1/*
2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009-2010, Atheros Communications
8 *
9 * This software may be distributed under the terms of the BSD license.
10 * See README for more details.
11 */
12
13#include "includes.h"
14#include <sys/ioctl.h>
15#include <sys/types.h>
16#include <sys/stat.h>
17#include <fcntl.h>
18#include <net/if.h>
19#include <netlink/genl/genl.h>
20#include <netlink/genl/family.h>
21#include <netlink/genl/ctrl.h>
22#include <linux/rtnetlink.h>
23#include <netpacket/packet.h>
24#include <linux/filter.h>
25#include <linux/errqueue.h>
26#include "nl80211_copy.h"
27
28#include "common.h"
29#include "eloop.h"
30#include "utils/list.h"
31#include "common/qca-vendor.h"
32#include "common/qca-vendor-attr.h"
33#include "common/ieee802_11_defs.h"
34#include "common/ieee802_11_common.h"
35#include "l2_packet/l2_packet.h"
36#include "netlink.h"
37#include "linux_ioctl.h"
38#include "radiotap.h"
39#include "radiotap_iter.h"
40#include "rfkill.h"
41#include "driver.h"
42
43#ifndef SO_WIFI_STATUS
44# if defined(__sparc__)
45#  define SO_WIFI_STATUS	0x0025
46# elif defined(__parisc__)
47#  define SO_WIFI_STATUS	0x4022
48# else
49#  define SO_WIFI_STATUS	41
50# endif
51
52# define SCM_WIFI_STATUS	SO_WIFI_STATUS
53#endif
54
55#ifndef SO_EE_ORIGIN_TXSTATUS
56#define SO_EE_ORIGIN_TXSTATUS	4
57#endif
58
59#ifndef PACKET_TX_TIMESTAMP
60#define PACKET_TX_TIMESTAMP	16
61#endif
62
63#ifdef ANDROID
64#include "android_drv.h"
65#endif /* ANDROID */
66#ifdef CONFIG_LIBNL20
67/* libnl 2.0 compatibility code */
68#define nl_handle nl_sock
69#define nl80211_handle_alloc nl_socket_alloc_cb
70#define nl80211_handle_destroy nl_socket_free
71#else
72/*
73 * libnl 1.1 has a bug, it tries to allocate socket numbers densely
74 * but when you free a socket again it will mess up its bitmap and
75 * and use the wrong number the next time it needs a socket ID.
76 * Therefore, we wrap the handle alloc/destroy and add our own pid
77 * accounting.
78 */
79static uint32_t port_bitmap[32] = { 0 };
80
81static struct nl_handle *nl80211_handle_alloc(void *cb)
82{
83	struct nl_handle *handle;
84	uint32_t pid = getpid() & 0x3FFFFF;
85	int i;
86
87	handle = nl_handle_alloc_cb(cb);
88
89	for (i = 0; i < 1024; i++) {
90		if (port_bitmap[i / 32] & (1 << (i % 32)))
91			continue;
92		port_bitmap[i / 32] |= 1 << (i % 32);
93		pid += i << 22;
94		break;
95	}
96
97	nl_socket_set_local_port(handle, pid);
98
99	return handle;
100}
101
102static void nl80211_handle_destroy(struct nl_handle *handle)
103{
104	uint32_t port = nl_socket_get_local_port(handle);
105
106	port >>= 22;
107	port_bitmap[port / 32] &= ~(1 << (port % 32));
108
109	nl_handle_destroy(handle);
110}
111#endif /* CONFIG_LIBNL20 */
112
113
114#ifdef ANDROID
115/* system/core/libnl_2 does not include nl_socket_set_nonblocking() */
116static int android_nl_socket_set_nonblocking(struct nl_handle *handle)
117{
118	return fcntl(nl_socket_get_fd(handle), F_SETFL, O_NONBLOCK);
119}
120#undef nl_socket_set_nonblocking
121#define nl_socket_set_nonblocking(h) android_nl_socket_set_nonblocking(h)
122#endif /* ANDROID */
123
124
125static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg)
126{
127	struct nl_handle *handle;
128
129	handle = nl80211_handle_alloc(cb);
130	if (handle == NULL) {
131		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
132			   "callbacks (%s)", dbg);
133		return NULL;
134	}
135
136	if (genl_connect(handle)) {
137		wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
138			   "netlink (%s)", dbg);
139		nl80211_handle_destroy(handle);
140		return NULL;
141	}
142
143	return handle;
144}
145
146
147static void nl_destroy_handles(struct nl_handle **handle)
148{
149	if (*handle == NULL)
150		return;
151	nl80211_handle_destroy(*handle);
152	*handle = NULL;
153}
154
155
156#if __WORDSIZE == 64
157#define ELOOP_SOCKET_INVALID	(intptr_t) 0x8888888888888889ULL
158#else
159#define ELOOP_SOCKET_INVALID	(intptr_t) 0x88888889ULL
160#endif
161
162static void nl80211_register_eloop_read(struct nl_handle **handle,
163					eloop_sock_handler handler,
164					void *eloop_data)
165{
166	nl_socket_set_nonblocking(*handle);
167	eloop_register_read_sock(nl_socket_get_fd(*handle), handler,
168				 eloop_data, *handle);
169	*handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID);
170}
171
172
173static void nl80211_destroy_eloop_handle(struct nl_handle **handle)
174{
175	*handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID);
176	eloop_unregister_read_sock(nl_socket_get_fd(*handle));
177	nl_destroy_handles(handle);
178}
179
180
181#ifndef IFF_LOWER_UP
182#define IFF_LOWER_UP   0x10000         /* driver signals L1 up         */
183#endif
184#ifndef IFF_DORMANT
185#define IFF_DORMANT    0x20000         /* driver signals dormant       */
186#endif
187
188#ifndef IF_OPER_DORMANT
189#define IF_OPER_DORMANT 5
190#endif
191#ifndef IF_OPER_UP
192#define IF_OPER_UP 6
193#endif
194
195struct nl80211_global {
196	struct dl_list interfaces;
197	int if_add_ifindex;
198	u64 if_add_wdevid;
199	int if_add_wdevid_set;
200	struct netlink_data *netlink;
201	struct nl_cb *nl_cb;
202	struct nl_handle *nl;
203	int nl80211_id;
204	int ioctl_sock; /* socket for ioctl() use */
205
206	struct nl_handle *nl_event;
207};
208
209struct nl80211_wiphy_data {
210	struct dl_list list;
211	struct dl_list bsss;
212	struct dl_list drvs;
213
214	struct nl_handle *nl_beacons;
215	struct nl_cb *nl_cb;
216
217	int wiphy_idx;
218};
219
220static void nl80211_global_deinit(void *priv);
221
222struct i802_bss {
223	struct wpa_driver_nl80211_data *drv;
224	struct i802_bss *next;
225	int ifindex;
226	u64 wdev_id;
227	char ifname[IFNAMSIZ + 1];
228	char brname[IFNAMSIZ];
229	unsigned int beacon_set:1;
230	unsigned int added_if_into_bridge:1;
231	unsigned int added_bridge:1;
232	unsigned int in_deinit:1;
233	unsigned int wdev_id_set:1;
234	unsigned int added_if:1;
235	unsigned int static_ap:1;
236
237	u8 addr[ETH_ALEN];
238
239	int freq;
240	int bandwidth;
241	int if_dynamic;
242
243	void *ctx;
244	struct nl_handle *nl_preq, *nl_mgmt;
245	struct nl_cb *nl_cb;
246
247	struct nl80211_wiphy_data *wiphy_data;
248	struct dl_list wiphy_list;
249};
250
251struct wpa_driver_nl80211_data {
252	struct nl80211_global *global;
253	struct dl_list list;
254	struct dl_list wiphy_list;
255	char phyname[32];
256	void *ctx;
257	int ifindex;
258	int if_removed;
259	int if_disabled;
260	int ignore_if_down_event;
261	struct rfkill_data *rfkill;
262	struct wpa_driver_capa capa;
263	u8 *extended_capa, *extended_capa_mask;
264	unsigned int extended_capa_len;
265	int has_capability;
266
267	int operstate;
268
269	int scan_complete_events;
270	enum scan_states {
271		NO_SCAN, SCAN_REQUESTED, SCAN_STARTED, SCAN_COMPLETED,
272		SCAN_ABORTED, SCHED_SCAN_STARTED, SCHED_SCAN_STOPPED,
273		SCHED_SCAN_RESULTS
274	} scan_state;
275
276	struct nl_cb *nl_cb;
277
278	u8 auth_bssid[ETH_ALEN];
279	u8 auth_attempt_bssid[ETH_ALEN];
280	u8 bssid[ETH_ALEN];
281	u8 prev_bssid[ETH_ALEN];
282	int associated;
283	u8 ssid[32];
284	size_t ssid_len;
285	enum nl80211_iftype nlmode;
286	enum nl80211_iftype ap_scan_as_station;
287	unsigned int assoc_freq;
288
289	int monitor_sock;
290	int monitor_ifidx;
291	int monitor_refcount;
292
293	unsigned int disabled_11b_rates:1;
294	unsigned int pending_remain_on_chan:1;
295	unsigned int in_interface_list:1;
296	unsigned int device_ap_sme:1;
297	unsigned int poll_command_supported:1;
298	unsigned int data_tx_status:1;
299	unsigned int scan_for_auth:1;
300	unsigned int retry_auth:1;
301	unsigned int use_monitor:1;
302	unsigned int ignore_next_local_disconnect:1;
303	unsigned int ignore_next_local_deauth:1;
304	unsigned int allow_p2p_device:1;
305	unsigned int hostapd:1;
306	unsigned int start_mode_ap:1;
307	unsigned int start_iface_up:1;
308	unsigned int test_use_roc_tx:1;
309	unsigned int ignore_deauth_event:1;
310	unsigned int dfs_vendor_cmd_avail:1;
311	unsigned int have_low_prio_scan:1;
312
313	u64 remain_on_chan_cookie;
314	u64 send_action_cookie;
315
316	unsigned int last_mgmt_freq;
317
318	struct wpa_driver_scan_filter *filter_ssids;
319	size_t num_filter_ssids;
320
321	struct i802_bss *first_bss;
322
323	int eapol_tx_sock;
324
325	int eapol_sock; /* socket for EAPOL frames */
326
327	int default_if_indices[16];
328	int *if_indices;
329	int num_if_indices;
330
331	/* From failed authentication command */
332	int auth_freq;
333	u8 auth_bssid_[ETH_ALEN];
334	u8 auth_ssid[32];
335	size_t auth_ssid_len;
336	int auth_alg;
337	u8 *auth_ie;
338	size_t auth_ie_len;
339	u8 auth_wep_key[4][16];
340	size_t auth_wep_key_len[4];
341	int auth_wep_tx_keyidx;
342	int auth_local_state_change;
343	int auth_p2p;
344};
345
346
347static void wpa_driver_nl80211_deinit(struct i802_bss *bss);
348static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
349					    void *timeout_ctx);
350static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
351				       enum nl80211_iftype nlmode);
352static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss, int freq);
353
354static int
355wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
356				   const u8 *set_addr, int first);
357static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
358				   const u8 *addr, int cmd, u16 reason_code,
359				   int local_state_change);
360static void nl80211_remove_monitor_interface(
361	struct wpa_driver_nl80211_data *drv);
362static int nl80211_send_frame_cmd(struct i802_bss *bss,
363				  unsigned int freq, unsigned int wait,
364				  const u8 *buf, size_t buf_len, u64 *cookie,
365				  int no_cck, int no_ack, int offchanok);
366static int nl80211_register_frame(struct i802_bss *bss,
367				  struct nl_handle *hl_handle,
368				  u16 type, const u8 *match, size_t match_len);
369static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss,
370					       int report);
371#ifdef ANDROID
372static int android_pno_start(struct i802_bss *bss,
373			     struct wpa_driver_scan_params *params);
374static int android_pno_stop(struct i802_bss *bss);
375extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf,
376					 size_t buf_len);
377#endif /* ANDROID */
378#ifdef ANDROID_P2P
379#ifdef ANDROID_P2P_STUB
380int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration) {
381	return 0;
382}
383int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len) {
384	return 0;
385}
386int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow) {
387	return -1;
388}
389int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon,
390				 const struct wpabuf *proberesp,
391				 const struct wpabuf *assocresp) {
392	return 0;
393}
394#else /* ANDROID_P2P_STUB */
395int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration);
396int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len);
397int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow);
398int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon,
399				 const struct wpabuf *proberesp,
400				 const struct wpabuf *assocresp);
401#endif /* ANDROID_P2P_STUB */
402#endif /* ANDROID_P2P */
403
404static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
405static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
406static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
407static int wpa_driver_nl80211_if_remove(struct i802_bss *bss,
408					enum wpa_driver_if_type type,
409					const char *ifname);
410
411static int nl80211_set_channel(struct i802_bss *bss,
412			       struct hostapd_freq_params *freq, int set_chan);
413static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
414				     int ifindex, int disabled);
415
416static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv);
417static int wpa_driver_nl80211_authenticate_retry(
418	struct wpa_driver_nl80211_data *drv);
419
420static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
421static int i802_set_iface_flags(struct i802_bss *bss, int up);
422
423
424static const char * nl80211_command_to_string(enum nl80211_commands cmd)
425{
426#define C2S(x) case x: return #x;
427	switch (cmd) {
428	C2S(NL80211_CMD_UNSPEC)
429	C2S(NL80211_CMD_GET_WIPHY)
430	C2S(NL80211_CMD_SET_WIPHY)
431	C2S(NL80211_CMD_NEW_WIPHY)
432	C2S(NL80211_CMD_DEL_WIPHY)
433	C2S(NL80211_CMD_GET_INTERFACE)
434	C2S(NL80211_CMD_SET_INTERFACE)
435	C2S(NL80211_CMD_NEW_INTERFACE)
436	C2S(NL80211_CMD_DEL_INTERFACE)
437	C2S(NL80211_CMD_GET_KEY)
438	C2S(NL80211_CMD_SET_KEY)
439	C2S(NL80211_CMD_NEW_KEY)
440	C2S(NL80211_CMD_DEL_KEY)
441	C2S(NL80211_CMD_GET_BEACON)
442	C2S(NL80211_CMD_SET_BEACON)
443	C2S(NL80211_CMD_START_AP)
444	C2S(NL80211_CMD_STOP_AP)
445	C2S(NL80211_CMD_GET_STATION)
446	C2S(NL80211_CMD_SET_STATION)
447	C2S(NL80211_CMD_NEW_STATION)
448	C2S(NL80211_CMD_DEL_STATION)
449	C2S(NL80211_CMD_GET_MPATH)
450	C2S(NL80211_CMD_SET_MPATH)
451	C2S(NL80211_CMD_NEW_MPATH)
452	C2S(NL80211_CMD_DEL_MPATH)
453	C2S(NL80211_CMD_SET_BSS)
454	C2S(NL80211_CMD_SET_REG)
455	C2S(NL80211_CMD_REQ_SET_REG)
456	C2S(NL80211_CMD_GET_MESH_CONFIG)
457	C2S(NL80211_CMD_SET_MESH_CONFIG)
458	C2S(NL80211_CMD_SET_MGMT_EXTRA_IE)
459	C2S(NL80211_CMD_GET_REG)
460	C2S(NL80211_CMD_GET_SCAN)
461	C2S(NL80211_CMD_TRIGGER_SCAN)
462	C2S(NL80211_CMD_NEW_SCAN_RESULTS)
463	C2S(NL80211_CMD_SCAN_ABORTED)
464	C2S(NL80211_CMD_REG_CHANGE)
465	C2S(NL80211_CMD_AUTHENTICATE)
466	C2S(NL80211_CMD_ASSOCIATE)
467	C2S(NL80211_CMD_DEAUTHENTICATE)
468	C2S(NL80211_CMD_DISASSOCIATE)
469	C2S(NL80211_CMD_MICHAEL_MIC_FAILURE)
470	C2S(NL80211_CMD_REG_BEACON_HINT)
471	C2S(NL80211_CMD_JOIN_IBSS)
472	C2S(NL80211_CMD_LEAVE_IBSS)
473	C2S(NL80211_CMD_TESTMODE)
474	C2S(NL80211_CMD_CONNECT)
