2 * WPA Supplicant - Layer2 packet handling with Linux packet sockets
3 * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
10 #include <sys/ioctl.h>
11 #include <netpacket/packet.h>
13 #include <linux/filter.h>
17 #include "crypto/sha1.h"
18 #include "crypto/crypto.h"
19 #include "l2_packet.h"
22 struct l2_packet_data {
23 int fd; /* packet socket for EAPOL frames */
24 char ifname[IFNAMSIZ + 1];
26 u8 own_addr[ETH_ALEN];
27 void (*rx_callback)(void *ctx, const u8 *src_addr,
28 const u8 *buf, size_t len);
29 void *rx_callback_ctx;
30 int l2_hdr; /* whether to include layer 2 (Ethernet) header data
33 #ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
34 /* For working around Linux packet socket behavior and regression. */
36 int last_from_br, last_from_br_prev;
37 u8 last_hash[SHA1_MAC_LEN];
38 u8 last_hash_prev[SHA1_MAC_LEN];
39 unsigned int num_rx_br;
40 #endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
43 /* Generated by 'sudo tcpdump -s 3000 -dd greater 278 and ip and udp and
44 * src port bootps and dst port bootpc'
46 static struct sock_filter dhcp_sock_filter_insns[] = {
47 { 0x80, 0, 0, 0x00000000 },
48 { 0x35, 0, 12, 0x00000116 },
49 { 0x28, 0, 0, 0x0000000c },
50 { 0x15, 0, 10, 0x00000800 },
51 { 0x30, 0, 0, 0x00000017 },
52 { 0x15, 0, 8, 0x00000011 },
53 { 0x28, 0, 0, 0x00000014 },
54 { 0x45, 6, 0, 0x00001fff },
55 { 0xb1, 0, 0, 0x0000000e },
56 { 0x48, 0, 0, 0x0000000e },
57 { 0x15, 0, 3, 0x00000043 },
58 { 0x48, 0, 0, 0x00000010 },
59 { 0x15, 0, 1, 0x00000044 },
60 { 0x6, 0, 0, 0x00000bb8 },
61 { 0x6, 0, 0, 0x00000000 },
64 static const struct sock_fprog dhcp_sock_filter = {
65 .len = ARRAY_SIZE(dhcp_sock_filter_insns),
66 .filter = dhcp_sock_filter_insns,
70 /* Generated by 'sudo tcpdump -dd -s 1500 multicast and ip6[6]=58' */
71 static struct sock_filter ndisc_sock_filter_insns[] = {
72 { 0x30, 0, 0, 0x00000000 },
73 { 0x45, 0, 5, 0x00000001 },
74 { 0x28, 0, 0, 0x0000000c },
75 { 0x15, 0, 3, 0x000086dd },
76 { 0x30, 0, 0, 0x00000014 },
77 { 0x15, 0, 1, 0x0000003a },
78 { 0x6, 0, 0, 0x000005dc },
79 { 0x6, 0, 0, 0x00000000 },
82 static const struct sock_fprog ndisc_sock_filter = {
83 .len = ARRAY_SIZE(ndisc_sock_filter_insns),
84 .filter = ndisc_sock_filter_insns,
87 /* drop packet if skb->pkt_type is PACKET_OTHERHOST (0x03). Generated by:
95 static struct sock_filter pkt_type_filter_insns[] = {
96 { 0x30, 0, 0, 0xfffff004 },
97 { 0x15, 1, 0, 0x00000003 },
98 { 0x6, 0, 0, 0xffffffff },
99 { 0x6, 0, 0, 0x00000000 },
102 static const struct sock_fprog pkt_type_sock_filter = {
103 .len = ARRAY_SIZE(pkt_type_filter_insns),
104 .filter = pkt_type_filter_insns,
108 int l2_packet_get_own_addr(struct l2_packet_data *l2, u8 *addr)
110 os_memcpy(addr, l2->own_addr, ETH_ALEN);
115 int l2_packet_send(struct l2_packet_data *l2, const u8 *dst_addr, u16 proto,
116 const u8 *buf, size_t len)
125 ret = send(l2->fd, buf, len, 0);
127 wpa_printf(MSG_ERROR, "l2_packet_send - send: %s",
130 struct sockaddr_ll ll;
131 os_memset(&ll, 0, sizeof(ll));
132 ll.sll_family = AF_PACKET;
133 ll.sll_ifindex = l2->ifindex;
134 ll.sll_protocol = htons(proto);
135 ll.sll_halen = ETH_ALEN;
136 os_memcpy(ll.sll_addr, dst_addr, ETH_ALEN);
137 ret = sendto(l2->fd, buf, len, 0, (struct sockaddr *) &ll,
