2 * WPA Supplicant / UDP socket -based control interface
3 * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
14 #include "eapol_supp/eapol_supp_sm.h"
15 #include "wpa_supplicant_i.h"
16 #include "ctrl_iface.h"
17 #include "common/wpa_ctrl.h"
22 /* Per-interface ctrl_iface */
25 * struct wpa_ctrl_dst - Internal data structure of control interface monitors
27 * This structure is used to store information about registered control
28 * interface monitors into struct wpa_supplicant. This data is private to
29 * ctrl_iface_udp.c and should not be touched directly from other files.
32 struct wpa_ctrl_dst *next;
33 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
34 struct sockaddr_in6 addr;
35 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
36 struct sockaddr_in addr;
37 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
44 struct ctrl_iface_priv {
45 struct wpa_supplicant *wpa_s;
47 struct wpa_ctrl_dst *ctrl_dst;
48 u8 cookie[COOKIE_LEN];
52 static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
53 int level, const char *buf,
57 static int wpa_supplicant_ctrl_iface_attach(struct ctrl_iface_priv *priv,
58 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
59 struct sockaddr_in6 *from,
60 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
61 struct sockaddr_in *from,
62 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
65 struct wpa_ctrl_dst *dst;
66 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
67 char addr[INET6_ADDRSTRLEN];
68 #endif /* CONFIG_UDP_IPV6 */
70 dst = os_zalloc(sizeof(*dst));
73 os_memcpy(&dst->addr, from, sizeof(*from));
74 dst->addrlen = fromlen;
75 dst->debug_level = MSG_INFO;
76 dst->next = priv->ctrl_dst;
78 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
79 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",
80 inet_ntop(AF_INET6, &from->sin6_addr, addr, sizeof(*from)),
81 ntohs(from->sin6_port));
82 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
83 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",
84 inet_ntoa(from->sin_addr), ntohs(from->sin_port));
85 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
90 static int wpa_supplicant_ctrl_iface_detach(struct ctrl_iface_priv *priv,
91 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
92 struct sockaddr_in6 *from,
93 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
94 struct sockaddr_in *from,
95 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
98 struct wpa_ctrl_dst *dst, *prev = NULL;
99 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
100 char addr[INET6_ADDRSTRLEN];
101 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
103 dst = priv->ctrl_dst;
105 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
106 if (from->sin6_port == dst->addr.sin6_port &&
107 !os_memcmp(&from->sin6_addr, &dst->addr.sin6_addr,
108 sizeof(from->sin6_addr))) {
109 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached %s:%d",
110 inet_ntop(AF_INET6, &from->sin6_addr, addr,
112 ntohs(from->sin6_port));
113 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
114 if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
115 from->sin_port == dst->addr.sin_port) {
116 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached "
117 "%s:%d", inet_ntoa(from->sin_addr),
118 ntohs(from->sin_port));
119 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
121 priv->ctrl_dst = dst->next;
123 prev->next = dst->next;
134 static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv,
135 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
136 struct sockaddr_in6 *from,
137 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
138 struct sockaddr_in *from,
139 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
143 struct wpa_ctrl_dst *dst;
144 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
145 char addr[INET6_ADDRSTRLEN];
146 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
148 wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
150 dst = priv->ctrl_dst;
152 #if CONFIG_CTRL_IFACE_UDP_IPV6
153 if (from->sin6_port == dst->addr.sin6_port &&
154 !os_memcmp(&from->sin6_addr, &dst->addr.sin6_addr,
155 sizeof(from->sin6_addr))) {
156 wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor level %s:%d",
157 inet_ntop(AF_INET6, &from->sin6_addr, addr,
159 ntohs(from->sin6_port));
160 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
161 if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
162 from->sin_port == dst->addr.sin_port) {
163 wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor "
164 "level %s:%d", inet_ntoa(from->sin_addr),
165 ntohs(from->sin_port));
166 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
167 dst->debug_level = atoi(level);
178 wpa_supplicant_ctrl_iface_get_cookie(struct ctrl_iface_priv *priv,
182 reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
188 os_memcpy(reply, "COOKIE=", 7);
189 wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
190 priv->cookie, COOKIE_LEN);
192 *reply_len = 7 + 2 * COOKIE_LEN;
197 static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
200 struct wpa_supplicant *wpa_s = eloop_ctx;
201 struct ctrl_iface_priv *priv = sock_ctx;
204 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
205 struct sockaddr_in6 from;
206 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
207 char addr[INET6_ADDRSTRLEN];
208 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
209 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
210 struct sockaddr_in from;
211 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
212 socklen_t fromlen = sizeof(from);
214 size_t reply_len = 0;
215 int new_attached = 0;
216 u8 cookie[COOKIE_LEN];
218 res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
219 (struct sockaddr *) &from, &fromlen);
221 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
226 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
227 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
228 inet_ntop(AF_INET6, &from.sin6_addr, addr, sizeof(from));
229 if (os_strcmp(addr, "::1")) {
230 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected source %s",
233 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
234 if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
236 * The OS networking stack is expected to drop this kind of
237 * frames since the socket is bound to only localhost address.