475	C2S(NL80211_CMD_ROAM)
476	C2S(NL80211_CMD_DISCONNECT)
477	C2S(NL80211_CMD_SET_WIPHY_NETNS)
478	C2S(NL80211_CMD_GET_SURVEY)
479	C2S(NL80211_CMD_NEW_SURVEY_RESULTS)
480	C2S(NL80211_CMD_SET_PMKSA)
481	C2S(NL80211_CMD_DEL_PMKSA)
482	C2S(NL80211_CMD_FLUSH_PMKSA)
483	C2S(NL80211_CMD_REMAIN_ON_CHANNEL)
484	C2S(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL)
485	C2S(NL80211_CMD_SET_TX_BITRATE_MASK)
486	C2S(NL80211_CMD_REGISTER_FRAME)
487	C2S(NL80211_CMD_FRAME)
488	C2S(NL80211_CMD_FRAME_TX_STATUS)
489	C2S(NL80211_CMD_SET_POWER_SAVE)
490	C2S(NL80211_CMD_GET_POWER_SAVE)
491	C2S(NL80211_CMD_SET_CQM)
492	C2S(NL80211_CMD_NOTIFY_CQM)
493	C2S(NL80211_CMD_SET_CHANNEL)
494	C2S(NL80211_CMD_SET_WDS_PEER)
495	C2S(NL80211_CMD_FRAME_WAIT_CANCEL)
496	C2S(NL80211_CMD_JOIN_MESH)
497	C2S(NL80211_CMD_LEAVE_MESH)
498	C2S(NL80211_CMD_UNPROT_DEAUTHENTICATE)
499	C2S(NL80211_CMD_UNPROT_DISASSOCIATE)
500	C2S(NL80211_CMD_NEW_PEER_CANDIDATE)
501	C2S(NL80211_CMD_GET_WOWLAN)
502	C2S(NL80211_CMD_SET_WOWLAN)
503	C2S(NL80211_CMD_START_SCHED_SCAN)
504	C2S(NL80211_CMD_STOP_SCHED_SCAN)
505	C2S(NL80211_CMD_SCHED_SCAN_RESULTS)
506	C2S(NL80211_CMD_SCHED_SCAN_STOPPED)
507	C2S(NL80211_CMD_SET_REKEY_OFFLOAD)
508	C2S(NL80211_CMD_PMKSA_CANDIDATE)
509	C2S(NL80211_CMD_TDLS_OPER)
510	C2S(NL80211_CMD_TDLS_MGMT)
511	C2S(NL80211_CMD_UNEXPECTED_FRAME)
512	C2S(NL80211_CMD_PROBE_CLIENT)
513	C2S(NL80211_CMD_REGISTER_BEACONS)
514	C2S(NL80211_CMD_UNEXPECTED_4ADDR_FRAME)
515	C2S(NL80211_CMD_SET_NOACK_MAP)
516	C2S(NL80211_CMD_CH_SWITCH_NOTIFY)
517	C2S(NL80211_CMD_START_P2P_DEVICE)
518	C2S(NL80211_CMD_STOP_P2P_DEVICE)
519	C2S(NL80211_CMD_CONN_FAILED)
520	C2S(NL80211_CMD_SET_MCAST_RATE)
521	C2S(NL80211_CMD_SET_MAC_ACL)
522	C2S(NL80211_CMD_RADAR_DETECT)
523	C2S(NL80211_CMD_GET_PROTOCOL_FEATURES)
524	C2S(NL80211_CMD_UPDATE_FT_IES)
525	C2S(NL80211_CMD_FT_EVENT)
526	C2S(NL80211_CMD_CRIT_PROTOCOL_START)
527	C2S(NL80211_CMD_CRIT_PROTOCOL_STOP)
528	C2S(NL80211_CMD_GET_COALESCE)
529	C2S(NL80211_CMD_SET_COALESCE)
530	C2S(NL80211_CMD_CHANNEL_SWITCH)
531	C2S(NL80211_CMD_VENDOR)
532	C2S(NL80211_CMD_SET_QOS_MAP)
533	default:
534		return "NL80211_CMD_UNKNOWN";
535	}
536#undef C2S
537}
538
539
540/* Converts nl80211_chan_width to a common format */
541static enum chan_width convert2width(int width)
542{
543	switch (width) {
544	case NL80211_CHAN_WIDTH_20_NOHT:
545		return CHAN_WIDTH_20_NOHT;
546	case NL80211_CHAN_WIDTH_20:
547		return CHAN_WIDTH_20;
548	case NL80211_CHAN_WIDTH_40:
549		return CHAN_WIDTH_40;
550	case NL80211_CHAN_WIDTH_80:
551		return CHAN_WIDTH_80;
552	case NL80211_CHAN_WIDTH_80P80:
553		return CHAN_WIDTH_80P80;
554	case NL80211_CHAN_WIDTH_160:
555		return CHAN_WIDTH_160;
556	}
557	return CHAN_WIDTH_UNKNOWN;
558}
559
560
561static int is_ap_interface(enum nl80211_iftype nlmode)
562{
563	return nlmode == NL80211_IFTYPE_AP ||
564		nlmode == NL80211_IFTYPE_P2P_GO;
565}
566
567
568static int is_sta_interface(enum nl80211_iftype nlmode)
569{
570	return nlmode == NL80211_IFTYPE_STATION ||
571		nlmode == NL80211_IFTYPE_P2P_CLIENT;
572}
573
574
575static int is_p2p_net_interface(enum nl80211_iftype nlmode)
576{
577	return nlmode == NL80211_IFTYPE_P2P_CLIENT ||
578		nlmode == NL80211_IFTYPE_P2P_GO;
579}
580
581
582static void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv)
583{
584	if (drv->associated)
585		os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN);
586	drv->associated = 0;
587	os_memset(drv->bssid, 0, ETH_ALEN);
588}
589
590
591struct nl80211_bss_info_arg {
592	struct wpa_driver_nl80211_data *drv;
593	struct wpa_scan_results *res;
594	unsigned int assoc_freq;
595	unsigned int ibss_freq;
596	u8 assoc_bssid[ETH_ALEN];
597};
598
599static int bss_info_handler(struct nl_msg *msg, void *arg);
600
601
602/* nl80211 code */
603static int ack_handler(struct nl_msg *msg, void *arg)
604{
605	int *err = arg;
606	*err = 0;
607	return NL_STOP;
608}
609
610static int finish_handler(struct nl_msg *msg, void *arg)
611{
612	int *ret = arg;
613	*ret = 0;
614	return NL_SKIP;
615}
616
617static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
618			 void *arg)
619{
620	int *ret = arg;
621	*ret = err->error;
622	return NL_SKIP;
623}
624
625
626static int no_seq_check(struct nl_msg *msg, void *arg)
627{
628	return NL_OK;
629}
630
631
632static int send_and_recv(struct nl80211_global *global,
633			 struct nl_handle *nl_handle, struct nl_msg *msg,
634			 int (*valid_handler)(struct nl_msg *, void *),
635			 void *valid_data)
636{
637	struct nl_cb *cb;
638	int err = -ENOMEM;
639
640	cb = nl_cb_clone(global->nl_cb);
641	if (!cb)
642		goto out;
643
644	err = nl_send_auto_complete(nl_handle, msg);
645	if (err < 0)
646		goto out;
647
648	err = 1;
649
650	nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
651	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
652	nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
653
654	if (valid_handler)
655		nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
656			  valid_handler, valid_data);
657
658	while (err > 0) {
659		int res = nl_recvmsgs(nl_handle, cb);
660		if (res < 0) {
661			wpa_printf(MSG_INFO,
662				   "nl80211: %s->nl_recvmsgs failed: %d",
663				   __func__, res);
664		}
665	}
666 out:
667	nl_cb_put(cb);
668	nlmsg_free(msg);
669	return err;
670}
671
672
673static int send_and_recv_msgs_global(struct nl80211_global *global,
674				     struct nl_msg *msg,
675				     int (*valid_handler)(struct nl_msg *, void *),
676				     void *valid_data)
677{
678	return send_and_recv(global, global->nl, msg, valid_handler,
679			     valid_data);
680}
681
682
683static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
684			      struct nl_msg *msg,
685			      int (*valid_handler)(struct nl_msg *, void *),
686			      void *valid_data)
687{
688	return send_and_recv(drv->global, drv->global->nl, msg,
689			     valid_handler, valid_data);
690}
691
692
693struct family_data {
694	const char *group;
695	int id;
696};
697
698
699static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss)
700{
701	if (bss->wdev_id_set)
702		NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
703	else
704		NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
705	return 0;
706
707nla_put_failure:
708	return -1;
709}
710
711
712static int family_handler(struct nl_msg *msg, void *arg)
713{
714	struct family_data *res = arg;
715	struct nlattr *tb[CTRL_ATTR_MAX + 1];
716	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
717	struct nlattr *mcgrp;
718	int i;
719
720	nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
721		  genlmsg_attrlen(gnlh, 0), NULL);
722	if (!tb[CTRL_ATTR_MCAST_GROUPS])
723		return NL_SKIP;
724
725	nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
726		struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
727		nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
728			  nla_len(mcgrp), NULL);
729		if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
730		    !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
731		    os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
732			       res->group,
733			       nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
734			continue;
735		res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
736		break;
737	};
738
739	return NL_SKIP;
740}
741
742
743static int nl_get_multicast_id(struct nl80211_global *global,
744			       const char *family, const char *group)
745{
746	struct nl_msg *msg;
747	int ret = -1;
748	struct family_data res = { group, -ENOENT };
749
750	msg = nlmsg_alloc();
751	if (!msg)
752		return -ENOMEM;
753	genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"),
754		    0, 0, CTRL_CMD_GETFAMILY, 0);
755	NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
756
757	ret = send_and_recv_msgs_global(global, msg, family_handler, &res);
758	msg = NULL;
759	if (ret == 0)
760		ret = res.id;
761
762nla_put_failure:
763	nlmsg_free(msg);
764	return ret;
765}
766
767
768static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv,
769			  struct nl_msg *msg, int flags, uint8_t cmd)
770{
771	return genlmsg_put(msg, 0, 0, drv->global->nl80211_id,
772			   0, flags, cmd, 0);
773}
774
775
776struct wiphy_idx_data {
777	int wiphy_idx;
778	enum nl80211_iftype nlmode;
779	u8 *macaddr;
780};
781
782
783static int netdev_info_handler(struct nl_msg *msg, void *arg)
784{
785	struct nlattr *tb[NL80211_ATTR_MAX + 1];
786	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
787	struct wiphy_idx_data *info = arg;
788
789	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
790		  genlmsg_attrlen(gnlh, 0), NULL);
791
792	if (tb[NL80211_ATTR_WIPHY])
793		info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
794
795	if (tb[NL80211_ATTR_IFTYPE])
796		info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]);
797
798	if (tb[NL80211_ATTR_MAC] && info->macaddr)
799		os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
800			  ETH_ALEN);
801
802	return NL_SKIP;
803}
804
805
806static int nl80211_get_wiphy_index(struct i802_bss *bss)
807{
808	struct nl_msg *msg;
809	struct wiphy_idx_data data = {
810		.wiphy_idx = -1,
811		.macaddr = NULL,
812	};
813
814	msg = nlmsg_alloc();
815	if (!msg)
816		return NL80211_IFTYPE_UNSPECIFIED;
817
818	nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
819
820	if (nl80211_set_iface_id(msg, bss) < 0)
821		goto nla_put_failure;
822
823	if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0)
824		return data.wiphy_idx;
825	msg = NULL;
826nla_put_failure:
827	nlmsg_free(msg);
828	return -1;
829}
830
831
832static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss)
833{
834	struct nl_msg *msg;
835	struct wiphy_idx_data data = {
836		.nlmode = NL80211_IFTYPE_UNSPECIFIED,
837		.macaddr = NULL,
838	};
839
840	msg = nlmsg_alloc();
841	if (!msg)
842		return -1;
843
844	nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
845
846	if (nl80211_set_iface_id(msg, bss) < 0)
847		goto nla_put_failure;
848
849	if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0)
850		return data.nlmode;
851	msg = NULL;
852nla_put_failure:
853	nlmsg_free(msg);
854	return NL80211_IFTYPE_UNSPECIFIED;
855}
856
857
858static int nl80211_get_macaddr(struct i802_bss *bss)
859{
860	struct nl_msg *msg;
861	struct wiphy_idx_data data = {
862		.macaddr = bss->addr,
863	};
864
865	msg = nlmsg_alloc();
866	if (!msg)
867		return NL80211_IFTYPE_UNSPECIFIED;
868
869	nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
870	if (nl80211_set_iface_id(msg, bss) < 0)
871		goto nla_put_failure;
872
873	return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data);
874
875nla_put_failure:
876	nlmsg_free(msg);
877	return NL80211_IFTYPE_UNSPECIFIED;
878}
879
880
881static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv,
882				    struct nl80211_wiphy_data *w)
883{
884	struct nl_msg *msg;
885	int ret = -1;
886
887	msg = nlmsg_alloc();
888	if (!msg)
889		return -1;
890
891	nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS);
892
893	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx);
894
895	ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL);
896	msg = NULL;
897	if (ret) {
898		wpa_printf(MSG_DEBUG, "nl80211: Register beacons command "
899			   "failed: ret=%d (%s)",
900			   ret, strerror(-ret));
901		goto nla_put_failure;
902	}
903	ret = 0;
904nla_put_failure:
905	nlmsg_free(msg);
906	return ret;
907}
908
909
910static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle)
911{
912	struct nl80211_wiphy_data *w = eloop_ctx;
913	int res;
914
915	wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available");
916
917	res = nl_recvmsgs(handle, w->nl_cb);
918	if (res < 0) {
919		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
920			   __func__, res);
921	}
922}
923
924
925static int process_beacon_event(struct nl_msg *msg, void *arg)
926{
927	struct nl80211_wiphy_data *w = arg;
928	struct wpa_driver_nl80211_data *drv;
929	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
930	struct nlattr *tb[NL80211_ATTR_MAX + 1];
931	union wpa_event_data event;
932
933	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
934		  genlmsg_attrlen(gnlh, 0), NULL);
935
936	if (gnlh->cmd != NL80211_CMD_FRAME) {
937		wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)",
938			   gnlh->cmd);
939		return NL_SKIP;
940	}
941
942	if (!tb[NL80211_ATTR_FRAME])
943		return NL_SKIP;
944
945	dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data,
946			 wiphy_list) {
947		os_memset(&event, 0, sizeof(event));
948		event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]);
949		event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]);
950		wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
951	}
952
953	return NL_SKIP;
954}
955
956
957static struct nl80211_wiphy_data *
958nl80211_get_wiphy_data_ap(struct i802_bss *bss)
959{
960	static DEFINE_DL_LIST(nl80211_wiphys);
961	struct nl80211_wiphy_data *w;
962	int wiphy_idx, found = 0;
963	struct i802_bss *tmp_bss;
964
965	if (bss->wiphy_data != NULL)
966		return bss->wiphy_data;
967
968	wiphy_idx = nl80211_get_wiphy_index(bss);
969
970	dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) {
971		if (w->wiphy_idx == wiphy_idx)
972			goto add;
973	}
974
975	/* alloc new one */
976	w = os_zalloc(sizeof(*w));
977	if (w == NULL)
978		return NULL;
979	w->wiphy_idx = wiphy_idx;
980	dl_list_init(&w->bsss);
981	dl_list_init(&w->drvs);
982
983	w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
984	if (!w->nl_cb) {
985		os_free(w);
986		return NULL;
987	}
988	nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
989	nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event,