140 wpa_printf(MSG_ERROR, "l2_packet_send - sendto: %s",
148 static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
150 struct l2_packet_data *l2 = eloop_ctx;
153 struct sockaddr_ll ll;
156 os_memset(&ll, 0, sizeof(ll));
157 fromlen = sizeof(ll);
158 res = recvfrom(sock, buf, sizeof(buf), 0, (struct sockaddr *) &ll,
161 wpa_printf(MSG_DEBUG, "l2_packet_receive - recvfrom: %s",
166 wpa_printf(MSG_DEBUG, "%s: src=" MACSTR " len=%d",
167 __func__, MAC2STR(ll.sll_addr), (int) res);
169 #ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
170 if (l2->fd_br_rx >= 0) {
171 u8 hash[SHA1_MAC_LEN];
176 * Close the workaround socket if the kernel version seems to be
177 * able to deliver packets through the packet socket before
178 * authorization has been completed (in dormant state).
180 if (l2->num_rx_br <= 1) {
181 wpa_printf(MSG_DEBUG,
182 "l2_packet_receive: Main packet socket for %s seems to have working RX - close workaround bridge socket",
184 eloop_unregister_read_sock(l2->fd_br_rx);
191 sha1_vector(1, addr, len, hash);
192 if (l2->last_from_br &&
193 os_memcmp(hash, l2->last_hash, SHA1_MAC_LEN) == 0) {
194 wpa_printf(MSG_DEBUG, "%s: Drop duplicate RX",
198 if (l2->last_from_br_prev &&
199 os_memcmp(hash, l2->last_hash_prev, SHA1_MAC_LEN) == 0) {
200 wpa_printf(MSG_DEBUG, "%s: Drop duplicate RX(prev)",
204 os_memcpy(l2->last_hash_prev, l2->last_hash, SHA1_MAC_LEN);
205 l2->last_from_br_prev = l2->last_from_br;
206 os_memcpy(l2->last_hash, hash, SHA1_MAC_LEN);
209 l2->last_from_br = 0;
210 #endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
211 l2->rx_callback(l2->rx_callback_ctx, ll.sll_addr, buf, res);
215 #ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
216 static void l2_packet_receive_br(int sock, void *eloop_ctx, void *sock_ctx)
218 struct l2_packet_data *l2 = eloop_ctx;
221 struct sockaddr_ll ll;
223 u8 hash[SHA1_MAC_LEN];
228 os_memset(&ll, 0, sizeof(ll));
229 fromlen = sizeof(ll);
230 res = recvfrom(sock, buf, sizeof(buf), 0, (struct sockaddr *) &ll,
233 wpa_printf(MSG_DEBUG, "l2_packet_receive_br - recvfrom: %s",
238 wpa_printf(MSG_DEBUG, "%s: src=" MACSTR " len=%d",
239 __func__, MAC2STR(ll.sll_addr), (int) res);
241 if (os_memcmp(ll.sll_addr, l2->own_addr, ETH_ALEN) == 0) {
242 wpa_printf(MSG_DEBUG, "%s: Drop RX of own frame", __func__);
248 sha1_vector(1, addr, len, hash);
249 if (!l2->last_from_br &&
250 os_memcmp(hash, l2->last_hash, SHA1_MAC_LEN) == 0) {
251 wpa_printf(MSG_DEBUG, "%s: Drop duplicate RX", __func__);
254 if (!l2->last_from_br_prev &&
255 os_memcmp(hash, l2->last_hash_prev, SHA1_MAC_LEN) == 0) {
256 wpa_printf(MSG_DEBUG, "%s: Drop duplicate RX(prev)", __func__);
259 os_memcpy(l2->last_hash_prev, l2->last_hash, SHA1_MAC_LEN);
260 l2->last_from_br_prev = l2->last_from_br;
261 l2->last_from_br = 1;
262 os_memcpy(l2->last_hash, hash, SHA1_MAC_LEN);
263 l2->rx_callback(l2->rx_callback_ctx, ll.sll_addr, buf, res);
265 #endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
268 struct l2_packet_data * l2_packet_init(
269 const char *ifname, const u8 *own_addr, unsigned short protocol,
270 void (*rx_callback)(void *ctx, const u8 *src_addr,
271 const u8 *buf, size_t len),
272 void *rx_callback_ctx, int l2_hdr)
