi_flags;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
for (attr = IFLA_RTA(ifi); RTA_OK(attr, bytes);
attr = RTA_NEXT(attr, bytes)) {
netdev: React to interface address change Handle the changes of interface address in RTNL New Link messages similarly to the name changes, emit a NETDEV_WATCH_EVENT_ADDRESS_CHANGE event and a propety change on dbus. Note this can only happen when the interface is down so it doesn't break anything but we need to handle it anyway.
2017-03-08 15:07:14 +01:00
switch (attr->rta_type) {
case IFLA_IFNAME:
strcpy(netdev->name, RTA_DATA(attr));
break;
case IFLA_ADDRESS:
if (RTA_PAYLOAD(attr) < ETH_ALEN)
break;
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
netdev: React to interface address change Handle the changes of interface address in RTNL New Link messages similarly to the name changes, emit a NETDEV_WATCH_EVENT_ADDRESS_CHANGE event and a propety change on dbus. Note this can only happen when the interface is down so it doesn't break anything but we need to handle it anyway.
2017-03-08 15:07:14 +01:00
memcpy(netdev->addr, RTA_DATA(attr), ETH_ALEN);
break;
}
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
}
netdev: Don't emit events before NETDEV_WATCH_EVENT_NEW
2018-09-22 18:48:21 +02:00
if (!netdev->device) /* Did we send NETDEV_WATCH_EVENT_NEW yet? */
return;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
new_up = netdev_get_is_up(netdev);
netdev: Simplify event watches using watchlist
2017-09-01 01:18:41 +02:00
if (old_up != new_up)
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
WATCHLIST_NOTIFY(&netdev_watches, netdev_watch_func_t,
netdev: Simplify event watches using watchlist
2017-09-01 01:18:41 +02:00
netdev, new_up ? NETDEV_WATCH_EVENT_UP :
NETDEV_WATCH_EVENT_DOWN);
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
netdev: Simplify event watches using watchlist
2017-09-01 01:18:41 +02:00
if (strcmp(old_name, netdev->name))
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
WATCHLIST_NOTIFY(&netdev_watches, netdev_watch_func_t,
netdev: Simplify event watches using watchlist
2017-09-01 01:18:41 +02:00
netdev, NETDEV_WATCH_EVENT_NAME_CHANGE);
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
netdev: Simplify event watches using watchlist
2017-09-01 01:18:41 +02:00
if (memcmp(old_addr, netdev->addr, ETH_ALEN))
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
WATCHLIST_NOTIFY(&netdev_watches, netdev_watch_func_t,
netdev: Simplify event watches using watchlist
2017-09-01 01:18:41 +02:00
netdev, NETDEV_WATCH_EVENT_ADDRESS_CHANGE);
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
}
netdev: React to removed netdevs
2016-07-01 21:49:34 +02:00
static void netdev_dellink_notify(const struct ifinfomsg *ifi, int bytes)
{
struct netdev *netdev;
netdev: handle netlink events on bridge ports When a wifi interface is added/removed to/from a bridge, a RTM_NEW/DELLINK event is issued. This is the same event used to signal when an interface is created/deleted. For this reason the event generated by the bridge code has to be properly distinguished and handled accordingly. Failing to do so will result in inconsistencies in iwd which will think an interface has been deleted when it was actually not. Detect incoming NEW/DELLINK bridge events and reacts accordingly. For now, this simply means printing a simple message, as there is no special logic in iwd for this yet.