990		  w);
991
992	w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb,
993					 "wiphy beacons");
994	if (w->nl_beacons == NULL) {
995		os_free(w);
996		return NULL;
997	}
998
999	if (nl80211_register_beacons(bss->drv, w)) {
1000		nl_destroy_handles(&w->nl_beacons);
1001		os_free(w);
1002		return NULL;
1003	}
1004
1005	nl80211_register_eloop_read(&w->nl_beacons, nl80211_recv_beacons, w);
1006
1007	dl_list_add(&nl80211_wiphys, &w->list);
1008
1009add:
1010	/* drv entry for this bss already there? */
1011	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
1012		if (tmp_bss->drv == bss->drv) {
1013			found = 1;
1014			break;
1015		}
1016	}
1017	/* if not add it */
1018	if (!found)
1019		dl_list_add(&w->drvs, &bss->drv->wiphy_list);
1020
1021	dl_list_add(&w->bsss, &bss->wiphy_list);
1022	bss->wiphy_data = w;
1023	return w;
1024}
1025
1026
1027static void nl80211_put_wiphy_data_ap(struct i802_bss *bss)
1028{
1029	struct nl80211_wiphy_data *w = bss->wiphy_data;
1030	struct i802_bss *tmp_bss;
1031	int found = 0;
1032
1033	if (w == NULL)
1034		return;
1035	bss->wiphy_data = NULL;
1036	dl_list_del(&bss->wiphy_list);
1037
1038	/* still any for this drv present? */
1039	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
1040		if (tmp_bss->drv == bss->drv) {
1041			found = 1;
1042			break;
1043		}
1044	}
1045	/* if not remove it */
1046	if (!found)
1047		dl_list_del(&bss->drv->wiphy_list);
1048
1049	if (!dl_list_empty(&w->bsss))
1050		return;
1051
1052	nl80211_destroy_eloop_handle(&w->nl_beacons);
1053
1054	nl_cb_put(w->nl_cb);
1055	dl_list_del(&w->list);
1056	os_free(w);
1057}
1058
1059
1060static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
1061{
1062	struct i802_bss *bss = priv;
1063	struct wpa_driver_nl80211_data *drv = bss->drv;
1064	if (!drv->associated)
1065		return -1;
1066	os_memcpy(bssid, drv->bssid, ETH_ALEN);
1067	return 0;
1068}
1069
1070
1071static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
1072{
1073	struct i802_bss *bss = priv;
1074	struct wpa_driver_nl80211_data *drv = bss->drv;
1075	if (!drv->associated)
1076		return -1;
1077	os_memcpy(ssid, drv->ssid, drv->ssid_len);
1078	return drv->ssid_len;
1079}
1080
1081
1082static void wpa_driver_nl80211_event_newlink(
1083	struct wpa_driver_nl80211_data *drv, char *ifname)
1084{
1085	union wpa_event_data event;
1086
1087	if (os_strcmp(drv->first_bss->ifname, ifname) == 0) {
1088		if (if_nametoindex(drv->first_bss->ifname) == 0) {
1089			wpa_printf(MSG_DEBUG, "nl80211: Interface %s does not exist - ignore RTM_NEWLINK",
1090				   drv->first_bss->ifname);
1091			return;
1092		}
1093		if (!drv->if_removed)
1094			return;
1095		wpa_printf(MSG_DEBUG, "nl80211: Mark if_removed=0 for %s based on RTM_NEWLINK event",
1096			   drv->first_bss->ifname);
1097		drv->if_removed = 0;
1098	}
1099
1100	os_memset(&event, 0, sizeof(event));
1101	os_strlcpy(event.interface_status.ifname, ifname,
1102		   sizeof(event.interface_status.ifname));
1103	event.interface_status.ievent = EVENT_INTERFACE_ADDED;
1104	wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
1105}
1106
1107
1108static void wpa_driver_nl80211_event_dellink(
1109	struct wpa_driver_nl80211_data *drv, char *ifname)
1110{
1111	union wpa_event_data event;
1112
1113	if (os_strcmp(drv->first_bss->ifname, ifname) == 0) {
1114		if (drv->if_removed) {
1115			wpa_printf(MSG_DEBUG, "nl80211: if_removed already set - ignore RTM_DELLINK event for %s",
1116				   ifname);
1117			return;
1118		}
1119		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed - mark if_removed=1",
1120			   ifname);
1121		drv->if_removed = 1;
1122	} else {
1123		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed",
1124			   ifname);
1125	}
1126
1127	os_memset(&event, 0, sizeof(event));
1128	os_strlcpy(event.interface_status.ifname, ifname,
1129		   sizeof(event.interface_status.ifname));
1130	event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
1131	wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
1132}
1133
1134
1135static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
1136					 u8 *buf, size_t len)
1137{
1138	int attrlen, rta_len;
1139	struct rtattr *attr;
1140
1141	attrlen = len;
1142	attr = (struct rtattr *) buf;
1143
1144	rta_len = RTA_ALIGN(sizeof(struct rtattr));
1145	while (RTA_OK(attr, attrlen)) {
1146		if (attr->rta_type == IFLA_IFNAME) {
1147			if (os_strcmp(((char *) attr) + rta_len,
1148				      drv->first_bss->ifname) == 0)
1149				return 1;
1150			else
1151				break;
1152		}
1153		attr = RTA_NEXT(attr, attrlen);
1154	}
1155
1156	return 0;
1157}
1158
1159
1160static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
1161					  int ifindex, u8 *buf, size_t len)
1162{
1163	if (drv->ifindex == ifindex)
1164		return 1;
1165
1166	if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
1167		wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
1168			   "interface");
1169		wpa_driver_nl80211_finish_drv_init(drv, NULL, 0);
1170		return 1;
1171	}
1172
1173	return 0;
1174}
1175
1176
1177static struct wpa_driver_nl80211_data *
1178nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len)
1179{
1180	struct wpa_driver_nl80211_data *drv;
1181	dl_list_for_each(drv, &global->interfaces,
1182			 struct wpa_driver_nl80211_data, list) {
1183		if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) ||
1184		    have_ifidx(drv, idx))
1185			return drv;
1186	}
1187	return NULL;
1188}
1189
1190
1191static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
1192						 struct ifinfomsg *ifi,
1193						 u8 *buf, size_t len)
1194{
1195	struct nl80211_global *global = ctx;
1196	struct wpa_driver_nl80211_data *drv;
1197	int attrlen;
1198	struct rtattr *attr;
1199	u32 brid = 0;
1200	char namebuf[IFNAMSIZ];
1201	char ifname[IFNAMSIZ + 1];
1202	char extra[100], *pos, *end;
1203
1204	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
1205	if (!drv) {
1206		wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_NEWLINK event for foreign ifindex %d",
1207			   ifi->ifi_index);
1208		return;
1209	}
1210
1211	extra[0] = '\0';
1212	pos = extra;
1213	end = pos + sizeof(extra);
1214	ifname[0] = '\0';
1215
1216	attrlen = len;
1217	attr = (struct rtattr *) buf;
1218	while (RTA_OK(attr, attrlen)) {
1219		switch (attr->rta_type) {
1220		case IFLA_IFNAME:
1221			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
1222				break;
1223			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
1224			ifname[RTA_PAYLOAD(attr)] = '\0';
1225			break;
1226		case IFLA_MASTER:
1227			brid = nla_get_u32((struct nlattr *) attr);
1228			pos += os_snprintf(pos, end - pos, " master=%u", brid);
1229			break;
1230		case IFLA_WIRELESS:
1231			pos += os_snprintf(pos, end - pos, " wext");
1232			break;
1233		case IFLA_OPERSTATE:
1234			pos += os_snprintf(pos, end - pos, " operstate=%u",
1235					   nla_get_u32((struct nlattr *) attr));
1236			break;
1237		case IFLA_LINKMODE:
1238			pos += os_snprintf(pos, end - pos, " linkmode=%u",
1239					   nla_get_u32((struct nlattr *) attr));
1240			break;
1241		}
1242		attr = RTA_NEXT(attr, attrlen);
1243	}
1244	extra[sizeof(extra) - 1] = '\0';
1245
1246	wpa_printf(MSG_DEBUG, "RTM_NEWLINK: ifi_index=%d ifname=%s%s ifi_flags=0x%x (%s%s%s%s)",
1247		   ifi->ifi_index, ifname, extra, ifi->ifi_flags,
1248		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
1249		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
1250		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
1251		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
1252
1253	if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
1254		if (if_indextoname(ifi->ifi_index, namebuf) &&
1255		    linux_iface_up(drv->global->ioctl_sock,
1256				   drv->first_bss->ifname) > 0) {
1257			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1258				   "event since interface %s is up", namebuf);
1259			return;
1260		}
1261		wpa_printf(MSG_DEBUG, "nl80211: Interface down");
1262		if (drv->ignore_if_down_event) {
1263			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1264				   "event generated by mode change");
1265			drv->ignore_if_down_event = 0;
1266		} else {
1267			drv->if_disabled = 1;
1268			wpa_supplicant_event(drv->ctx,
1269					     EVENT_INTERFACE_DISABLED, NULL);
1270
1271			/*
1272			 * Try to get drv again, since it may be removed as
1273			 * part of the EVENT_INTERFACE_DISABLED handling for
1274			 * dynamic interfaces
1275			 */
1276			drv = nl80211_find_drv(global, ifi->ifi_index,
1277					       buf, len);
1278			if (!drv)
1279				return;
1280		}
1281	}
1282
1283	if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
1284		if (if_indextoname(ifi->ifi_index, namebuf) &&
1285		    linux_iface_up(drv->global->ioctl_sock,
1286				   drv->first_bss->ifname) == 0) {
1287			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1288				   "event since interface %s is down",
1289				   namebuf);
1290		} else if (if_nametoindex(drv->first_bss->ifname) == 0) {
1291			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1292				   "event since interface %s does not exist",
1293				   drv->first_bss->ifname);
1294		} else if (drv->if_removed) {
1295			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1296				   "event since interface %s is marked "
1297				   "removed", drv->first_bss->ifname);
1298		} else {
1299			wpa_printf(MSG_DEBUG, "nl80211: Interface up");
1300			drv->if_disabled = 0;
1301			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
1302					     NULL);
1303		}
1304	}
1305
1306	/*
1307	 * Some drivers send the association event before the operup event--in
1308	 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
1309	 * fails. This will hit us when wpa_supplicant does not need to do
1310	 * IEEE 802.1X authentication
1311	 */
1312	if (drv->operstate == 1 &&
1313	    (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
1314	    !(ifi->ifi_flags & IFF_RUNNING)) {
1315		wpa_printf(MSG_DEBUG, "nl80211: Set IF_OPER_UP again based on ifi_flags and expected operstate");
1316		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
1317				       -1, IF_OPER_UP);
1318	}
1319
1320	if (ifname[0])
1321		wpa_driver_nl80211_event_newlink(drv, ifname);
1322
1323	if (ifi->ifi_family == AF_BRIDGE && brid) {
1324		/* device has been added to bridge */
1325		if_indextoname(brid, namebuf);
1326		wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
1327			   brid, namebuf);
1328		add_ifidx(drv, brid);
1329	}
1330}
1331
1332
1333static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
1334						 struct ifinfomsg *ifi,
1335						 u8 *buf, size_t len)
1336{
1337	struct nl80211_global *global = ctx;
1338	struct wpa_driver_nl80211_data *drv;
1339	int attrlen;
1340	struct rtattr *attr;
1341	u32 brid = 0;
1342	char ifname[IFNAMSIZ + 1];
1343
1344	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
1345	if (!drv) {
1346		wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_DELLINK event for foreign ifindex %d",
1347			   ifi->ifi_index);
1348		return;
1349	}
1350
1351	ifname[0] = '\0';
1352
1353	attrlen = len;
1354	attr = (struct rtattr *) buf;
1355	while (RTA_OK(attr, attrlen)) {
1356		switch (attr->rta_type) {
1357		case IFLA_IFNAME:
1358			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
1359				break;
1360			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
1361			ifname[RTA_PAYLOAD(attr)] = '\0';
1362			break;
1363		case IFLA_MASTER:
1364			brid = nla_get_u32((struct nlattr *) attr);
1365			break;
1366		}
1367		attr = RTA_NEXT(attr, attrlen);
1368	}
1369
1370	if (ifname[0])
1371		wpa_driver_nl80211_event_dellink(drv, ifname);
1372
1373	if (ifi->ifi_family == AF_BRIDGE && brid) {
1374		/* device has been removed from bridge */
1375		char namebuf[IFNAMSIZ];
1376		if_indextoname(brid, namebuf);
1377		wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
1378			   "%s", brid, namebuf);
1379		del_ifidx(drv, brid);
1380	}
1381}
1382
1383
1384static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
1385			    const u8 *frame, size_t len)
1386{
1387	const struct ieee80211_mgmt *mgmt;
1388	union wpa_event_data event;
1389
1390	wpa_printf(MSG_DEBUG, "nl80211: Authenticate event");
1391	mgmt = (const struct ieee80211_mgmt *) frame;
1392	if (len < 24 + sizeof(mgmt->u.auth)) {
1393		wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1394			   "frame");
1395		return;
1396	}
1397
1398	os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
1399	os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
1400	os_memset(&event, 0, sizeof(event));
1401	os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
1402	event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
1403	event.auth.auth_transaction =
1404		le_to_host16(mgmt->u.auth.auth_transaction);
1405	event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
1406	if (len > 24 + sizeof(mgmt->u.auth)) {
1407		event.auth.ies = mgmt->u.auth.variable;
1408		event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
1409	}
1410
1411	wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
1412}
1413
1414
1415static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
1416{
1417	struct nl_msg *msg;
1418	int ret;
1419	struct nl80211_bss_info_arg arg;
1420
1421	os_memset(&arg, 0, sizeof(arg));
1422	msg = nlmsg_alloc();
1423	if (!msg)
1424		goto nla_put_failure;
1425
1426	nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1427	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1428
1429	arg.drv = drv;
1430	ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
1431	msg = NULL;
1432	if (ret == 0) {
1433		unsigned int freq = drv->nlmode == NL80211_IFTYPE_ADHOC ?