238 * Just in case, drop the frame if it is coming from any other
241 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
242 "source %s", inet_ntoa(from.sin_addr));
245 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
246 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
250 if (os_strcmp(buf, "GET_COOKIE") == 0) {
251 reply = wpa_supplicant_ctrl_iface_get_cookie(priv, &reply_len);
256 * Require that the client includes a prefix with the 'cookie' value
257 * fetched with GET_COOKIE command. This is used to verify that the
258 * client has access to a bidirectional link over UDP in order to
259 * avoid attacks using forged localhost IP address even if the OS does
260 * not block such frames from remote destinations.
262 if (os_strncmp(buf, "COOKIE=", 7) != 0) {
263 wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
268 if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
269 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
270 "request - drop request");
274 if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
275 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
280 pos = buf + 7 + 2 * COOKIE_LEN;
284 if (os_strcmp(pos, "ATTACH") == 0) {
285 if (wpa_supplicant_ctrl_iface_attach(priv, &from, fromlen))
291 } else if (os_strcmp(pos, "DETACH") == 0) {
292 if (wpa_supplicant_ctrl_iface_detach(priv, &from, fromlen))
296 } else if (os_strncmp(pos, "LEVEL ", 6) == 0) {
297 if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen,
303 reply = wpa_supplicant_ctrl_iface_process(wpa_s, pos,
309 sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
312 } else if (reply_len == 1) {
313 sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
315 } else if (reply_len == 2) {
316 sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,
321 eapol_sm_notify_ctrl_attached(wpa_s->eapol);
325 static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level, int global,
326 const char *txt, size_t len)
328 struct wpa_supplicant *wpa_s = ctx;
329 if (wpa_s == NULL || wpa_s->ctrl_iface == NULL)
331 wpa_supplicant_ctrl_iface_send(wpa_s->ctrl_iface, level, txt, len);
335 struct ctrl_iface_priv *
336 wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
338 struct ctrl_iface_priv *priv;
339 int port = WPA_CTRL_IFACE_PORT;
340 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
341 struct sockaddr_in6 addr;
342 int domain = PF_INET6;
343 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
344 struct sockaddr_in addr;
345 int domain = PF_INET;
346 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
348 priv = os_zalloc(sizeof(*priv));
353 os_get_random(priv->cookie, COOKIE_LEN);
355 if (wpa_s->conf->ctrl_interface == NULL)
358 priv->sock = socket(domain, SOCK_DGRAM, 0);
359 if (priv->sock < 0) {
360 wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno));
364 os_memset(&addr, 0, sizeof(addr));
365 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
366 addr.sin6_family = AF_INET6;
367 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
368 addr.sin6_addr = in6addr_any;
369 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
370 inet_pton(AF_INET6, "::1", &addr.sin6_addr);
371 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
372 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
373 addr.sin_family = AF_INET;
374 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
375 addr.sin_addr.s_addr = INADDR_ANY;
376 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
377 addr.sin_addr.s_addr = htonl((127 << 24) | 1);
378 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
379 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
381 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
382 addr.sin6_port = htons(port);
383 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
384 addr.sin_port = htons(port);
385 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
386 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
388 if ((WPA_CTRL_IFACE_PORT - port) < WPA_CTRL_IFACE_PORT_LIMIT)
390 wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno));
394 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
395 wpa_msg(wpa_s, MSG_DEBUG, "ctrl_iface_init UDP port: %d", port);
396 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
398 eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
400 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
412 void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
414 struct wpa_ctrl_dst *dst, *prev;
416 if (priv->sock > -1) {
417 eloop_unregister_read_sock(priv->sock);
418 if (priv->ctrl_dst) {
420 * Wait before closing the control socket if
421 * there are any attached monitors in order to allow
422 * them to receive any pending messages.