2018-06-12 06:20:18 +02:00
if (ifi->ifi_family == AF_BRIDGE) {
netdev_bridge_port_event(ifi, bytes, false);
return;
}
netdev: React to removed netdevs
2016-07-01 21:49:34 +02:00
netdev = l_queue_remove_if(netdev_list, netdev_match,
L_UINT_TO_PTR(ifi->ifi_index));
if (!netdev)
return;
netdev_free(netdev);
}
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
static void netdev_initial_up_cb(int error, uint16_t type, const void *data,
uint32_t len, void *user_data)
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
{
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
struct netdev *netdev = user_data;
netdev->set_powered_cmd_id = 0;
netdev: Update ifi_flags in rntl_set_powered callbacks When we detect a new device we either bring it down and then up or only up. The IFF_UP flag in netdev->ifi_flags is updated before that, then we send the two rtnl commands and then fire the NETDEV_WATCH_EVENT_NEW event if either the bring up succeeded or -ERFKILL was returned, so the device may either be UP or DOWN at that point. It seems that a RTNL NEWLINK notification is usually received before the RTNL command callback but I don't think this is guaranteed so update the IFF_UP flag in the callbacks so that the NETDEV_WATCH_EVENT_NEW handlers can reliably use netdev_get_is_up()
2018-09-22 18:48:20 +02:00
if (!error)
netdev->ifi_flags |= IFF_UP;
else {
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
l_error("Error bringing interface %i up: %s", netdev->index,
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
strerror(-error));
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
if (error != -ERFKILL)
netdev: Allow ERFKILL during initial bring up If initial bring up returns ERFKILL proceed and the inteface can be explicitly brought up by the client once rfkill is disabled. Also fix the error number returned to netdev_set_powered callback to be negative as expected by netdev_initial_up_cb.
2016-07-26 14:42:20 +02:00
return;
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
}
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
rtnl_set_linkmode_and_operstate(netdev->index, IF_LINK_MODE_DORMANT,
IF_OPER_DOWN, netdev_operstate_cb,
L_UINT_TO_PTR(netdev->index), NULL);
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
netdev: add helper to set/unset 4ADDR property
2018-06-14 04:11:23 +02:00
/*
* we don't know the initial status of the 4addr property on this
* netdev, therefore we set it to zero by default.
*/
netdev_set_4addr(netdev, netdev->use_4addr, NULL, NULL, NULL);
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
l_debug("Interface %i initialized", netdev->index);
netdev->device = device_create(netdev->wiphy, netdev);
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
WATCHLIST_NOTIFY(&netdev_watches, netdev_watch_func_t,
netdev, NETDEV_WATCH_EVENT_NEW);
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
}
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
static void netdev_initial_down_cb(int error, uint16_t type, const void *data,
uint32_t len, void *user_data)
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
{
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
struct netdev *netdev = user_data;
netdev: Update ifi_flags in rntl_set_powered callbacks When we detect a new device we either bring it down and then up or only up. The IFF_UP flag in netdev->ifi_flags is updated before that, then we send the two rtnl commands and then fire the NETDEV_WATCH_EVENT_NEW event if either the bring up succeeded or -ERFKILL was returned, so the device may either be UP or DOWN at that point. It seems that a RTNL NEWLINK notification is usually received before the RTNL command callback but I don't think this is guaranteed so update the IFF_UP flag in the callbacks so that the NETDEV_WATCH_EVENT_NEW handlers can reliably use netdev_get_is_up()
2018-09-22 18:48:20 +02:00
if (!error)
netdev->ifi_flags &= ~IFF_UP;
else {
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
l_error("Error taking interface %i down: %s", netdev->index,
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
strerror(-error));
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
netdev->set_powered_cmd_id = 0;
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
return;
}
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
netdev->set_powered_cmd_id =
rtnl_set_powered(netdev->index, true, netdev_initial_up_cb,
netdev, NULL);
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
}
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
static void netdev_getlink_cb(int error, uint16_t type, const void *data,
uint32_t len, void *user_data)
{
const struct ifinfomsg *ifi = data;
unsigned int bytes;
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
struct netdev *netdev;
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
l_netlink_command_func_t cb;
bool powered;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
if (error != 0 || ifi->ifi_type != ARPHRD_ETHER ||
type != RTM_NEWLINK) {
l_error("RTM_GETLINK error %i ifi_type %i type %i",
error, (int) ifi->ifi_type, (int) type);
return;
}
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
netdev = netdev_find(ifi->ifi_index);
if (!netdev)
return;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
bytes = len - NLMSG_ALIGN(sizeof(struct ifinfomsg));
netdev_newlink_notify(ifi, bytes);
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
/*
* If the interface is UP, reset it to ensure a clean state,
* otherwise just bring it UP.