1434			arg.ibss_freq : arg.assoc_freq;
1435		wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
1436			   "associated BSS from scan results: %u MHz", freq);
1437		if (freq)
1438			drv->assoc_freq = freq;
1439		return drv->assoc_freq;
1440	}
1441	wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1442		   "(%s)", ret, strerror(-ret));
1443nla_put_failure:
1444	nlmsg_free(msg);
1445	return drv->assoc_freq;
1446}
1447
1448
1449static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
1450			    const u8 *frame, size_t len)
1451{
1452	const struct ieee80211_mgmt *mgmt;
1453	union wpa_event_data event;
1454	u16 status;
1455
1456	wpa_printf(MSG_DEBUG, "nl80211: Associate event");
1457	mgmt = (const struct ieee80211_mgmt *) frame;
1458	if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
1459		wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1460			   "frame");
1461		return;
1462	}
1463
1464	status = le_to_host16(mgmt->u.assoc_resp.status_code);
1465	if (status != WLAN_STATUS_SUCCESS) {
1466		os_memset(&event, 0, sizeof(event));
1467		event.assoc_reject.bssid = mgmt->bssid;
1468		if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1469			event.assoc_reject.resp_ies =
1470				(u8 *) mgmt->u.assoc_resp.variable;
1471			event.assoc_reject.resp_ies_len =
1472				len - 24 - sizeof(mgmt->u.assoc_resp);
1473		}
1474		event.assoc_reject.status_code = status;
1475
1476		wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1477		return;
1478	}
1479
1480	drv->associated = 1;
1481	os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
1482	os_memcpy(drv->prev_bssid, mgmt->sa, ETH_ALEN);
1483
1484	os_memset(&event, 0, sizeof(event));
1485	if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1486		event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
1487		event.assoc_info.resp_ies_len =
1488			len - 24 - sizeof(mgmt->u.assoc_resp);
1489	}
1490
1491	event.assoc_info.freq = drv->assoc_freq;
1492
1493	wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1494}
1495
1496
1497static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
1498			       enum nl80211_commands cmd, struct nlattr *status,
1499			       struct nlattr *addr, struct nlattr *req_ie,
1500			       struct nlattr *resp_ie)
1501{
1502	union wpa_event_data event;
1503
1504	if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1505		/*
1506		 * Avoid reporting two association events that would confuse
1507		 * the core code.
1508		 */
1509		wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
1510			   "when using userspace SME", cmd);
1511		return;
1512	}
1513
1514	if (cmd == NL80211_CMD_CONNECT)
1515		wpa_printf(MSG_DEBUG, "nl80211: Connect event");
1516	else if (cmd == NL80211_CMD_ROAM)
1517		wpa_printf(MSG_DEBUG, "nl80211: Roam event");
1518
1519	os_memset(&event, 0, sizeof(event));
1520	if (cmd == NL80211_CMD_CONNECT &&
1521	    nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
1522		if (addr)
1523			event.assoc_reject.bssid = nla_data(addr);
1524		if (resp_ie) {
1525			event.assoc_reject.resp_ies = nla_data(resp_ie);
1526			event.assoc_reject.resp_ies_len = nla_len(resp_ie);
1527		}
1528		event.assoc_reject.status_code = nla_get_u16(status);
1529		wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1530		return;
1531	}
1532
1533	drv->associated = 1;
1534	if (addr) {
1535		os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
1536		os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN);
1537	}
1538
1539	if (req_ie) {
1540		event.assoc_info.req_ies = nla_data(req_ie);
1541		event.assoc_info.req_ies_len = nla_len(req_ie);
1542	}
1543	if (resp_ie) {
1544		event.assoc_info.resp_ies = nla_data(resp_ie);
1545		event.assoc_info.resp_ies_len = nla_len(resp_ie);
1546	}
1547
1548	event.assoc_info.freq = nl80211_get_assoc_freq(drv);
1549
1550	wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1551}
1552
1553
1554static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv,
1555				  struct nlattr *reason, struct nlattr *addr,
1556				  struct nlattr *by_ap)
1557{
1558	union wpa_event_data data;
1559	unsigned int locally_generated = by_ap == NULL;
1560
1561	if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1562		/*
1563		 * Avoid reporting two disassociation events that could
1564		 * confuse the core code.
1565		 */
1566		wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1567			   "event when using userspace SME");
1568		return;
1569	}
1570
1571	if (drv->ignore_next_local_disconnect) {
1572		drv->ignore_next_local_disconnect = 0;
1573		if (locally_generated) {
1574			wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1575				   "event triggered during reassociation");
1576			return;
1577		}
1578		wpa_printf(MSG_WARNING, "nl80211: Was expecting local "
1579			   "disconnect but got another disconnect "
1580			   "event first");
1581	}
1582
1583	wpa_printf(MSG_DEBUG, "nl80211: Disconnect event");
1584	nl80211_mark_disconnected(drv);
1585	os_memset(&data, 0, sizeof(data));
1586	if (reason)
1587		data.deauth_info.reason_code = nla_get_u16(reason);
1588	data.deauth_info.locally_generated = by_ap == NULL;
1589	wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, &data);
1590}
1591
1592
1593static int calculate_chan_offset(int width, int freq, int cf1, int cf2)
1594{
1595	int freq1 = 0;
1596
1597	switch (convert2width(width)) {
1598	case CHAN_WIDTH_20_NOHT:
1599	case CHAN_WIDTH_20:
1600		return 0;
1601	case CHAN_WIDTH_40:
1602		freq1 = cf1 - 10;
1603		break;
1604	case CHAN_WIDTH_80:
1605		freq1 = cf1 - 30;
1606		break;
1607	case CHAN_WIDTH_160:
1608		freq1 = cf1 - 70;
1609		break;
1610	case CHAN_WIDTH_UNKNOWN:
1611	case CHAN_WIDTH_80P80:
1612		/* FIXME: implement this */
1613		return 0;
1614	}
1615
1616	return (abs(freq - freq1) / 20) % 2 == 0 ? 1 : -1;
1617}
1618
1619
1620static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv,
1621				 struct nlattr *ifindex, struct nlattr *freq,
1622				 struct nlattr *type, struct nlattr *bw,
1623				 struct nlattr *cf1, struct nlattr *cf2)
1624{
1625	struct i802_bss *bss;
1626	union wpa_event_data data;
1627	int ht_enabled = 1;
1628	int chan_offset = 0;
1629	int ifidx;
1630
1631	wpa_printf(MSG_DEBUG, "nl80211: Channel switch event");
1632
1633	if (!freq)
1634		return;
1635
1636	ifidx = nla_get_u32(ifindex);
1637	for (bss = drv->first_bss; bss; bss = bss->next)
1638		if (bss->ifindex == ifidx)
1639			break;
1640
1641	if (bss == NULL) {
1642		wpa_printf(MSG_WARNING, "nl80211: Unknown ifindex (%d) for channel switch, ignoring",
1643			   ifidx);
1644		return;
1645	}
1646
1647	if (type) {
1648		switch (nla_get_u32(type)) {
1649		case NL80211_CHAN_NO_HT:
1650			ht_enabled = 0;
1651			break;
1652		case NL80211_CHAN_HT20:
1653			break;
1654		case NL80211_CHAN_HT40PLUS:
1655			chan_offset = 1;
1656			break;
1657		case NL80211_CHAN_HT40MINUS:
1658			chan_offset = -1;
1659			break;
1660		}
1661	} else if (bw && cf1) {
1662		/* This can happen for example with VHT80 ch switch */
1663		chan_offset = calculate_chan_offset(nla_get_u32(bw),
1664						    nla_get_u32(freq),
1665						    nla_get_u32(cf1),
1666						    cf2 ? nla_get_u32(cf2) : 0);
1667	} else {
1668		wpa_printf(MSG_WARNING, "nl80211: Unknown secondary channel information - following channel definition calculations may fail");
1669	}
1670
1671	os_memset(&data, 0, sizeof(data));
1672	data.ch_switch.freq = nla_get_u32(freq);
1673	data.ch_switch.ht_enabled = ht_enabled;
1674	data.ch_switch.ch_offset = chan_offset;
1675	if (bw)
1676		data.ch_switch.ch_width = convert2width(nla_get_u32(bw));
1677	if (cf1)
1678		data.ch_switch.cf1 = nla_get_u32(cf1);
1679	if (cf2)
1680		data.ch_switch.cf2 = nla_get_u32(cf2);
1681
1682	bss->freq = data.ch_switch.freq;
1683
1684	wpa_supplicant_event(bss->ctx, EVENT_CH_SWITCH, &data);
1685}
1686
1687
1688static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
1689			       enum nl80211_commands cmd, struct nlattr *addr)
1690{
1691	union wpa_event_data event;
1692	enum wpa_event_type ev;
1693
1694	if (nla_len(addr) != ETH_ALEN)
1695		return;
1696
1697	wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
1698		   cmd, MAC2STR((u8 *) nla_data(addr)));
1699
1700	if (cmd == NL80211_CMD_AUTHENTICATE)
1701		ev = EVENT_AUTH_TIMED_OUT;
1702	else if (cmd == NL80211_CMD_ASSOCIATE)
1703		ev = EVENT_ASSOC_TIMED_OUT;
1704	else
1705		return;
1706
1707	os_memset(&event, 0, sizeof(event));
1708	os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
1709	wpa_supplicant_event(drv->ctx, ev, &event);
1710}
1711
1712
1713static void mlme_event_mgmt(struct i802_bss *bss,
1714			    struct nlattr *freq, struct nlattr *sig,
1715			    const u8 *frame, size_t len)
1716{
1717	struct wpa_driver_nl80211_data *drv = bss->drv;
1718	const struct ieee80211_mgmt *mgmt;
1719	union wpa_event_data event;
1720	u16 fc, stype;
1721	int ssi_signal = 0;
1722	int rx_freq = 0;
1723
1724	wpa_printf(MSG_MSGDUMP, "nl80211: Frame event");
1725	mgmt = (const struct ieee80211_mgmt *) frame;
1726	if (len < 24) {
1727		wpa_printf(MSG_DEBUG, "nl80211: Too short management frame");
1728		return;
1729	}
1730
1731	fc = le_to_host16(mgmt->frame_control);
1732	stype = WLAN_FC_GET_STYPE(fc);
1733
1734	if (sig)
1735		ssi_signal = (s32) nla_get_u32(sig);
1736
1737	os_memset(&event, 0, sizeof(event));
1738	if (freq) {
1739		event.rx_mgmt.freq = nla_get_u32(freq);
1740		rx_freq = drv->last_mgmt_freq = event.rx_mgmt.freq;
1741	}
1742	wpa_printf(MSG_DEBUG,
1743		   "nl80211: RX frame sa=" MACSTR
1744		   " freq=%d ssi_signal=%d stype=%u (%s) len=%u",
1745		   MAC2STR(mgmt->sa), rx_freq, ssi_signal, stype, fc2str(fc),
1746		   (unsigned int) len);
1747	event.rx_mgmt.frame = frame;
1748	event.rx_mgmt.frame_len = len;
1749	event.rx_mgmt.ssi_signal = ssi_signal;
1750	event.rx_mgmt.drv_priv = bss;
1751	wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
1752}
1753
1754
1755static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv,
1756				      struct nlattr *cookie, const u8 *frame,
1757				      size_t len, struct nlattr *ack)
1758{
1759	union wpa_event_data event;
1760	const struct ieee80211_hdr *hdr;
1761	u16 fc;
1762
1763	wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event");
1764	if (!is_ap_interface(drv->nlmode)) {
1765		u64 cookie_val;
1766
1767		if (!cookie)
1768			return;
1769
1770		cookie_val = nla_get_u64(cookie);
1771		wpa_printf(MSG_DEBUG, "nl80211: Action TX status:"
1772			   " cookie=0%llx%s (ack=%d)",
1773			   (long long unsigned int) cookie_val,
1774			   cookie_val == drv->send_action_cookie ?