424 wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "
425 "monitors to receive messages");
432 dst = priv->ctrl_dst;
442 static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
443 int level, const char *buf,
446 struct wpa_ctrl_dst *dst, *next;
451 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
452 char addr[INET6_ADDRSTRLEN];
453 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
455 dst = priv->ctrl_dst;
456 if (priv->sock < 0 || dst == NULL)
459 os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
461 llen = os_strlen(levelstr);
462 sbuf = os_malloc(llen + len);
466 os_memcpy(sbuf, levelstr, llen);
467 os_memcpy(sbuf + llen, buf, len);
472 if (level >= dst->debug_level) {
473 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
474 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",
475 inet_ntop(AF_INET6, &dst->addr.sin6_addr,
476 addr, sizeof(dst->addr)),
477 ntohs(dst->addr.sin6_port));
478 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
479 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",
480 inet_ntoa(dst->addr.sin_addr),
481 ntohs(dst->addr.sin_port));
482 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
483 if (sendto(priv->sock, sbuf, llen + len, 0,
484 (struct sockaddr *) &dst->addr,
485 sizeof(dst->addr)) < 0) {
486 wpa_printf(MSG_ERROR,
487 "sendto(CTRL_IFACE monitor): %s",
490 if (dst->errors > 10) {
491 wpa_supplicant_ctrl_iface_detach(
505 void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
507 wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor",
508 priv->wpa_s->ifname);
509 eloop_wait_for_read_sock(priv->sock);
513 /* Global ctrl_iface */
515 struct ctrl_iface_global_priv {
517 u8 cookie[COOKIE_LEN];
522 wpa_supplicant_global_get_cookie(struct ctrl_iface_global_priv *priv,
526 reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
532 os_memcpy(reply, "COOKIE=", 7);
533 wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
534 priv->cookie, COOKIE_LEN);
536 *reply_len = 7 + 2 * COOKIE_LEN;
541 static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
544 struct wpa_global *global = eloop_ctx;
545 struct ctrl_iface_global_priv *priv = sock_ctx;
548 struct sockaddr_in from;
549 socklen_t fromlen = sizeof(from);
552 u8 cookie[COOKIE_LEN];
554 res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
555 (struct sockaddr *) &from, &fromlen);
557 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
562 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
563 if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
565 * The OS networking stack is expected to drop this kind of
566 * frames since the socket is bound to only localhost address.
567 * Just in case, drop the frame if it is coming from any other
570 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
571 "source %s", inet_ntoa(from.sin_addr));
574 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
578 if (os_strcmp(buf, "GET_COOKIE") == 0) {
579 reply = wpa_supplicant_global_get_cookie(priv, &reply_len);
583 if (os_strncmp(buf, "COOKIE=", 7) != 0) {
584 wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
589 if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
590 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
591 "request - drop request");
595 if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
596 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
601 pos = buf + 7 + 2 * COOKIE_LEN;
605 reply = wpa_supplicant_global_ctrl_iface_process(global, pos,
610 sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
613 } else if (reply_len) {
614 sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
620 struct ctrl_iface_global_priv *
621 wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
623 struct ctrl_iface_global_priv *priv;
624 struct sockaddr_in addr;
625 int port = WPA_GLOBAL_CTRL_IFACE_PORT;
627 priv = os_zalloc(sizeof(*priv));
631 os_get_random(priv->cookie, COOKIE_LEN);
633 if (global->params.ctrl_interface == NULL)
636 wpa_printf(MSG_DEBUG, "Global control interface '%s'",
637 global->params.ctrl_interface);
639 priv->sock = socket(PF_INET, SOCK_DGRAM, 0);
640 if (priv->sock < 0) {
641 wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno));
645 os_memset(&addr, 0, sizeof(addr));
646 addr.sin_family = AF_INET;
647 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
648 addr.sin_addr.s_addr = INADDR_ANY;
649 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
650 addr.sin_addr.s_addr = htonl((127 << 24) | 1);
651 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
653 addr.sin_port = htons(port);
654 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
656 if ((port - WPA_GLOBAL_CTRL_IFACE_PORT) <
657 WPA_GLOBAL_CTRL_IFACE_PORT_LIMIT)
659 wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno));
663 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
664 wpa_printf(MSG_DEBUG, "global_ctrl_iface_init UDP port: %d", port);
665 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
667 eloop_register_read_sock(priv->sock,
668 wpa_supplicant_global_ctrl_iface_receive,
682 wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
684 if (priv->sock >= 0) {
685 eloop_unregister_read_sock(priv->sock);