*/
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
powered = netdev_get_is_up(netdev);
cb = powered ? netdev_initial_down_cb : netdev_initial_up_cb;
netdev->set_powered_cmd_id =
rtnl_set_powered(ifi->ifi_index, !powered, cb, netdev, NULL);
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
}
netdev: Implement interface filtering
2016-06-24 00:34:29 +02:00
static bool netdev_is_managed(const char *ifname)
{
char *pattern;
unsigned int i;
if (!whitelist_filter)
goto check_blacklist;
for (i = 0; (pattern = whitelist_filter[i]); i++) {
if (fnmatch(pattern, ifname, 0) != 0)
continue;
goto check_blacklist;
}
l_debug("whitelist filtered ifname: %s", ifname);
return false;
check_blacklist:
if (!blacklist_filter)
return true;
for (i = 0; (pattern = blacklist_filter[i]); i++) {
if (fnmatch(pattern, ifname, 0) == 0) {
l_debug("blacklist filtered ifname: %s", ifname);
return false;
}
}
return true;
}
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
static void netdev_frame_watch_free(struct watchlist_item *item)
netdev: Register for and parse Neighbor Report responses
2016-12-23 11:38:02 +01:00
{
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
struct netdev_frame_watch *fw =
container_of(item, struct netdev_frame_watch, super);
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
l_free(fw->prefix);
l_free(fw);
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
}
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
static const struct watchlist_ops netdev_frame_watch_ops = {
.item_free = netdev_frame_watch_free,
};
netdev: print error if frame watch fails The frame watch API had no callback, so if there was a failure it would silently continue.
2018-05-18 19:39:10 +02:00
static void netdev_frame_cb(struct l_genl_msg *msg, void *user_data)
{
if (l_genl_msg_get_error(msg) < 0)
l_error("Could not register frame watch type %04x: %i",
L_PTR_TO_UINT(user_data), l_genl_msg_get_error(msg));
}
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
uint32_t netdev_frame_watch_add(struct netdev *netdev, uint16_t frame_type,
const uint8_t *prefix, size_t prefix_len,
netdev_frame_watch_func_t handler,
void *user_data)
{
struct netdev_frame_watch *fw;
netdev: Register for and parse Neighbor Report responses
2016-12-23 11:38:02 +01:00
struct l_genl_msg *msg;
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
struct frame_prefix_info info = { frame_type, prefix, prefix_len };
bool registered;
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
uint32_t id;
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
netdev: Reorder the registered check in netdev_frame_watch_add The l_queue_find() to find other watches matching the new prefix needs to be before the watchlist_link(), otherwise the prefix will match itself and "registered" is always true.
2017-09-07 23:04:44 +02:00
registered = l_queue_find(netdev->frame_watches.items,
netdev_frame_watch_match_prefix,
&info);
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
fw = l_new(struct netdev_frame_watch, 1);
fw->frame_type = frame_type;
fw->prefix = l_memdup(prefix, prefix_len);
fw->prefix_len = prefix_len;
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
id = watchlist_link(&netdev->frame_watches, &fw->super,
handler, user_data, NULL);
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
if (registered)
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
return id;
netdev: Register for and parse Neighbor Report responses
2016-12-23 11:38:02 +01:00
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
msg = l_genl_msg_new_sized(NL80211_CMD_REGISTER_FRAME, 32 + prefix_len);
netdev: Register for and parse Neighbor Report responses
2016-12-23 11:38:02 +01:00
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_FRAME_TYPE, 2, &frame_type);
l_genl_msg_append_attr(msg, NL80211_ATTR_FRAME_MATCH,
prefix_len, prefix);
netdev: print error if frame watch fails The frame watch API had no callback, so if there was a failure it would silently continue.