1775			   " (match)" : " (unknown)", ack != NULL);
1776		if (cookie_val != drv->send_action_cookie)
1777			return;
1778	}
1779
1780	hdr = (const struct ieee80211_hdr *) frame;
1781	fc = le_to_host16(hdr->frame_control);
1782
1783	os_memset(&event, 0, sizeof(event));
1784	event.tx_status.type = WLAN_FC_GET_TYPE(fc);
1785	event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
1786	event.tx_status.dst = hdr->addr1;
1787	event.tx_status.data = frame;
1788	event.tx_status.data_len = len;
1789	event.tx_status.ack = ack != NULL;
1790	wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
1791}
1792
1793
1794static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
1795				       enum wpa_event_type type,
1796				       const u8 *frame, size_t len)
1797{
1798	const struct ieee80211_mgmt *mgmt;
1799	union wpa_event_data event;
1800	const u8 *bssid = NULL;
1801	u16 reason_code = 0;
1802
1803	if (type == EVENT_DEAUTH)
1804		wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event");
1805	else
1806		wpa_printf(MSG_DEBUG, "nl80211: Disassociate event");
1807
1808	mgmt = (const struct ieee80211_mgmt *) frame;
1809	if (len >= 24) {
1810		bssid = mgmt->bssid;
1811
1812		if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) &&
1813		    !drv->associated &&
1814		    os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0 &&
1815		    os_memcmp(bssid, drv->auth_attempt_bssid, ETH_ALEN) != 0 &&
1816		    os_memcmp(bssid, drv->prev_bssid, ETH_ALEN) == 0) {
1817			/*
1818			 * Avoid issues with some roaming cases where
1819			 * disconnection event for the old AP may show up after
1820			 * we have started connection with the new AP.
1821			 */
1822			wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth/disassoc event from old AP " MACSTR " when already authenticating with " MACSTR,
1823				   MAC2STR(bssid),
1824				   MAC2STR(drv->auth_attempt_bssid));
1825			return;
1826		}
1827
1828		if (drv->associated != 0 &&
1829		    os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
1830		    os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
1831			/*
1832			 * We have presumably received this deauth as a
1833			 * response to a clear_state_mismatch() outgoing
1834			 * deauth.  Don't let it take us offline!
1835			 */
1836			wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
1837				   "from Unknown BSSID " MACSTR " -- ignoring",
1838				   MAC2STR(bssid));
1839			return;
1840		}
1841	}
1842
1843	nl80211_mark_disconnected(drv);
1844	os_memset(&event, 0, sizeof(event));
1845
1846	/* Note: Same offset for Reason Code in both frame subtypes */
1847	if (len >= 24 + sizeof(mgmt->u.deauth))
1848		reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1849
1850	if (type == EVENT_DISASSOC) {
1851		event.disassoc_info.locally_generated =
1852			!os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN);
1853		event.disassoc_info.addr = bssid;
1854		event.disassoc_info.reason_code = reason_code;
1855		if (frame + len > mgmt->u.disassoc.variable) {
1856			event.disassoc_info.ie = mgmt->u.disassoc.variable;
1857			event.disassoc_info.ie_len = frame + len -
1858				mgmt->u.disassoc.variable;
1859		}
1860	} else {
1861		if (drv->ignore_deauth_event) {
1862			wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event due to previous forced deauth-during-auth");
1863			drv->ignore_deauth_event = 0;
1864			return;
1865		}
1866		event.deauth_info.locally_generated =
1867			!os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN);
1868		if (drv->ignore_next_local_deauth) {
1869			drv->ignore_next_local_deauth = 0;
1870			if (event.deauth_info.locally_generated) {
1871				wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event triggered due to own deauth request");
1872				return;
1873			}
1874			wpa_printf(MSG_WARNING, "nl80211: Was expecting local deauth but got another disconnect event first");
1875		}
1876		event.deauth_info.addr = bssid;
1877		event.deauth_info.reason_code = reason_code;
1878		if (frame + len > mgmt->u.deauth.variable) {
1879			event.deauth_info.ie = mgmt->u.deauth.variable;
1880			event.deauth_info.ie_len = frame + len -
1881				mgmt->u.deauth.variable;
1882		}
1883	}
1884
1885	wpa_supplicant_event(drv->ctx, type, &event);
1886}
1887
1888
1889static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv,
1890					 enum wpa_event_type type,
1891					 const u8 *frame, size_t len)
1892{
1893	const struct ieee80211_mgmt *mgmt;
1894	union wpa_event_data event;
1895	u16 reason_code = 0;
1896
1897	if (type == EVENT_UNPROT_DEAUTH)
1898		wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event");
1899	else
1900		wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event");
1901
1902	if (len < 24)
1903		return;
1904
1905	mgmt = (const struct ieee80211_mgmt *) frame;
1906
1907	os_memset(&event, 0, sizeof(event));
1908	/* Note: Same offset for Reason Code in both frame subtypes */
1909	if (len >= 24 + sizeof(mgmt->u.deauth))
1910		reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1911
1912	if (type == EVENT_UNPROT_DISASSOC) {
1913		event.unprot_disassoc.sa = mgmt->sa;
1914		event.unprot_disassoc.da = mgmt->da;
1915		event.unprot_disassoc.reason_code = reason_code;
1916	} else {
1917		event.unprot_deauth.sa = mgmt->sa;
1918		event.unprot_deauth.da = mgmt->da;
1919		event.unprot_deauth.reason_code = reason_code;
1920	}
1921
1922	wpa_supplicant_event(drv->ctx, type, &event);
1923}
1924
1925
1926static void mlme_event(struct i802_bss *bss,
1927		       enum nl80211_commands cmd, struct nlattr *frame,
1928		       struct nlattr *addr, struct nlattr *timed_out,
1929		       struct nlattr *freq, struct nlattr *ack,
1930		       struct nlattr *cookie, struct nlattr *sig)
1931{
1932	struct wpa_driver_nl80211_data *drv = bss->drv;
1933	const u8 *data;
1934	size_t len;
1935
1936	if (timed_out && addr) {
1937		mlme_timeout_event(drv, cmd, addr);
1938		return;
1939	}
1940
1941	if (frame == NULL) {
1942		wpa_printf(MSG_DEBUG,
1943			   "nl80211: MLME event %d (%s) without frame data",
1944			   cmd, nl80211_command_to_string(cmd));
1945		return;
1946	}
1947
1948	data = nla_data(frame);
1949	len = nla_len(frame);
1950	if (len < 4 + 2 * ETH_ALEN) {
1951		wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s("
1952			   MACSTR ") - too short",
1953			   cmd, nl80211_command_to_string(cmd), bss->ifname,
1954			   MAC2STR(bss->addr));
1955		return;
1956	}
1957	wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" MACSTR
1958		   ") A1=" MACSTR " A2=" MACSTR, cmd,
1959		   nl80211_command_to_string(cmd), bss->ifname,
1960		   MAC2STR(bss->addr), MAC2STR(data + 4),
1961		   MAC2STR(data + 4 + ETH_ALEN));
1962	if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) &&
1963	    os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 &&
1964	    os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) {
1965		wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event "
1966			   "for foreign address", bss->ifname);
1967		return;
1968	}
1969	wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
1970		    nla_data(frame), nla_len(frame));
1971
1972	switch (cmd) {
1973	case NL80211_CMD_AUTHENTICATE:
1974		mlme_event_auth(drv, nla_data(frame), nla_len(frame));
1975		break;
1976	case NL80211_CMD_ASSOCIATE:
1977		mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
1978		break;
1979	case NL80211_CMD_DEAUTHENTICATE:
1980		mlme_event_deauth_disassoc(drv, EVENT_DEAUTH,
1981					   nla_data(frame), nla_len(frame));
1982		break;
1983	case NL80211_CMD_DISASSOCIATE:
1984		mlme_event_deauth_disassoc(drv, EVENT_DISASSOC,
1985					   nla_data(frame), nla_len(frame));
1986		break;
1987	case NL80211_CMD_FRAME:
1988		mlme_event_mgmt(bss, freq, sig, nla_data(frame),
1989				nla_len(frame));
1990		break;
1991	case NL80211_CMD_FRAME_TX_STATUS:
1992		mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame),
1993					  nla_len(frame), ack);
1994		break;
1995	case NL80211_CMD_UNPROT_DEAUTHENTICATE:
1996		mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH,
1997					     nla_data(frame), nla_len(frame));
1998		break;
1999	case NL80211_CMD_UNPROT_DISASSOCIATE:
2000		mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC,
2001					     nla_data(frame), nla_len(frame));
2002		break;
2003	default:
2004		break;
2005	}
2006}
2007
2008
2009static void mlme_event_michael_mic_failure(struct i802_bss *bss,
2010					   struct nlattr *tb[])
2011{
2012	union wpa_event_data data;
2013
2014	wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
2015	os_memset(&data, 0, sizeof(data));
2016	if (tb[NL80211_ATTR_MAC]) {
2017		wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
2018			    nla_data(tb[NL80211_ATTR_MAC]),
2019			    nla_len(tb[NL80211_ATTR_MAC]));
2020		data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
2021	}
2022	if (tb[NL80211_ATTR_KEY_SEQ]) {
2023		wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
2024			    nla_data(tb[NL80211_ATTR_KEY_SEQ]),
2025			    nla_len(tb[NL80211_ATTR_KEY_SEQ]));
2026	}
2027	if (tb[NL80211_ATTR_KEY_TYPE]) {
2028		enum nl80211_key_type key_type =
2029			nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
2030		wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
2031		if (key_type == NL80211_KEYTYPE_PAIRWISE)
2032			data.michael_mic_failure.unicast = 1;
2033	} else
2034		data.michael_mic_failure.unicast = 1;
2035
2036	if (tb[NL80211_ATTR_KEY_IDX]) {
2037		u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
2038		wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
2039	}
2040
2041	wpa_supplicant_event(bss->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
2042}
2043
2044
2045static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
2046				 struct nlattr *tb[])
2047{
2048	unsigned int freq;
2049
2050	if (tb[NL80211_ATTR_MAC] == NULL) {
2051		wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
2052			   "event");
2053		return;
2054	}
2055	os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2056
2057	drv->associated = 1;
2058	wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
2059		   MAC2STR(drv->bssid));
2060
2061	freq = nl80211_get_assoc_freq(drv);
2062	if (freq) {
2063		wpa_printf(MSG_DEBUG, "nl80211: IBSS on frequency %u MHz",
2064			   freq);
2065		drv->first_bss->freq = freq;
2066	}
2067
2068	wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
2069}
2070
2071
2072static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
2073					 int cancel_event, struct nlattr *tb[])
2074{
2075	unsigned int freq, chan_type, duration;
2076	union wpa_event_data data;
2077	u64 cookie;
2078
2079	if (tb[NL80211_ATTR_WIPHY_FREQ])
2080		freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
2081	else
2082		freq = 0;
2083
2084	if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
2085		chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2086	else
2087		chan_type = 0;
2088
2089	if (tb[NL80211_ATTR_DURATION])
2090		duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
2091	else
2092		duration = 0;
2093
2094	if (tb[NL80211_ATTR_COOKIE])
2095		cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
2096	else
2097		cookie = 0;
2098
2099	wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
2100		   "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
2101		   cancel_event, freq, chan_type, duration,
2102		   (long long unsigned int) cookie,
2103		   cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
2104
2105	if (cookie != drv->remain_on_chan_cookie)
2106		return; /* not for us */
2107
2108	if (cancel_event)
2109		drv->pending_remain_on_chan = 0;
2110
2111	os_memset(&data, 0, sizeof(data));
2112	data.remain_on_channel.freq = freq;
2113	data.remain_on_channel.duration = duration;
2114	wpa_supplicant_event(drv->ctx, cancel_event ?