274 struct l2_packet_data *l2;
276 struct sockaddr_ll ll;
278 l2 = os_zalloc(sizeof(struct l2_packet_data));
281 os_strlcpy(l2->ifname, ifname, sizeof(l2->ifname));
282 l2->rx_callback = rx_callback;
283 l2->rx_callback_ctx = rx_callback_ctx;
285 #ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
287 #endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
289 l2->fd = socket(PF_PACKET, l2_hdr ? SOCK_RAW : SOCK_DGRAM,
292 wpa_printf(MSG_ERROR, "%s: socket(PF_PACKET): %s",
293 __func__, strerror(errno));
297 os_memset(&ifr, 0, sizeof(ifr));
298 os_strlcpy(ifr.ifr_name, l2->ifname, sizeof(ifr.ifr_name));
299 if (ioctl(l2->fd, SIOCGIFINDEX, &ifr) < 0) {
300 wpa_printf(MSG_ERROR, "%s: ioctl[SIOCGIFINDEX]: %s",
301 __func__, strerror(errno));
306 l2->ifindex = ifr.ifr_ifindex;
308 os_memset(&ll, 0, sizeof(ll));
309 ll.sll_family = PF_PACKET;
310 ll.sll_ifindex = ifr.ifr_ifindex;
311 ll.sll_protocol = htons(protocol);
312 if (bind(l2->fd, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
313 wpa_printf(MSG_ERROR, "%s: bind[PF_PACKET]: %s",
314 __func__, strerror(errno));
320 if (ioctl(l2->fd, SIOCGIFHWADDR, &ifr) < 0) {
321 wpa_printf(MSG_ERROR, "%s: ioctl[SIOCGIFHWADDR]: %s",
322 __func__, strerror(errno));
327 os_memcpy(l2->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
329 eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL);
335 struct l2_packet_data * l2_packet_init_bridge(
336 const char *br_ifname, const char *ifname, const u8 *own_addr,
337 unsigned short protocol,
338 void (*rx_callback)(void *ctx, const u8 *src_addr,
339 const u8 *buf, size_t len),
340 void *rx_callback_ctx, int l2_hdr)
342 struct l2_packet_data *l2;
343 #ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
344 struct sock_filter ethertype_sock_filter_insns[] = {
346 BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 2 * ETH_ALEN),
347 /* Jump over next statement if ethertype does not match */
348 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, protocol, 0, 1),
349 /* Ethertype match - return all */
350 BPF_STMT(BPF_RET | BPF_K, ~0),
351 /* No match - drop */
352 BPF_STMT(BPF_RET | BPF_K, 0)
354 const struct sock_fprog ethertype_sock_filter = {
355 .len = ARRAY_SIZE(ethertype_sock_filter_insns),
356 .filter = ethertype_sock_filter_insns,
358 struct sockaddr_ll ll;
359 #endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
361 l2 = l2_packet_init(br_ifname, own_addr, protocol, rx_callback,
362 rx_callback_ctx, l2_hdr);
366 #ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
368 * The Linux packet socket behavior has changed over the years and there
369 * is an inconvenient regression in it that breaks RX for a specific
370 * protocol from interfaces in a bridge when that interface is not in
371 * fully operation state (i.e., when in station mode and not completed
372 * authorization). To work around this, register ETH_P_ALL version of
373 * the packet socket bound to the real netdev and use socket filter to
374 * match the ethertype value. This version is less efficient, but
375 * required for functionality with many kernel version. If the main
376 * packet socket is found to be working, this less efficient version
377 * gets closed automatically.