2018-05-18 19:39:10 +02:00
l_genl_family_send(nl80211, msg, netdev_frame_cb,
L_UINT_TO_PTR(frame_type), NULL);
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
return id;
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
}
bool netdev_frame_watch_remove(struct netdev *netdev, uint32_t id)
{
/*
* There's no way to unregister from notifications but that's not a
* problem, we leave them active in the kernel but
* netdev_mgmt_frame_event will ignore these events.
*/
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
return watchlist_remove(&netdev->frame_watches, id);
netdev: Register for and parse Neighbor Report responses
2016-12-23 11:38:02 +01:00
}
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
static struct l_io *pae_open(uint32_t ifindex)
{
/*
* BPF filter to match skb->dev->type == 1 (ARPHRD_ETHER) and
* match skb->protocol == 0x888e (PAE) or 0x88c7 (preauthentication).
*/
struct sock_filter pae_filter[] = {
{ 0x20, 0, 0, 0xfffff008 }, /* ld #ifidx */
{ 0x15, 0, 6, 0x00000000 }, /* jne #0, drop */
{ 0x28, 0, 0, 0xfffff01c }, /* ldh #hatype */
{ 0x15, 0, 4, 0x00000001 }, /* jne #1, drop */
{ 0x28, 0, 0, 0xfffff000 }, /* ldh #proto */
{ 0x15, 1, 0, 0x0000888e }, /* je #0x888e, keep */
{ 0x15, 0, 1, 0x000088c7 }, /* jne #0x88c7, drop */
{ 0x06, 0, 0, 0xffffffff }, /* keep: ret #-1 */
{ 0x06, 0, 0, 0000000000 }, /* drop: ret #0 */
};
const struct sock_fprog pae_fprog = {
.len = L_ARRAY_SIZE(pae_filter),
.filter = pae_filter
};
struct l_io *io;
int fd;
fd = socket(PF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC | SOCK_NONBLOCK,
htons(ETH_P_ALL));
if (fd < 0)
return NULL;
/*
* Here we modify the k value in the BPF program above to match the
* given ifindex. We do it this way instead of using bind to attach
* to a specific interface index to avoid having to re-open the fd
* whenever the device is powered down / up
*/
pae_filter[1].k = ifindex;
if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER,
&pae_fprog, sizeof(pae_fprog)) < 0)
goto error;
io = l_io_new(fd);
l_io_set_close_on_destroy(io, true);
return io;
error:
close(fd);
return NULL;
}
netdev: Act on NEW_INTERFACE & DEL_INTERFACE cmds
2016-07-19 23:02:37 +02:00
static void netdev_create_from_genl(struct l_genl_msg *msg)
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
{
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
netdev: Fix some uninitialized warnings
2016-06-24 00:34:11 +02:00
const char *ifname = NULL;
uint16_t ifname_len = 0;
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
const uint8_t *ifaddr;
netdev: Fix some uninitialized warnings
2016-06-24 00:34:11 +02:00
const uint32_t *ifindex = NULL, *iftype = NULL;
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
struct netdev *netdev;
struct wiphy *wiphy = NULL;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
struct ifinfomsg *rtmmsg;
size_t bufsize;
netdev: Register for and parse Neighbor Report responses
2016-12-23 11:38:02 +01:00
const uint8_t action_neighbor_report_prefix[2] = { 0x05, 0x05 };
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
const uint8_t action_sa_query_resp_prefix[2] = { 0x08, 0x01 };
netdev: basic support for receiving SA Query requests
2018-02-07 22:01:43 +01:00
const uint8_t action_sa_query_req_prefix[2] = { 0x08, 0x00 };
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
struct l_io *pae_io = NULL;
netdev: Allow iwd.conf to specify PAE over NL80211 Right now iwd uses Control Port over NL80211 feature if the kernel / driver supports it. On some kernels this feature is still buggy, so add an iwd.conf entry to allow the user to override id. For now the default is to disable this feature until it is more stable.