2115			     EVENT_CANCEL_REMAIN_ON_CHANNEL :
2116			     EVENT_REMAIN_ON_CHANNEL, &data);
2117}
2118
2119
2120static void mlme_event_ft_event(struct wpa_driver_nl80211_data *drv,
2121				struct nlattr *tb[])
2122{
2123	union wpa_event_data data;
2124
2125	os_memset(&data, 0, sizeof(data));
2126
2127	if (tb[NL80211_ATTR_IE]) {
2128		data.ft_ies.ies = nla_data(tb[NL80211_ATTR_IE]);
2129		data.ft_ies.ies_len = nla_len(tb[NL80211_ATTR_IE]);
2130	}
2131
2132	if (tb[NL80211_ATTR_IE_RIC]) {
2133		data.ft_ies.ric_ies = nla_data(tb[NL80211_ATTR_IE_RIC]);
2134		data.ft_ies.ric_ies_len = nla_len(tb[NL80211_ATTR_IE_RIC]);
2135	}
2136
2137	if (tb[NL80211_ATTR_MAC])
2138		os_memcpy(data.ft_ies.target_ap,
2139			  nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2140
2141	wpa_printf(MSG_DEBUG, "nl80211: FT event target_ap " MACSTR,
2142		   MAC2STR(data.ft_ies.target_ap));
2143
2144	wpa_supplicant_event(drv->ctx, EVENT_FT_RESPONSE, &data);
2145}
2146
2147
2148static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
2149			    struct nlattr *tb[])
2150{
2151	union wpa_event_data event;
2152	struct nlattr *nl;
2153	int rem;
2154	struct scan_info *info;
2155#define MAX_REPORT_FREQS 50
2156	int freqs[MAX_REPORT_FREQS];
2157	int num_freqs = 0;
2158
2159	if (drv->scan_for_auth) {
2160		drv->scan_for_auth = 0;
2161		wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing "
2162			   "cfg80211 BSS entry");
2163		wpa_driver_nl80211_authenticate_retry(drv);
2164		return;
2165	}
2166
2167	os_memset(&event, 0, sizeof(event));
2168	info = &event.scan_info;
2169	info->aborted = aborted;
2170
2171	if (tb[NL80211_ATTR_SCAN_SSIDS]) {
2172		nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
2173			struct wpa_driver_scan_ssid *s =
2174				&info->ssids[info->num_ssids];
2175			s->ssid = nla_data(nl);
2176			s->ssid_len = nla_len(nl);
2177			wpa_printf(MSG_DEBUG, "nl80211: Scan probed for SSID '%s'",
2178				   wpa_ssid_txt(s->ssid, s->ssid_len));
2179			info->num_ssids++;
2180			if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
2181				break;
2182		}
2183	}
2184	if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
2185		char msg[200], *pos, *end;
2186		int res;
2187
2188		pos = msg;
2189		end = pos + sizeof(msg);
2190		*pos = '\0';
2191
2192		nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
2193		{
2194			freqs[num_freqs] = nla_get_u32(nl);
2195			res = os_snprintf(pos, end - pos, " %d",
2196					  freqs[num_freqs]);
2197			if (res > 0 && end - pos > res)
2198				pos += res;
2199			num_freqs++;
2200			if (num_freqs == MAX_REPORT_FREQS - 1)
2201				break;
2202		}
2203		info->freqs = freqs;
2204		info->num_freqs = num_freqs;
2205		wpa_printf(MSG_DEBUG, "nl80211: Scan included frequencies:%s",
2206			   msg);
2207	}
2208	wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
2209}
2210
2211
2212static int get_link_signal(struct nl_msg *msg, void *arg)
2213{
2214	struct nlattr *tb[NL80211_ATTR_MAX + 1];
2215	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2216	struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
2217	static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
2218		[NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
2219		[NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 },
2220	};
2221	struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
2222	static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
2223		[NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
2224		[NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
2225		[NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
2226		[NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
2227	};
2228	struct wpa_signal_info *sig_change = arg;
2229
2230	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2231		  genlmsg_attrlen(gnlh, 0), NULL);
2232	if (!tb[NL80211_ATTR_STA_INFO] ||
2233	    nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
2234			     tb[NL80211_ATTR_STA_INFO], policy))
2235		return NL_SKIP;
2236	if (!sinfo[NL80211_STA_INFO_SIGNAL])
2237		return NL_SKIP;
2238
2239	sig_change->current_signal =
2240		(s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
2241
2242	if (sinfo[NL80211_STA_INFO_SIGNAL_AVG])
2243		sig_change->avg_signal =
2244			(s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]);
2245	else
2246		sig_change->avg_signal = 0;
2247
2248	if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
2249		if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
2250				     sinfo[NL80211_STA_INFO_TX_BITRATE],
2251				     rate_policy)) {
2252			sig_change->current_txrate = 0;
2253		} else {
2254			if (rinfo[NL80211_RATE_INFO_BITRATE]) {
2255				sig_change->current_txrate =
2256					nla_get_u16(rinfo[
2257					     NL80211_RATE_INFO_BITRATE]) * 100;
2258			}
2259		}
2260	}
2261
2262	return NL_SKIP;
2263}
2264
2265
2266static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
2267				   struct wpa_signal_info *sig)
2268{
2269	struct nl_msg *msg;
2270
2271	sig->current_signal = -9999;
2272	sig->current_txrate = 0;
2273
2274	msg = nlmsg_alloc();
2275	if (!msg)
2276		return -ENOMEM;
2277
2278	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
2279
2280	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2281	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
2282
2283	return send_and_recv_msgs(drv, msg, get_link_signal, sig);
2284 nla_put_failure:
2285	nlmsg_free(msg);
2286	return -ENOBUFS;
2287}
2288
2289
2290static int get_link_noise(struct nl_msg *msg, void *arg)
2291{
2292	struct nlattr *tb[NL80211_ATTR_MAX + 1];
2293	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2294	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
2295	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
2296		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
2297		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
2298	};
2299	struct wpa_signal_info *sig_change = arg;
2300
2301	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2302		  genlmsg_attrlen(gnlh, 0), NULL);
2303
2304	if (!tb[NL80211_ATTR_SURVEY_INFO]) {
2305		wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
2306		return NL_SKIP;
2307	}
2308
2309	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
2310			     tb[NL80211_ATTR_SURVEY_INFO],
2311			     survey_policy)) {
2312		wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
2313			   "attributes!");
2314		return NL_SKIP;
2315	}
2316
2317	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
2318		return NL_SKIP;
2319
2320	if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
2321	    sig_change->frequency)
2322		return NL_SKIP;
2323
2324	if (!sinfo[NL80211_SURVEY_INFO_NOISE])
2325		return NL_SKIP;
2326
2327	sig_change->current_noise =
2328		(s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
2329
2330	return NL_SKIP;
2331}
2332
2333
2334static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
2335				  struct wpa_signal_info *sig_change)
2336{
2337	struct nl_msg *msg;
2338
2339	sig_change->current_noise = 9999;
2340	sig_change->frequency = drv->assoc_freq;
2341
2342	msg = nlmsg_alloc();
2343	if (!msg)
2344		return -ENOMEM;
2345
2346	nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
2347
2348	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2349
2350	return send_and_recv_msgs(drv, msg, get_link_noise, sig_change);
2351 nla_put_failure:
2352	nlmsg_free(msg);
2353	return -ENOBUFS;
2354}
2355
2356
2357static int get_noise_for_scan_results(struct nl_msg *msg, void *arg)
2358{
2359	struct nlattr *tb[NL80211_ATTR_MAX + 1];
2360	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2361	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
2362	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
2363		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
2364		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
2365	};
2366	struct wpa_scan_results *scan_results = arg;
2367	struct wpa_scan_res *scan_res;
2368	size_t i;
2369
2370	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2371		  genlmsg_attrlen(gnlh, 0), NULL);
2372
2373	if (!tb[NL80211_ATTR_SURVEY_INFO]) {
2374		wpa_printf(MSG_DEBUG, "nl80211: Survey data missing");
2375		return NL_SKIP;
2376	}
2377
2378	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
2379			     tb[NL80211_ATTR_SURVEY_INFO],
2380			     survey_policy)) {
2381		wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested "
2382			   "attributes");
2383		return NL_SKIP;
2384	}
2385
2386	if (!sinfo[NL80211_SURVEY_INFO_NOISE])
2387		return NL_SKIP;
2388
2389	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
2390		return NL_SKIP;
2391
2392	for (i = 0; i < scan_results->num; ++i) {
2393		scan_res = scan_results->res[i];
2394		if (!scan_res)
2395			continue;
2396		if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
2397		    scan_res->freq)
2398			continue;
2399		if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID))
2400			continue;
2401		scan_res->noise = (s8)
2402			nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
2403		scan_res->flags &= ~WPA_SCAN_NOISE_INVALID;
2404	}
2405
2406	return NL_SKIP;
2407}
2408
2409
2410static int nl80211_get_noise_for_scan_results(
2411	struct wpa_driver_nl80211_data *drv,
2412	struct wpa_scan_results *scan_res)
2413{
2414	struct nl_msg *msg;
2415
2416	msg = nlmsg_alloc();
2417	if (!msg)
2418		return -ENOMEM;
2419
2420	nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
2421
2422	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2423
2424	return send_and_recv_msgs(drv, msg, get_noise_for_scan_results,
2425				  scan_res);
2426 nla_put_failure:
2427	nlmsg_free(msg);
2428	return -ENOBUFS;
2429}
2430
2431
2432static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv,
2433			      struct nlattr *tb[])
2434{
2435	static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
2436		[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
2437		[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 },
2438		[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
2439		[NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 },
2440	};
2441	struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1];
2442	enum nl80211_cqm_rssi_threshold_event event;
2443	union wpa_event_data ed;
2444	struct wpa_signal_info sig;
2445	int res;
2446
2447	if (tb[NL80211_ATTR_CQM] == NULL ||
2448	    nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM],
2449			     cqm_policy)) {
2450		wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event");
2451		return;
2452	}
2453
2454	os_memset(&ed, 0, sizeof(ed));
2455
2456	if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) {
2457		if (!tb[NL80211_ATTR_MAC])
2458			return;
2459		os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]),
2460			  ETH_ALEN);
2461		wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed);
2462		return;
2463	}
2464
2465	if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL)
2466		return;
2467	event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]);
2468
2469	if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) {
2470		wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
2471			   "event: RSSI high");
2472		ed.signal_change.above_threshold = 1;
2473	} else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) {
2474		wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
2475			   "event: RSSI low");
2476		ed.signal_change.above_threshold = 0;
2477	} else
2478		return;
2479
2480	res = nl80211_get_link_signal(drv, &sig);
2481	if (res == 0) {
2482		ed.signal_change.current_signal = sig.current_signal;
2483		ed.signal_change.current_txrate = sig.current_txrate;
2484		wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm  txrate: %d",
2485			   sig.current_signal, sig.current_txrate);
2486	}
2487
2488	res = nl80211_get_link_noise(drv, &sig);
2489	if (res == 0) {
2490		ed.signal_change.current_noise = sig.current_noise;
2491		wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm",
2492			   sig.current_noise);
2493	}
2494
2495	wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed);
2496}
2497
2498
2499static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv,
2500				      struct nlattr **tb)
2501{
2502	u8 *addr;
2503	union wpa_event_data data;
2504
2505	if (tb[NL80211_ATTR_MAC] == NULL)
2506		return;
2507	addr = nla_data(tb[NL80211_ATTR_MAC]);
2508	wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr));
2509
2510	if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
2511		u8 *ies = NULL;
2512		size_t ies_len = 0;
2513		if (tb[NL80211_ATTR_IE]) {
2514			ies = nla_data(tb[NL80211_ATTR_IE]);
2515			ies_len = nla_len(tb[NL80211_ATTR_IE]);
2516		}
2517		wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len);
2518		drv_event_assoc(drv->ctx, addr, ies, ies_len, 0);
2519		return;
2520	}
2521
2522	if (drv->nlmode != NL80211_IFTYPE_ADHOC)
2523		return;
2524
2525	os_memset(&data, 0, sizeof(data));
2526	os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN);
2527	wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data);
2528}
2529
2530
2531static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv,
2532				      struct nlattr **tb)
2533{
2534	u8 *addr;
2535	union wpa_event_data data;
2536
2537	if (tb[NL80211_ATTR_MAC] == NULL)
2538		return;
2539	addr = nla_data(tb[NL80211_ATTR_MAC]);
2540	wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR,
2541		   MAC2STR(addr));
2542
2543	if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
2544		drv_event_disassoc(drv->ctx, addr);
2545		return;
2546	}
2547
2548	if (drv->nlmode != NL80211_IFTYPE_ADHOC)
2549		return;
2550
2551	os_memset(&data, 0, sizeof(data));
2552	os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN);
2553	wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data);
2554}
2555
2556
2557static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv,
2558					struct nlattr **tb)
2559{
2560	struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA];
2561	static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = {
2562		[NL80211_REKEY_DATA_KEK] = {
2563			.minlen = NL80211_KEK_LEN,
2564			.maxlen = NL80211_KEK_LEN,
2565		},
2566		[NL80211_REKEY_DATA_KCK] = {
2567			.minlen = NL80211_KCK_LEN,
2568			.maxlen = NL80211_KCK_LEN,
2569		},
2570		[NL80211_REKEY_DATA_REPLAY_CTR] = {
2571			.minlen = NL80211_REPLAY_CTR_LEN,
2572			.maxlen = NL80211_REPLAY_CTR_LEN,
2573		},
2574	};
2575	union wpa_event_data data;
2576
2577	if (!tb[NL80211_ATTR_MAC])
2578		return;
2579	if (!tb[NL80211_ATTR_REKEY_DATA])
2580		return;
2581	if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA,
2582			     tb[NL80211_ATTR_REKEY_DATA], rekey_policy))
2583		return;
2584	if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR])
2585		return;
2586
2587	os_memset(&data, 0, sizeof(data));
2588	data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]);
2589	wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR,
2590		   MAC2STR(data.driver_gtk_rekey.bssid));
2591	data.driver_gtk_rekey.replay_ctr =
2592		nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]);
2593	wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter",
2594		    data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN);
2595	wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data);
2596}
2597
2598