380 l2->fd_br_rx = socket(PF_PACKET, l2_hdr ? SOCK_RAW : SOCK_DGRAM,
382 if (l2->fd_br_rx < 0) {
383 wpa_printf(MSG_DEBUG, "%s: socket(PF_PACKET-fd_br_rx): %s",
384 __func__, strerror(errno));
385 /* try to continue without the workaround RX socket */
389 os_memset(&ll, 0, sizeof(ll));
390 ll.sll_family = PF_PACKET;
391 ll.sll_ifindex = if_nametoindex(ifname);
392 ll.sll_protocol = htons(ETH_P_ALL);
393 if (bind(l2->fd_br_rx, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
394 wpa_printf(MSG_DEBUG, "%s: bind[PF_PACKET-fd_br_rx]: %s",
395 __func__, strerror(errno));
396 /* try to continue without the workaround RX socket */
402 if (setsockopt(l2->fd_br_rx, SOL_SOCKET, SO_ATTACH_FILTER,
403 ðertype_sock_filter, sizeof(struct sock_fprog))) {
404 wpa_printf(MSG_DEBUG,
405 "l2_packet_linux: setsockopt(SO_ATTACH_FILTER) failed: %s",
407 /* try to continue without the workaround RX socket */
413 eloop_register_read_sock(l2->fd_br_rx, l2_packet_receive_br, l2, NULL);
414 #endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
420 void l2_packet_deinit(struct l2_packet_data *l2)
426 eloop_unregister_read_sock(l2->fd);
430 #ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
431 if (l2->fd_br_rx >= 0) {
432 eloop_unregister_read_sock(l2->fd_br_rx);
435 #endif /* CONFIG_NO_LINUX_PACKET_SOCKET_WAR */
441 int l2_packet_get_ip_addr(struct l2_packet_data *l2, char *buf, size_t len)
445 struct sockaddr_in *saddr;
448 s = socket(PF_INET, SOCK_DGRAM, 0);
450 wpa_printf(MSG_ERROR, "%s: socket: %s",
451 __func__, strerror(errno));
454 os_memset(&ifr, 0, sizeof(ifr));
455 os_strlcpy(ifr.ifr_name, l2->ifname, sizeof(ifr.ifr_name));
456 if (ioctl(s, SIOCGIFADDR, &ifr) < 0) {
457 if (errno != EADDRNOTAVAIL)
458 wpa_printf(MSG_ERROR, "%s: ioctl[SIOCGIFADDR]: %s",
459 __func__, strerror(errno));
464 saddr = aliasing_hide_typecast(&ifr.ifr_addr, struct sockaddr_in);
465 if (saddr->sin_family != AF_INET)
467 res = os_strlcpy(buf, inet_ntoa(saddr->sin_addr), len);
474 void l2_packet_notify_auth_start(struct l2_packet_data *l2)
479 int l2_packet_set_packet_filter(struct l2_packet_data *l2,
480 enum l2_packet_filter_type type)
482 const struct sock_fprog *sock_filter;
488 case L2_PACKET_FILTER_DHCP:
489 sock_filter = &dhcp_sock_filter;
491 case L2_PACKET_FILTER_NDISC:
492 sock_filter = &ndisc_sock_filter;
494 case L2_PACKET_FILTER_PKTTYPE:
495 sock_filter = &pkt_type_sock_filter;
501 if (setsockopt(l2->fd, SOL_SOCKET, SO_ATTACH_FILTER,
502 sock_filter, sizeof(struct sock_fprog))) {
503 wpa_printf(MSG_ERROR,
504 "l2_packet_linux: setsockopt(SO_ATTACH_FILTER) failed: %s",