2018-07-02 03:35:22 +02:00
const struct l_settings *settings = iwd_get_config();
bool pae_over_nl80211;
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_IFINDEX:
if (len != sizeof(uint32_t)) {
l_warn("Invalid interface index attribute");
return;
}
ifindex = data;
break;
case NL80211_ATTR_IFNAME:
if (len > IFNAMSIZ) {
l_warn("Invalid interface name attribute");
return;
}
ifname = data;
ifname_len = len;
break;
case NL80211_ATTR_WIPHY:
if (len != sizeof(uint32_t)) {
l_warn("Invalid wiphy attribute");
return;
}
wiphy = wiphy_find(*((uint32_t *) data));
break;
case NL80211_ATTR_IFTYPE:
if (len != sizeof(uint32_t)) {
l_warn("Invalid interface type attribute");
return;
}
iftype = data;
break;
case NL80211_ATTR_MAC:
if (len != ETH_ALEN) {
l_warn("Invalid interface address attribute");
return;
}
ifaddr = data;
break;
}
}
netdev: Silence warning This can easily happen if the phy was blacklisted
2017-03-16 22:50:59 +01:00
if (!wiphy)
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
return;
netdev: Skip non-STA interfaces
2016-07-19 23:03:26 +02:00
if (!iftype) {
l_warn("Missing iftype attribute");
return;
}
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
if (!ifindex || !ifaddr | !ifname) {
l_warn("Unable to parse interface information");
return;
}
if (netdev_find(*ifindex)) {
l_debug("Skipping duplicate netdev %s[%d]", ifname, *ifindex);
return;
}
netdev: Implement interface filtering
2016-06-24 00:34:29 +02:00
if (!netdev_is_managed(ifname)) {
l_debug("interface %s filtered out", ifname);
return;
}
netdev: Allow iwd.conf to specify PAE over NL80211 Right now iwd uses Control Port over NL80211 feature if the kernel / driver supports it. On some kernels this feature is still buggy, so add an iwd.conf entry to allow the user to override id. For now the default is to disable this feature until it is more stable.
2018-07-02 03:35:22 +02:00
if (!l_settings_get_bool(settings, "General",
"ControlPortOverNL80211", &pae_over_nl80211)) {
pae_over_nl80211 = false;
l_info("No ControlPortOverNL80211 setting, defaulting to %s",
pae_over_nl80211 ? "True" : "False");
}
wiphy: Rename get_ext_feature API to has_ext_feature
2018-05-24 20:12:36 +02:00
if (!wiphy_has_ext_feature(wiphy,
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) {
l_debug("No Control Port over NL80211 support for ifindex: %u,"
" using PAE socket", *ifindex);
netdev: Allow iwd.conf to specify PAE over NL80211 Right now iwd uses Control Port over NL80211 feature if the kernel / driver supports it. On some kernels this feature is still buggy, so add an iwd.conf entry to allow the user to override id. For now the default is to disable this feature until it is more stable.
2018-07-02 03:35:22 +02:00
pae_over_nl80211 = false;
}
if (!pae_over_nl80211) {
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
pae_io = pae_open(*ifindex);
if (!pae_io) {
l_error("Unable to open PAE interface");
return;
}
}
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
netdev = l_new(struct netdev, 1);
netdev->index = *ifindex;
netdev->type = *iftype;
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
netdev->rekey_offload_support = true;
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
memcpy(netdev->addr, ifaddr, sizeof(netdev->addr));
memcpy(netdev->name, ifname, ifname_len);
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
netdev->wiphy = wiphy;
netdev: Allow iwd.conf to specify PAE over NL80211 Right now iwd uses Control Port over NL80211 feature if the kernel / driver supports it. On some kernels this feature is still buggy, so add an iwd.conf entry to allow the user to override id. For now the default is to disable this feature until it is more stable.