2599static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv,
2600					  struct nlattr **tb)
2601{
2602	struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE];
2603	static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = {
2604		[NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 },
2605		[NL80211_PMKSA_CANDIDATE_BSSID] = {
2606			.minlen = ETH_ALEN,
2607			.maxlen = ETH_ALEN,
2608		},
2609		[NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG },
2610	};
2611	union wpa_event_data data;
2612
2613	wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event");
2614
2615	if (!tb[NL80211_ATTR_PMKSA_CANDIDATE])
2616		return;
2617	if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE,
2618			     tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy))
2619		return;
2620	if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] ||
2621	    !cand[NL80211_PMKSA_CANDIDATE_BSSID])
2622		return;
2623
2624	os_memset(&data, 0, sizeof(data));
2625	os_memcpy(data.pmkid_candidate.bssid,
2626		  nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN);
2627	data.pmkid_candidate.index =
2628		nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]);
2629	data.pmkid_candidate.preauth =
2630		cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL;
2631	wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
2632}
2633
2634
2635static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv,
2636				       struct nlattr **tb)
2637{
2638	union wpa_event_data data;
2639
2640	wpa_printf(MSG_DEBUG, "nl80211: Probe client event");
2641
2642	if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK])
2643		return;
2644
2645	os_memset(&data, 0, sizeof(data));
2646	os_memcpy(data.client_poll.addr,
2647		  nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2648
2649	wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data);
2650}
2651
2652
2653static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv,
2654				    struct nlattr **tb)
2655{
2656	union wpa_event_data data;
2657
2658	wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event");
2659
2660	if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION])
2661		return;
2662
2663	os_memset(&data, 0, sizeof(data));
2664	os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2665	switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) {
2666	case NL80211_TDLS_SETUP:
2667		wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer "
2668			   MACSTR, MAC2STR(data.tdls.peer));
2669		data.tdls.oper = TDLS_REQUEST_SETUP;
2670		break;
2671	case NL80211_TDLS_TEARDOWN:
2672		wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer "
2673			   MACSTR, MAC2STR(data.tdls.peer));
2674		data.tdls.oper = TDLS_REQUEST_TEARDOWN;
2675		break;
2676	default:
2677		wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione "
2678			   "event");
2679		return;
2680	}
2681	if (tb[NL80211_ATTR_REASON_CODE]) {
2682		data.tdls.reason_code =
2683			nla_get_u16(tb[NL80211_ATTR_REASON_CODE]);
2684	}
2685
2686	wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data);
2687}
2688
2689
2690static void nl80211_stop_ap(struct wpa_driver_nl80211_data *drv,
2691			    struct nlattr **tb)
2692{
2693	wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_UNAVAILABLE, NULL);
2694}
2695
2696
2697static void nl80211_connect_failed_event(struct wpa_driver_nl80211_data *drv,
2698					 struct nlattr **tb)
2699{
2700	union wpa_event_data data;
2701	u32 reason;
2702
2703	wpa_printf(MSG_DEBUG, "nl80211: Connect failed event");
2704
2705	if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_CONN_FAILED_REASON])
2706		return;
2707
2708	os_memset(&data, 0, sizeof(data));
2709	os_memcpy(data.connect_failed_reason.addr,
2710		  nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2711
2712	reason = nla_get_u32(tb[NL80211_ATTR_CONN_FAILED_REASON]);
2713	switch (reason) {
2714	case NL80211_CONN_FAIL_MAX_CLIENTS:
2715		wpa_printf(MSG_DEBUG, "nl80211: Max client reached");
2716		data.connect_failed_reason.code = MAX_CLIENT_REACHED;
2717		break;
2718	case NL80211_CONN_FAIL_BLOCKED_CLIENT:
2719		wpa_printf(MSG_DEBUG, "nl80211: Blocked client " MACSTR
2720			   " tried to connect",
2721			   MAC2STR(data.connect_failed_reason.addr));
2722		data.connect_failed_reason.code = BLOCKED_CLIENT;
2723		break;
2724	default:
2725		wpa_printf(MSG_DEBUG, "nl8021l: Unknown connect failed reason "
2726			   "%u", reason);
2727		return;
2728	}
2729
2730	wpa_supplicant_event(drv->ctx, EVENT_CONNECT_FAILED_REASON, &data);
2731}
2732
2733
2734static void nl80211_radar_event(struct wpa_driver_nl80211_data *drv,
2735				struct nlattr **tb)
2736{
2737	union wpa_event_data data;
2738	enum nl80211_radar_event event_type;
2739
2740	if (!tb[NL80211_ATTR_WIPHY_FREQ] || !tb[NL80211_ATTR_RADAR_EVENT])
2741		return;
2742
2743	os_memset(&data, 0, sizeof(data));
2744	data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
2745	event_type = nla_get_u32(tb[NL80211_ATTR_RADAR_EVENT]);
2746
2747	/* Check HT params */
2748	if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2749		data.dfs_event.ht_enabled = 1;
2750		data.dfs_event.chan_offset = 0;
2751
2752		switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) {
2753		case NL80211_CHAN_NO_HT:
2754			data.dfs_event.ht_enabled = 0;
2755			break;
2756		case NL80211_CHAN_HT20:
2757			break;
2758		case NL80211_CHAN_HT40PLUS:
2759			data.dfs_event.chan_offset = 1;
2760			break;
2761		case NL80211_CHAN_HT40MINUS:
2762			data.dfs_event.chan_offset = -1;
2763			break;
2764		}
2765	}
2766
2767	/* Get VHT params */
2768	if (tb[NL80211_ATTR_CHANNEL_WIDTH])
2769		data.dfs_event.chan_width =
2770			convert2width(nla_get_u32(
2771					      tb[NL80211_ATTR_CHANNEL_WIDTH]));
2772	if (tb[NL80211_ATTR_CENTER_FREQ1])
2773		data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
2774	if (tb[NL80211_ATTR_CENTER_FREQ2])
2775		data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
2776
2777	wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz",
2778		   data.dfs_event.freq, data.dfs_event.ht_enabled,
2779		   data.dfs_event.chan_offset, data.dfs_event.chan_width,
2780		   data.dfs_event.cf1, data.dfs_event.cf2);
2781
2782	switch (event_type) {
2783	case NL80211_RADAR_DETECTED:
2784		wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data);
2785		break;
2786	case NL80211_RADAR_CAC_FINISHED:
2787		wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data);
2788		break;
2789	case NL80211_RADAR_CAC_ABORTED:
2790		wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data);
2791		break;
2792	case NL80211_RADAR_NOP_FINISHED:
2793		wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data);
2794		break;
2795	default:
2796		wpa_printf(MSG_DEBUG, "nl80211: Unknown radar event %d "
2797			   "received", event_type);
2798		break;
2799	}
2800}
2801
2802
2803static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb,
2804				   int wds)
2805{
2806	struct wpa_driver_nl80211_data *drv = bss->drv;
2807	union wpa_event_data event;
2808
2809	if (!tb[NL80211_ATTR_MAC])
2810		return;
2811
2812	os_memset(&event, 0, sizeof(event));
2813	event.rx_from_unknown.bssid = bss->addr;
2814	event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]);
2815	event.rx_from_unknown.wds = wds;
2816
2817	wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
2818}
2819
2820
2821static void qca_nl80211_avoid_freq(struct wpa_driver_nl80211_data *drv,
2822				   const u8 *data, size_t len)
2823{
2824	u32 i, count;
2825	union wpa_event_data event;
2826	struct wpa_freq_range *range = NULL;
2827	const struct qca_avoid_freq_list *freq_range;
2828
2829	freq_range = (const struct qca_avoid_freq_list *) data;
2830	if (len < sizeof(freq_range->count))
2831		return;
2832
2833	count = freq_range->count;
2834	if (len < sizeof(freq_range->count) +
2835	    count * sizeof(struct qca_avoid_freq_range)) {
2836		wpa_printf(MSG_DEBUG, "nl80211: Ignored too short avoid frequency list (len=%u)",
2837			   (unsigned int) len);
2838		return;
2839	}
2840
2841	if (count > 0) {
2842		range = os_calloc(count, sizeof(struct wpa_freq_range));
2843		if (range == NULL)
2844			return;
2845	}
2846
2847	os_memset(&event, 0, sizeof(event));
2848	for (i = 0; i < count; i++) {
2849		unsigned int idx = event.freq_range.num;
2850		range[idx].min = freq_range->range[i].start_freq;
2851		range[idx].max = freq_range->range[i].end_freq;
2852		wpa_printf(MSG_DEBUG, "nl80211: Avoid frequency range: %u-%u",
2853			   range[idx].min, range[idx].max);
2854		if (range[idx].min > range[idx].max) {
2855			wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid frequency range");
2856			continue;
2857		}
2858		event.freq_range.num++;
2859	}
2860	event.freq_range.range = range;
2861
2862	wpa_supplicant_event(drv->ctx, EVENT_AVOID_FREQUENCIES, &event);
2863
2864	os_free(range);
2865}
2866
2867
2868static void nl80211_vendor_event_qca(struct wpa_driver_nl80211_data *drv,
2869				     u32 subcmd, u8 *data, size_t len)
2870{
2871	switch (subcmd) {
2872	case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY:
2873		qca_nl80211_avoid_freq(drv, data, len);
2874		break;
2875	default:
2876		wpa_printf(MSG_DEBUG,
2877			   "nl80211: Ignore unsupported QCA vendor event %u",
2878			   subcmd);
2879		break;
2880	}
2881}
2882
2883
2884static void nl80211_vendor_event(struct wpa_driver_nl80211_data *drv,
2885				 struct nlattr **tb)
2886{
2887	u32 vendor_id, subcmd, wiphy = 0;
2888	int wiphy_idx;
2889	u8 *data = NULL;
2890	size_t len = 0;
2891
2892	if (!tb[NL80211_ATTR_VENDOR_ID] ||
2893	    !tb[NL80211_ATTR_VENDOR_SUBCMD])
2894		return;
2895
2896	vendor_id = nla_get_u32(tb[NL80211_ATTR_VENDOR_ID]);
2897	subcmd = nla_get_u32(tb[NL80211_ATTR_VENDOR_SUBCMD]);
2898
2899	if (tb[NL80211_ATTR_WIPHY])
2900		wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2901
2902	wpa_printf(MSG_DEBUG, "nl80211: Vendor event: wiphy=%u vendor_id=0x%x subcmd=%u",
2903		   wiphy, vendor_id, subcmd);
2904
2905	if (tb[NL80211_ATTR_VENDOR_DATA]) {
2906		data = nla_data(tb[NL80211_ATTR_VENDOR_DATA]);
2907		len = nla_len(tb[NL80211_ATTR_VENDOR_DATA]);
2908		wpa_hexdump(MSG_MSGDUMP, "nl80211: Vendor data", data, len);
2909	}
2910
2911	wiphy_idx = nl80211_get_wiphy_index(drv->first_bss);
2912	if (wiphy_idx >= 0 && wiphy_idx != (int) wiphy) {
2913		wpa_printf(MSG_DEBUG, "nl80211: Ignore vendor event for foreign wiphy %u (own: %d)",
2914			   wiphy, wiphy_idx);
2915		return;
2916	}
2917
2918	switch (vendor_id) {
2919	case OUI_QCA:
2920		nl80211_vendor_event_qca(drv, subcmd, data, len);
2921		break;
2922	default:
2923		wpa_printf(MSG_DEBUG, "nl80211: Ignore unsupported vendor event");
2924		break;
2925	}
2926}
2927
2928
2929static void nl80211_reg_change_event(struct wpa_driver_nl80211_data *drv,
2930				     struct nlattr *tb[])
2931{
2932	union wpa_event_data data;
2933	enum nl80211_reg_initiator init;
2934
2935	wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change");
2936
2937	if (tb[NL80211_ATTR_REG_INITIATOR] == NULL)
2938		return;
2939
2940	os_memset(&data, 0, sizeof(data));
2941	init = nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR]);
2942	wpa_printf(MSG_DEBUG, " * initiator=%d", init);
2943	switch (init) {
2944	case NL80211_REGDOM_SET_BY_CORE:
2945		data.channel_list_changed.initiator = REGDOM_SET_BY_CORE;
2946		break;
2947	case NL80211_REGDOM_SET_BY_USER:
2948		data.channel_list_changed.initiator = REGDOM_SET_BY_USER;
2949		break;
2950	case NL80211_REGDOM_SET_BY_DRIVER:
2951		data.channel_list_changed.initiator = REGDOM_SET_BY_DRIVER;
2952		break;
2953	case NL80211_REGDOM_SET_BY_COUNTRY_IE:
2954		data.channel_list_changed.initiator = REGDOM_SET_BY_COUNTRY_IE;
2955		break;
2956	}
2957
2958	if (tb[NL80211_ATTR_REG_TYPE]) {
2959		enum nl80211_reg_type type;
2960		type = nla_get_u8(tb[NL80211_ATTR_REG_TYPE]);
2961		wpa_printf(MSG_DEBUG, " * type=%d", type);
2962		switch (type) {
2963		case NL80211_REGDOM_TYPE_COUNTRY:
2964			data.channel_list_changed.type = REGDOM_TYPE_COUNTRY;
2965			break;
2966		case NL80211_REGDOM_TYPE_WORLD:
2967			data.channel_list_changed.type = REGDOM_TYPE_WORLD;
2968			break;
2969		case NL80211_REGDOM_TYPE_CUSTOM_WORLD:
2970			data.channel_list_changed.type =
2971				REGDOM_TYPE_CUSTOM_WORLD;
2972			break;
2973		case NL80211_REGDOM_TYPE_INTERSECTION:
2974			data.channel_list_changed.type =
2975				REGDOM_TYPE_INTERSECTION;
2976			break;
2977		}
2978	}
2979
2980	if (tb[NL80211_ATTR_REG_ALPHA2]) {
2981		os_strlcpy(data.channel_list_changed.alpha2,
2982			   nla_get_string(tb[NL80211_ATTR_REG_ALPHA2]),
2983			   sizeof(data.channel_list_changed.alpha2));
2984		wpa_printf(MSG_DEBUG, " * alpha2=%s",
2985			   data.channel_list_changed.alpha2);
2986	}
2987
2988	wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, &data);
2989}
2990
2991
2992static void do_process_drv_event(struct i802_bss *bss, int cmd,
2993				 struct nlattr **tb)
2994{
2995	struct wpa_driver_nl80211_data *drv = bss->drv;
2996	union wpa_event_data data;
2997
2998	wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s",
2999		   cmd, nl80211_command_to_string(cmd), bss->ifname);
3000
3001	if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED &&
3002	    (cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
3003	     cmd == NL80211_CMD_SCAN_ABORTED)) {
3004		wpa_driver_nl80211_set_mode(drv->first_bss,
3005					    drv->ap_scan_as_station);
3006		drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
3007	}
3008
3009	switch (cmd) {
3010	case NL80211_CMD_TRIGGER_SCAN:
3011		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan trigger");
3012		drv->scan_state = SCAN_STARTED;
3013		if (drv->scan_for_auth) {
3014			/*
3015			 * Cannot indicate EVENT_SCAN_STARTED here since we skip
3016			 * EVENT_SCAN_RESULTS in scan_for_auth case and the
3017			 * upper layer implementation could get confused about
3018			 * scanning state.
3019			 */
3020			wpa_printf(MSG_DEBUG, "nl80211: Do not indicate scan-start event due to internal scan_for_auth");
3021			break;
3022		}
3023		wpa_supplicant_event(drv->ctx, EVENT_SCAN_STARTED, NULL);
3024		break;
3025	case NL80211_CMD_START_SCHED_SCAN:
3026		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan started");
3027		drv->scan_state = SCHED_SCAN_STARTED;
3028		break;
3029	case NL80211_CMD_SCHED_SCAN_STOPPED:
3030		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan stopped");
3031		drv->scan_state = SCHED_SCAN_STOPPED;
3032		wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL);
3033		break;
3034	case NL80211_CMD_NEW_SCAN_RESULTS:
3035		wpa_dbg(drv->ctx, MSG_DEBUG,
3036			"nl80211: New scan results available");
3037		drv->scan_state = SCAN_COMPLETED;
3038		drv->scan_complete_events = 1;
3039		eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
3040				     drv->ctx);
3041		send_scan_event(drv, 0, tb);
3042		break;
3043	case NL80211_CMD_SCHED_SCAN_RESULTS:
3044		wpa_dbg(drv->ctx, MSG_DEBUG,
3045			"nl80211: New sched scan results available");
3046		drv->scan_state = SCHED_SCAN_RESULTS;
3047		send_scan_event(drv, 0, tb);
3048		break;
3049	case NL80211_CMD_SCAN_ABORTED:
3050		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted");
3051		drv->scan_state = SCAN_ABORTED;
3052		/*
3053		 * Need to indicate that scan results are available in order
3054		 * not to make wpa_supplicant stop its scanning.
