2 * WPA Supplicant / UDP socket -based control interface
3 * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
20 #include "eapol_supp/eapol_supp_sm.h"
21 #include "wpa_supplicant_i.h"
22 #include "ctrl_iface.h"
28 /* Per-interface ctrl_iface */
31 * struct wpa_ctrl_dst - Internal data structure of control interface monitors
33 * This structure is used to store information about registered control
34 * interface monitors into struct wpa_supplicant. This data is private to
35 * ctrl_iface_udp.c and should not be touched directly from other files.
38 struct wpa_ctrl_dst
*next
;
39 struct sockaddr_in addr
;
46 struct ctrl_iface_priv
{
47 struct wpa_supplicant
*wpa_s
;
49 struct wpa_ctrl_dst
*ctrl_dst
;
50 u8 cookie
[COOKIE_LEN
];
54 static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv
*priv
,
55 int level
, const char *buf
,
59 static int wpa_supplicant_ctrl_iface_attach(struct ctrl_iface_priv
*priv
,
60 struct sockaddr_in
*from
,
63 struct wpa_ctrl_dst
*dst
;
65 dst
= os_zalloc(sizeof(*dst
));
68 os_memcpy(&dst
->addr
, from
, sizeof(struct sockaddr_in
));
69 dst
->addrlen
= fromlen
;
70 dst
->debug_level
= MSG_INFO
;
71 dst
->next
= priv
->ctrl_dst
;
73 wpa_printf(MSG_DEBUG
, "CTRL_IFACE monitor attached %s:%d",
74 inet_ntoa(from
->sin_addr
), ntohs(from
->sin_port
));
79 static int wpa_supplicant_ctrl_iface_detach(struct ctrl_iface_priv
*priv
,
80 struct sockaddr_in
*from
,
83 struct wpa_ctrl_dst
*dst
, *prev
= NULL
;
87 if (from
->sin_addr
.s_addr
== dst
->addr
.sin_addr
.s_addr
&&
88 from
->sin_port
== dst
->addr
.sin_port
) {
90 priv
->ctrl_dst
= dst
->next
;
92 prev
->next
= dst
->next
;
94 wpa_printf(MSG_DEBUG
, "CTRL_IFACE monitor detached "
95 "%s:%d", inet_ntoa(from
->sin_addr
),
96 ntohs(from
->sin_port
));
106 static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv
*priv
,
107 struct sockaddr_in
*from
,
111 struct wpa_ctrl_dst
*dst
;
113 wpa_printf(MSG_DEBUG
, "CTRL_IFACE LEVEL %s", level
);
115 dst
= priv
->ctrl_dst
;
117 if (from
->sin_addr
.s_addr
== dst
->addr
.sin_addr
.s_addr
&&
118 from
->sin_port
== dst
->addr
.sin_port
) {
119 wpa_printf(MSG_DEBUG
, "CTRL_IFACE changed monitor "
120 "level %s:%d", inet_ntoa(from
->sin_addr
),
121 ntohs(from
->sin_port
));
122 dst
->debug_level
= atoi(level
);
133 wpa_supplicant_ctrl_iface_get_cookie(struct ctrl_iface_priv
*priv
,
137 reply
= os_malloc(7 + 2 * COOKIE_LEN
+ 1);
143 os_memcpy(reply
, "COOKIE=", 7);
144 wpa_snprintf_hex(reply
+ 7, 2 * COOKIE_LEN
+ 1,
145 priv
->cookie
, COOKIE_LEN
);
147 *reply_len
= 7 + 2 * COOKIE_LEN
;
152 static void wpa_supplicant_ctrl_iface_receive(int sock
, void *eloop_ctx
,
155 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
156 struct ctrl_iface_priv
*priv
= sock_ctx
;
159 struct sockaddr_in from
;
160 socklen_t fromlen
= sizeof(from
);
162 size_t reply_len
= 0;
163 int new_attached
= 0;
164 u8 cookie
[COOKIE_LEN
];
166 res
= recvfrom(sock
, buf
, sizeof(buf
) - 1, 0,
167 (struct sockaddr
*) &from
, &fromlen
);
169 perror("recvfrom(ctrl_iface)");
172 if (from
.sin_addr
.s_addr
!= htonl((127 << 24) | 1)) {
174 * The OS networking stack is expected to drop this kind of
175 * frames since the socket is bound to only localhost address.
176 * Just in case, drop the frame if it is coming from any other
179 wpa_printf(MSG_DEBUG
, "CTRL: Drop packet from unexpected "
180 "source %s", inet_ntoa(from
.sin_addr
));
185 if (os_strcmp(buf
, "GET_COOKIE") == 0) {
186 reply
= wpa_supplicant_ctrl_iface_get_cookie(priv
, &reply_len
);
191 * Require that the client includes a prefix with the 'cookie' value
192 * fetched with GET_COOKIE command. This is used to verify that the
193 * client has access to a bidirectional link over UDP in order to
194 * avoid attacks using forged localhost IP address even if the OS does
195 * not block such frames from remote destinations.