2018-07-02 03:35:22 +02:00
netdev->pae_over_nl80211 = pae_over_nl80211;
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
if (pae_io) {
netdev->pae_io = pae_io;
l_io_set_read_handler(netdev->pae_io, netdev_pae_read, netdev,
netdev_pae_destroy);
}
netdev: Simplify frame_watch using watchlist
2017-08-31 23:57:05 +02:00
watchlist_init(&netdev->frame_watches, &netdev_frame_watch_ops);
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
watchlist_init(&netdev->station_watches, NULL);
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
l_queue_push_tail(netdev_list, netdev);
netdev: Act on NEW_INTERFACE & DEL_INTERFACE cmds
2016-07-19 23:02:37 +02:00
l_debug("Created interface %s[%d]", netdev->name, netdev->index);
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
/* Query interface flags */
netdev: Add padding to netlink family headers Use the NLMSG_ALIGN macro on the family header size (struct ifinfomsg in this case). The ascii graphics in include/net/netlink.h show that both the netlink header and the family header should be padded. The netlink header (nlmsghdr) is already padded in ell. To "document" this requirementin ell what we could do is take two buffers, one for the family header and one for the attributes. This doesn't change anything for most people because ifinfomsg is already 16-byte long on the usual architectures.
2016-11-07 16:42:02 +01:00
bufsize = NLMSG_ALIGN(sizeof(struct ifinfomsg));
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
rtmmsg = l_malloc(bufsize);
memset(rtmmsg, 0, bufsize);
rtmmsg->ifi_family = AF_UNSPEC;
rtmmsg->ifi_index = *ifindex;
netdev: Squash kernel warning netlink: 16 bytes leftover after parsing attributes in process `iwd'.
2016-10-18 18:40:26 +02:00
l_netlink_send(rtnl, RTM_GETLINK, 0, rtmmsg, bufsize,
netdev: Don't set userdata for getlink
2018-08-17 20:29:05 +02:00
netdev_getlink_cb, NULL, NULL);
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
l_free(rtmmsg);
netdev: Register for and parse Neighbor Report responses
2016-12-23 11:38:02 +01:00
/* Subscribe to Management -> Action -> RM -> Neighbor Report frames */
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
netdev_frame_watch_add(netdev, 0x00d0, action_neighbor_report_prefix,
sizeof(action_neighbor_report_prefix),
netdev_neighbor_report_frame_event, NULL);
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
netdev_frame_watch_add(netdev, 0x00d0, action_sa_query_resp_prefix,
sizeof(action_sa_query_resp_prefix),
netdev_sa_query_resp_frame_event, NULL);
netdev: basic support for receiving SA Query requests
2018-02-07 22:01:43 +01:00
netdev_frame_watch_add(netdev, 0x00d0, action_sa_query_req_prefix,
sizeof(action_sa_query_req_prefix),
netdev_sa_query_req_frame_event, NULL);
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
/* Set RSSI threshold for CQM notifications */
netdev: Issue initial SET_CQM when in STATION mode
2018-08-20 05:52:52 +02:00
if (netdev->type == NL80211_IFTYPE_STATION)
netdev_cqm_rssi_update(netdev);
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
}
netdev: Act on NEW_INTERFACE & DEL_INTERFACE cmds
2016-07-19 23:02:37 +02:00
static void netdev_get_interface_callback(struct l_genl_msg *msg,
void *user_data)
{
netdev_create_from_genl(msg);
}
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
static void netdev_config_notify(struct l_genl_msg *msg, void *user_data)
{
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
uint8_t cmd;
netdev: Act on NEW_INTERFACE & DEL_INTERFACE cmds
2016-07-19 23:02:37 +02:00
const uint32_t *wiphy_id = NULL;
const uint32_t *ifindex = NULL;
struct netdev *netdev;
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
cmd = l_genl_msg_get_command(msg);
netdev: Act on NEW_INTERFACE & DEL_INTERFACE cmds
2016-07-19 23:02:37 +02:00
if (cmd == NL80211_CMD_NEW_INTERFACE) {
netdev_create_from_genl(msg);
return;
}
if (cmd != NL80211_CMD_DEL_INTERFACE)
return;
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
if (!l_genl_attr_init(&attr, msg))
return;
netdev: Act on NEW_INTERFACE & DEL_INTERFACE cmds
2016-07-19 23:02:37 +02:00
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_WIPHY:
if (len != sizeof(uint32_t)) {
l_warn("Invalid wiphy attribute");
return;
}
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
netdev: Act on NEW_INTERFACE & DEL_INTERFACE cmds
2016-07-19 23:02:37 +02:00
wiphy_id = data;
break;
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
netdev: Act on NEW_INTERFACE & DEL_INTERFACE cmds
2016-07-19 23:02:37 +02:00
case NL80211_ATTR_IFINDEX:
if (len != sizeof(uint32_t)) {
l_warn("Invalid ifindex attribute");
return;
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
}
netdev: Act on NEW_INTERFACE & DEL_INTERFACE cmds
2016-07-19 23:02:37 +02:00
ifindex = data;
break;
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
}
netdev: Act on NEW_INTERFACE & DEL_INTERFACE cmds
2016-07-19 23:02:37 +02:00
}
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
netdev: Act on NEW_INTERFACE & DEL_INTERFACE cmds
2016-07-19 23:02:37 +02:00
if (!wiphy_id || !ifindex)
return;
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
netdev: Act on NEW_INTERFACE & DEL_INTERFACE cmds
2016-07-19 23:02:37 +02:00
netdev = l_queue_remove_if(netdev_list, netdev_match,
L_UINT_TO_PTR(*ifindex));
if (!netdev)
return;
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
netdev: Act on NEW_INTERFACE & DEL_INTERFACE cmds
2016-07-19 23:02:37 +02:00
netdev_free(netdev);
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
}
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
static void netdev_link_notify(uint16_t type, const void *data, uint32_t len,
void *user_data)
{
const struct ifinfomsg *ifi = data;
unsigned int bytes;
if (ifi->ifi_type != ARPHRD_ETHER)
return;
bytes = len - NLMSG_ALIGN(sizeof(struct ifinfomsg));
switch (type) {
case RTM_NEWLINK:
netdev_newlink_notify(ifi, bytes);
break;
netdev: React to removed netdevs
2016-07-01 21:49:34 +02:00
case RTM_DELLINK:
netdev_dellink_notify(ifi, bytes);
break;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
}
}
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
uint32_t netdev_station_watch_add(struct netdev *netdev,
netdev_station_watch_func_t func, void *user_data)
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
{
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
return watchlist_add(&netdev->station_watches, func, user_data, NULL);
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
}
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
bool netdev_station_watch_remove(struct netdev *netdev, uint32_t id)
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
{
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
return watchlist_remove(&netdev->station_watches, id);
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
}
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
uint32_t netdev_watch_add(netdev_watch_func_t func,
void *user_data, netdev_destroy_func_t destroy)
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
{
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
return watchlist_add(&netdev_watches, func, user_data, destroy);
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
}
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
bool netdev_watch_remove(uint32_t id)
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
{
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
return watchlist_remove(&netdev_watches, id);
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
}
netdev: Rework netdev_init/exit
2018-08-18 06:23:19 +02:00
bool netdev_init(const char *whitelist, const char *blacklist)
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
{
if (rtnl)
return false;
l_debug("Opening route netlink socket");
rtnl = l_netlink_new(NETLINK_ROUTE);
if (!rtnl) {
l_error("Failed to open route netlink socket");
return false;
}
core: Only enable RTNL debugging when IWD_RTNL_DEBUG is set
2014-08-07 05:28:58 +02:00
if (getenv("IWD_RTNL_DEBUG"))
l_netlink_set_debug(rtnl, do_debug, "[RTNL] ", NULL);
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