197 if (os_strncmp(buf
, "COOKIE=", 7) != 0) {
198 wpa_printf(MSG_DEBUG
, "CTLR: No cookie in the request - "
203 if (hexstr2bin(buf
+ 7, cookie
, COOKIE_LEN
) < 0) {
204 wpa_printf(MSG_DEBUG
, "CTLR: Invalid cookie format in the "
205 "request - drop request");
209 if (os_memcmp(cookie
, priv
->cookie
, COOKIE_LEN
) != 0) {
210 wpa_printf(MSG_DEBUG
, "CTLR: Invalid cookie in the request - "
215 pos
= buf
+ 7 + 2 * COOKIE_LEN
;
219 if (os_strcmp(pos
, "ATTACH") == 0) {
220 if (wpa_supplicant_ctrl_iface_attach(priv
, &from
, fromlen
))
226 } else if (os_strcmp(pos
, "DETACH") == 0) {
227 if (wpa_supplicant_ctrl_iface_detach(priv
, &from
, fromlen
))
231 } else if (os_strncmp(pos
, "LEVEL ", 6) == 0) {
232 if (wpa_supplicant_ctrl_iface_level(priv
, &from
, fromlen
,
238 reply
= wpa_supplicant_ctrl_iface_process(wpa_s
, pos
,
244 sendto(sock
, reply
, reply_len
, 0, (struct sockaddr
*) &from
,
247 } else if (reply_len
== 1) {
248 sendto(sock
, "FAIL\n", 5, 0, (struct sockaddr
*) &from
,
250 } else if (reply_len
== 2) {
251 sendto(sock
, "OK\n", 3, 0, (struct sockaddr
*) &from
,
256 eapol_sm_notify_ctrl_attached(wpa_s
->eapol
);
260 static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx
, int level
,
261 const char *txt
, size_t len
)
263 struct wpa_supplicant
*wpa_s
= ctx
;
264 if (wpa_s
== NULL
|| wpa_s
->ctrl_iface
== NULL
)
266 wpa_supplicant_ctrl_iface_send(wpa_s
->ctrl_iface
, level
, txt
, len
);
270 struct ctrl_iface_priv
*
271 wpa_supplicant_ctrl_iface_init(struct wpa_supplicant
*wpa_s
)
273 struct ctrl_iface_priv
*priv
;
274 struct sockaddr_in addr
;
276 priv
= os_zalloc(sizeof(*priv
));
281 os_get_random(priv
->cookie
, COOKIE_LEN
);
283 if (wpa_s
->conf
->ctrl_interface
== NULL
)
286 priv
->sock
= socket(PF_INET
, SOCK_DGRAM
, 0);
287 if (priv
->sock
< 0) {
288 perror("socket(PF_INET)");
292 os_memset(&addr
, 0, sizeof(addr
));
293 addr
.sin_family
= AF_INET
;
294 addr
.sin_addr
.s_addr
= htonl((127 << 24) | 1);
295 addr
.sin_port
= htons(WPA_CTRL_IFACE_PORT
);
296 if (bind(priv
->sock
, (struct sockaddr
*) &addr
, sizeof(addr
)) < 0) {
297 perror("bind(AF_INET)");
301 eloop_register_read_sock(priv
->sock
, wpa_supplicant_ctrl_iface_receive
,
303 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb
);
315 void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv
*priv
)
317 struct wpa_ctrl_dst
*dst
, *prev
;
319 if (priv
->sock
> -1) {
320 eloop_unregister_read_sock(priv
->sock
);
321 if (priv
->ctrl_dst
) {
323 * Wait a second before closing the control socket if
324 * there are any attached monitors in order to allow
325 * them to receive any pending messages.