if (!l_netlink_register(rtnl, RTNLGRP_LINK,
netdev_link_notify, NULL, NULL)) {
l_error("Failed to register for RTNL link notifications");
l_netlink_destroy(rtnl);
return false;
}
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
watchlist_init(&netdev_watches, NULL);
netdev: Add netdev_find
2016-06-01 22:35:26 +02:00
netdev_list = l_queue_new();
netdev: Rework netdev_init/exit
2018-08-18 06:23:19 +02:00
__handshake_set_install_tk_func(netdev_set_tk);
__handshake_set_install_gtk_func(netdev_set_gtk);
__handshake_set_install_igtk_func(netdev_set_igtk);
__eapol_set_rekey_offload_func(netdev_set_rekey_offload);
__eapol_set_tx_packet_func(netdev_control_port_frame);
if (whitelist)
whitelist_filter = l_strsplit(whitelist, ',');
if (blacklist)
blacklist_filter = l_strsplit(blacklist, ',');
return true;
}
void netdev_set_nl80211(struct l_genl_family *in)
{
struct l_genl_msg *msg;
struct l_genl *genl = l_genl_family_get_genl(in);
netdev: Make netdev_init accept nl80211
2016-06-01 21:58:51 +02:00
nl80211 = in;
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
if (!l_genl_family_register(nl80211, "config", netdev_config_notify,
NULL, NULL))
l_error("Registering for config notification failed");
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
msg = l_genl_msg_new(NL80211_CMD_GET_INTERFACE);
if (!l_genl_family_dump(nl80211, msg, netdev_get_interface_callback,
NULL, NULL))
l_error("Getting all interface information failed");
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
if (!l_genl_family_register(nl80211, "mlme", netdev_mlme_notify,
NULL, NULL))
l_error("Registering for MLME notification failed");
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
if (!l_genl_set_unicast_handler(genl, netdev_unicast_notify,
NULL, NULL))
l_error("Registering for unicast notification failed");
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
}
netdev: Rework netdev_init/exit
2018-08-18 06:23:19 +02:00
void netdev_exit(void)
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
{
if (!rtnl)
netdev: Rework netdev_init/exit
2018-08-18 06:23:19 +02:00
return;
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
netdev: Fix memory leak: ==3059== 7 bytes in 1 blocks are still reachable in loss record 1 of 2 ==3059== at 0x4C2C970: malloc (vg_replace_malloc.c:296) ==3059== by 0x50BB319: strndup (in /lib64/libc-2.22.so) ==3059== by 0x417B4D: l_strndup (util.c:180) ==3059== by 0x417E1B: l_strsplit (util.c:311) ==3059== by 0x4057FC: netdev_init (netdev.c:1658) ==3059== by 0x402E26: nl80211_appeared (main.c:112) ==3059== by 0x41F577: get_family_callback (genl.c:1038) ==3059== by 0x41EE3F: process_unicast (genl.c:390) ==3059== by 0x41EE3F: received_data (genl.c:506) ==3059== by 0x41C6F4: io_callback (io.c:120) ==3059== by 0x41BAA9: l_main_run (main.c:381) ==3059== by 0x402B9C: main (main.c:234)
2016-07-20 00:48:21 +02:00
l_strfreev(whitelist_filter);
l_strfreev(blacklist_filter);
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
watchlist_destroy(&netdev_watches);
netdev: Make netdev_init accept nl80211
2016-06-01 21:58:51 +02:00
nl80211 = NULL;
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
l_debug("Closing route netlink socket");
netdev: Don't track NEWLINK & DELLINK The plan is to use the much more reliable NEW_WIPHY, DEL_WIPHY, NEW_INTERFACE, DEL_INTERFACE events.
2016-05-31 23:23:12 +02:00
l_netlink_destroy(rtnl);
rtnl = NULL;
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
}
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
void netdev_shutdown(void)
{
if (!rtnl)
return;
l_queue_foreach(netdev_list, netdev_shutdown_one, NULL);
netdev: Call netdev_free in netdev_shutdown This is to make sure device_remove and netdev_connect_free are called early so we don't continue setting up a connection and don't let DBus clients power device back up after we've called netdev_set_powered.
2016-08-02 22:48:12 +02:00
l_queue_destroy(netdev_list, netdev_free);
netdev_list = NULL;
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
}