327 wpa_printf(MSG_DEBUG
, "CTRL_IFACE wait for attached "
328 "monitors to receive messages");
335 dst
= priv
->ctrl_dst
;
345 static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv
*priv
,
346 int level
, const char *buf
,
349 struct wpa_ctrl_dst
*dst
, *next
;
355 dst
= priv
->ctrl_dst
;
356 if (priv
->sock
< 0 || dst
== NULL
)
359 os_snprintf(levelstr
, sizeof(levelstr
), "<%d>", level
);
361 llen
= os_strlen(levelstr
);
362 sbuf
= os_malloc(llen
+ len
);
366 os_memcpy(sbuf
, levelstr
, llen
);
367 os_memcpy(sbuf
+ llen
, buf
, len
);
372 if (level
>= dst
->debug_level
) {
373 wpa_printf(MSG_DEBUG
, "CTRL_IFACE monitor send %s:%d",
374 inet_ntoa(dst
->addr
.sin_addr
),
375 ntohs(dst
->addr
.sin_port
));
376 if (sendto(priv
->sock
, sbuf
, llen
+ len
, 0,
377 (struct sockaddr
*) &dst
->addr
,
378 sizeof(dst
->addr
)) < 0) {
379 perror("sendto(CTRL_IFACE monitor)");
381 if (dst
->errors
> 10) {
382 wpa_supplicant_ctrl_iface_detach(
396 void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv
*priv
)
398 wpa_printf(MSG_DEBUG
, "CTRL_IFACE - %s - wait for monitor",
399 priv
->wpa_s
->ifname
);
400 eloop_wait_for_read_sock(priv
->sock
);
404 /* Global ctrl_iface */
406 struct ctrl_iface_global_priv
{
408 u8 cookie
[COOKIE_LEN
];
413 wpa_supplicant_global_get_cookie(struct ctrl_iface_global_priv
*priv
,
417 reply
= os_malloc(7 + 2 * COOKIE_LEN
+ 1);
423 os_memcpy(reply
, "COOKIE=", 7);
424 wpa_snprintf_hex(reply
+ 7, 2 * COOKIE_LEN
+ 1,
425 priv
->cookie
, COOKIE_LEN
);
427 *reply_len
= 7 + 2 * COOKIE_LEN
;
432 static void wpa_supplicant_global_ctrl_iface_receive(int sock
, void *eloop_ctx
,
435 struct wpa_global
*global
= eloop_ctx
;
436 struct ctrl_iface_global_priv
*priv
= sock_ctx
;
439 struct sockaddr_in from
;
440 socklen_t fromlen
= sizeof(from
);
443 u8 cookie
[COOKIE_LEN
];
445 res
= recvfrom(sock
, buf
, sizeof(buf
) - 1, 0,
446 (struct sockaddr
*) &from
, &fromlen
);
448 perror("recvfrom(ctrl_iface)");
451 if (from
.sin_addr
.s_addr
!= htonl((127 << 24) | 1)) {
453 * The OS networking stack is expected to drop this kind of
454 * frames since the socket is bound to only localhost address.
455 * Just in case, drop the frame if it is coming from any other
458 wpa_printf(MSG_DEBUG
, "CTRL: Drop packet from unexpected "
459 "source %s", inet_ntoa(from
.sin_addr
));
464 if (os_strcmp(buf
, "GET_COOKIE") == 0) {
465 reply
= wpa_supplicant_global_get_cookie(priv
, &reply_len
);
469 if (os_strncmp(buf
, "COOKIE=", 7) != 0) {
470 wpa_printf(MSG_DEBUG
, "CTLR: No cookie in the request - "
475 if (hexstr2bin(buf
+ 7, cookie
, COOKIE_LEN
) < 0) {
476 wpa_printf(MSG_DEBUG
, "CTLR: Invalid cookie format in the "
477 "request - drop request");
481 if (os_memcmp(cookie
, priv
->cookie
, COOKIE_LEN
) != 0) {
482 wpa_printf(MSG_DEBUG
, "CTLR: Invalid cookie in the request - "
487 pos
= buf
+ 7 + 2 * COOKIE_LEN
;
491 reply
= wpa_supplicant_global_ctrl_iface_process(global
, pos
,
496 sendto(sock
, reply
, reply_len
, 0, (struct sockaddr
*) &from
,
499 } else if (reply_len
) {
500 sendto(sock
, "FAIL\n", 5, 0, (struct sockaddr
*) &from
,
506 struct ctrl_iface_global_priv
*
507 wpa_supplicant_global_ctrl_iface_init(struct wpa_global
*global
)
509 struct ctrl_iface_global_priv
*priv
;
510 struct sockaddr_in addr
;
512 priv
= os_zalloc(sizeof(*priv
));
516 os_get_random(priv
->cookie
, COOKIE_LEN
);
518 if (global
->params
.ctrl_interface
== NULL
)
521 wpa_printf(MSG_DEBUG
, "Global control interface '%s'",
522 global
->params
.ctrl_interface
);
524 priv
->sock
= socket(PF_INET
, SOCK_DGRAM
, 0);
525 if (priv
->sock
< 0) {
526 perror("socket(PF_INET)");
530 os_memset(&addr
, 0, sizeof(addr
));
531 addr
.sin_family
= AF_INET
;
532 addr
.sin_addr
.s_addr
= htonl((127 << 24) | 1);
533 addr
.sin_port
= htons(WPA_GLOBAL_CTRL_IFACE_PORT
);
534 if (bind(priv
->sock
, (struct sockaddr
*) &addr
, sizeof(addr
)) < 0) {
535 perror("bind(AF_INET)");
539 eloop_register_read_sock(priv
->sock
,
540 wpa_supplicant_global_ctrl_iface_receive
,
554 wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv
*priv
)
556 if (priv
->sock
>= 0) {
557 eloop_unregister_read_sock(priv
->sock
);