3055		 */
3056		eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
3057				     drv->ctx);
3058		send_scan_event(drv, 1, tb);
3059		break;
3060	case NL80211_CMD_AUTHENTICATE:
3061	case NL80211_CMD_ASSOCIATE:
3062	case NL80211_CMD_DEAUTHENTICATE:
3063	case NL80211_CMD_DISASSOCIATE:
3064	case NL80211_CMD_FRAME_TX_STATUS:
3065	case NL80211_CMD_UNPROT_DEAUTHENTICATE:
3066	case NL80211_CMD_UNPROT_DISASSOCIATE:
3067		mlme_event(bss, cmd, tb[NL80211_ATTR_FRAME],
3068			   tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
3069			   tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
3070			   tb[NL80211_ATTR_COOKIE],
3071			   tb[NL80211_ATTR_RX_SIGNAL_DBM]);
3072		break;
3073	case NL80211_CMD_CONNECT:
3074	case NL80211_CMD_ROAM:
3075		mlme_event_connect(drv, cmd,
3076				   tb[NL80211_ATTR_STATUS_CODE],
3077				   tb[NL80211_ATTR_MAC],
3078				   tb[NL80211_ATTR_REQ_IE],
3079				   tb[NL80211_ATTR_RESP_IE]);
3080		break;
3081	case NL80211_CMD_CH_SWITCH_NOTIFY:
3082		mlme_event_ch_switch(drv,
3083				     tb[NL80211_ATTR_IFINDEX],
3084				     tb[NL80211_ATTR_WIPHY_FREQ],
3085				     tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3086				     tb[NL80211_ATTR_CHANNEL_WIDTH],
3087				     tb[NL80211_ATTR_CENTER_FREQ1],
3088				     tb[NL80211_ATTR_CENTER_FREQ2]);
3089		break;
3090	case NL80211_CMD_DISCONNECT:
3091		mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE],
3092				      tb[NL80211_ATTR_MAC],
3093				      tb[NL80211_ATTR_DISCONNECTED_BY_AP]);
3094		break;
3095	case NL80211_CMD_MICHAEL_MIC_FAILURE:
3096		mlme_event_michael_mic_failure(bss, tb);
3097		break;
3098	case NL80211_CMD_JOIN_IBSS:
3099		mlme_event_join_ibss(drv, tb);
3100		break;
3101	case NL80211_CMD_REMAIN_ON_CHANNEL:
3102		mlme_event_remain_on_channel(drv, 0, tb);
3103		break;
3104	case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
3105		mlme_event_remain_on_channel(drv, 1, tb);
3106		break;
3107	case NL80211_CMD_NOTIFY_CQM:
3108		nl80211_cqm_event(drv, tb);
3109		break;
3110	case NL80211_CMD_REG_CHANGE:
3111		nl80211_reg_change_event(drv, tb);
3112		break;
3113	case NL80211_CMD_REG_BEACON_HINT:
3114		wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
3115		os_memset(&data, 0, sizeof(data));
3116		data.channel_list_changed.initiator = REGDOM_BEACON_HINT;
3117		wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
3118				     &data);
3119		break;
3120	case NL80211_CMD_NEW_STATION:
3121		nl80211_new_station_event(drv, tb);
3122		break;
3123	case NL80211_CMD_DEL_STATION:
3124		nl80211_del_station_event(drv, tb);
3125		break;
3126	case NL80211_CMD_SET_REKEY_OFFLOAD:
3127		nl80211_rekey_offload_event(drv, tb);
3128		break;
3129	case NL80211_CMD_PMKSA_CANDIDATE:
3130		nl80211_pmksa_candidate_event(drv, tb);
3131		break;
3132	case NL80211_CMD_PROBE_CLIENT:
3133		nl80211_client_probe_event(drv, tb);
3134		break;
3135	case NL80211_CMD_TDLS_OPER:
3136		nl80211_tdls_oper_event(drv, tb);
3137		break;
3138	case NL80211_CMD_CONN_FAILED:
3139		nl80211_connect_failed_event(drv, tb);
3140		break;
3141	case NL80211_CMD_FT_EVENT:
3142		mlme_event_ft_event(drv, tb);
3143		break;
3144	case NL80211_CMD_RADAR_DETECT:
3145		nl80211_radar_event(drv, tb);
3146		break;
3147	case NL80211_CMD_STOP_AP:
3148		nl80211_stop_ap(drv, tb);
3149		break;
3150	case NL80211_CMD_VENDOR:
3151		nl80211_vendor_event(drv, tb);
3152		break;
3153	default:
3154		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event "
3155			"(cmd=%d)", cmd);
3156		break;
3157	}
3158}
3159
3160
3161static int process_drv_event(struct nl_msg *msg, void *arg)
3162{
3163	struct wpa_driver_nl80211_data *drv = arg;
3164	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3165	struct nlattr *tb[NL80211_ATTR_MAX + 1];
3166	struct i802_bss *bss;
3167	int ifidx = -1;
3168
3169	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3170		  genlmsg_attrlen(gnlh, 0), NULL);
3171
3172	if (tb[NL80211_ATTR_IFINDEX]) {
3173		ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3174
3175		for (bss = drv->first_bss; bss; bss = bss->next)
3176			if (ifidx == -1 || ifidx == bss->ifindex) {
3177				do_process_drv_event(bss, gnlh->cmd, tb);
3178				return NL_SKIP;
3179			}
3180		wpa_printf(MSG_DEBUG,
3181			   "nl80211: Ignored event (cmd=%d) for foreign interface (ifindex %d)",
3182			   gnlh->cmd, ifidx);
3183	} else if (tb[NL80211_ATTR_WDEV]) {
3184		u64 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
3185		wpa_printf(MSG_DEBUG, "nl80211: Process event on P2P device");
3186		for (bss = drv->first_bss; bss; bss = bss->next) {
3187			if (bss->wdev_id_set && wdev_id == bss->wdev_id) {
3188				do_process_drv_event(bss, gnlh->cmd, tb);
3189				return NL_SKIP;
3190			}
3191		}
3192		wpa_printf(MSG_DEBUG,
3193			   "nl80211: Ignored event (cmd=%d) for foreign interface (wdev 0x%llx)",
3194			   gnlh->cmd, (long long unsigned int) wdev_id);
3195	}
3196
3197	return NL_SKIP;
3198}
3199
3200
3201static int process_global_event(struct nl_msg *msg, void *arg)
3202{
3203	struct nl80211_global *global = arg;
3204	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3205	struct nlattr *tb[NL80211_ATTR_MAX + 1];
3206	struct wpa_driver_nl80211_data *drv, *tmp;
3207	int ifidx = -1;
3208	struct i802_bss *bss;
3209	u64 wdev_id = 0;
3210	int wdev_id_set = 0;
3211
3212	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3213		  genlmsg_attrlen(gnlh, 0), NULL);
3214
3215	if (tb[NL80211_ATTR_IFINDEX])
3216		ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3217	else if (tb[NL80211_ATTR_WDEV]) {
3218		wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
3219		wdev_id_set = 1;
3220	}
3221
3222	dl_list_for_each_safe(drv, tmp, &global->interfaces,
3223			      struct wpa_driver_nl80211_data, list) {
3224		for (bss = drv->first_bss; bss; bss = bss->next) {
3225			if ((ifidx == -1 && !wdev_id_set) ||
3226			    ifidx == bss->ifindex ||
3227			    (wdev_id_set && bss->wdev_id_set &&
3228			     wdev_id == bss->wdev_id)) {
3229				do_process_drv_event(bss, gnlh->cmd, tb);
3230				return NL_SKIP;
3231			}
3232		}
3233	}
3234
3235	return NL_SKIP;
3236}
3237
3238
3239static int process_bss_event(struct nl_msg *msg, void *arg)
3240{
3241	struct i802_bss *bss = arg;
3242	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3243	struct nlattr *tb[NL80211_ATTR_MAX + 1];
3244
3245	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3246		  genlmsg_attrlen(gnlh, 0), NULL);
3247
3248	wpa_printf(MSG_DEBUG, "nl80211: BSS Event %d (%s) received for %s",
3249		   gnlh->cmd, nl80211_command_to_string(gnlh->cmd),
3250		   bss->ifname);
3251
3252	switch (gnlh->cmd) {
3253	case NL80211_CMD_FRAME:
3254	case NL80211_CMD_FRAME_TX_STATUS:
3255		mlme_event(bss, gnlh->cmd, tb[NL80211_ATTR_FRAME],
3256			   tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
3257			   tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
3258			   tb[NL80211_ATTR_COOKIE],
3259			   tb[NL80211_ATTR_RX_SIGNAL_DBM]);
3260		break;
3261	case NL80211_CMD_UNEXPECTED_FRAME:
3262		nl80211_spurious_frame(bss, tb, 0);
3263		break;
3264	case NL80211_CMD_UNEXPECTED_4ADDR_FRAME:
3265		nl80211_spurious_frame(bss, tb, 1);
3266		break;
3267	default:
3268		wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
3269			   "(cmd=%d)", gnlh->cmd);
3270		break;
3271	}
3272
3273	return NL_SKIP;
3274}
3275
3276
3277static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
3278					     void *handle)
3279{
3280	struct nl_cb *cb = eloop_ctx;
3281	int res;
3282
3283	wpa_printf(MSG_MSGDUMP, "nl80211: Event message available");
3284
3285	res = nl_recvmsgs(handle, cb);
3286	if (res < 0) {
3287		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
3288			   __func__, res);
3289	}
3290}
3291
3292
3293/**
3294 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
3295 * @priv: driver_nl80211 private data
3296 * @alpha2_arg: country to which to switch to
3297 * Returns: 0 on success, -1 on failure
3298 *
3299 * This asks nl80211 to set the regulatory domain for given
3300 * country ISO / IEC alpha2.
3301 */
3302static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
3303{
3304	struct i802_bss *bss = priv;
3305	struct wpa_driver_nl80211_data *drv = bss->drv;
3306	char alpha2[3];
3307	struct nl_msg *msg;
3308
3309	msg = nlmsg_alloc();
3310	if (!msg)
3311		return -ENOMEM;
3312
3313	alpha2[0] = alpha2_arg[0];
3314	alpha2[1] = alpha2_arg[1];
3315	alpha2[2] = '\0';
3316
3317	nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG);
3318
3319	NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
3320	if (send_and_recv_msgs(drv, msg, NULL, NULL))
3321		return -EINVAL;
3322	return 0;
3323nla_put_failure:
3324	nlmsg_free(msg);
3325	return -EINVAL;
3326}
3327
3328
3329static int nl80211_get_country(struct nl_msg *msg, void *arg)
3330{
3331	char *alpha2 = arg;
3332	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
3333	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3334
3335	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3336		  genlmsg_attrlen(gnlh, 0), NULL);
3337	if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) {
3338		wpa_printf(MSG_DEBUG, "nl80211: No country information available");
3339		return NL_SKIP;
3340	}
3341	os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3);
3342	return NL_SKIP;
3343}
3344
3345
3346static int wpa_driver_nl80211_get_country(void *priv, char *alpha2)
3347{
3348	struct i802_bss *bss = priv;
3349	struct wpa_driver_nl80211_data *drv = bss->drv;
3350	struct nl_msg *msg;
3351	int ret;
3352
3353	msg = nlmsg_alloc();
3354	if (!msg)
3355		return -ENOMEM;
3356
3357	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG);
3358	alpha2[0] = '\0';
3359	ret = send_and_recv_msgs(drv, msg, nl80211_get_country, alpha2);
3360	if (!alpha2[0])
3361		ret = -1;
3362
3363	return ret;
3364}
3365
3366
3367static int protocol_feature_handler(struct nl_msg *msg, void *arg)
3368{
3369	u32 *feat = arg;
3370	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
3371	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3372
3373	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3374		  genlmsg_attrlen(gnlh, 0), NULL);
3375
3376	if (tb_msg[NL80211_ATTR_PROTOCOL_FEATURES])
3377		*feat = nla_get_u32(tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]);
3378
3379	return NL_SKIP;
3380}
3381
3382
3383static u32 get_nl80211_protocol_features(struct wpa_driver_nl80211_data *drv)
3384{
3385	u32 feat = 0;
3386	struct nl_msg *msg;
3387
3388	msg = nlmsg_alloc();
3389	if (!msg)
3390		goto nla_put_failure;
3391
3392	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_PROTOCOL_FEATURES);
3393	if (send_and_recv_msgs(drv, msg, protocol_feature_handler, &feat) == 0)
3394		return feat;
3395
3396	msg = NULL;
3397nla_put_failure:
3398	nlmsg_free(msg);
3399	return 0;
3400}
3401
3402
3403struct wiphy_info_data {
3404	struct wpa_driver_nl80211_data *drv;
3405	struct wpa_driver_capa *capa;
3406
3407	unsigned int num_multichan_concurrent;
3408
3409	unsigned int error:1;
3410	unsigned int device_ap_sme:1;
3411	unsigned int poll_command_supported:1;
3412	unsigned int data_tx_status:1;
3413	unsigned int monitor_supported:1;
3414	unsigned int auth_supported:1;
3415	unsigned int connect_supported:1;
3416	unsigned int p2p_go_supported:1;
3417	unsigned int p2p_client_supported:1;
3418	unsigned int p2p_concurrent:1;
3419	unsigned int channel_switch_supported:1;
3420	unsigned int set_qos_map_supported:1;
3421	unsigned int have_low_prio_scan:1;
3422};
3423
3424
3425static unsigned int probe_resp_offload_support(int supp_protocols)
3426{
3427	unsigned int prot = 0;
3428
3429	if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS)
3430		prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS;
3431	if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2)
3432		prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2;
3433	if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P)
3434		prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P;
3435	if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U)
3436		prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING;
3437
3438	return prot;
3439}
3440
3441
3442static void wiphy_info_supported_iftypes(struct wiphy_info_data *info,
3443					 struct nlattr *tb)
3444{
3445	struct nlattr *nl_mode;
3446	int i;
3447
3448	if (tb == NULL)
3449		return;
3450
3451	nla_for_each_nested(nl_mode, tb, i) {
3452		switch (nla_type(nl_mode)) {
3453		case NL80211_IFTYPE_AP:
3454			info->capa->flags |= WPA_DRIVER_FLAGS_AP;
3455			break;
3456		case NL80211_IFTYPE_ADHOC:
3457			info->capa->flags |= WPA_DRIVER_FLAGS_IBSS;
3458			break;
3459		case NL80211_IFTYPE_P2P_DEVICE:
3460			info->capa->flags |=
3461				WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE;
3462			break;
3463		case NL80211_IFTYPE_P2P_GO:
3464			info->p2p_go_supported = 1;
3465			break;
3466		case NL80211_IFTYPE_P2P_CLIENT:
3467			info->p2p_client_supported = 1;
3468			break;
3469		case NL80211_IFTYPE_MONITOR:
3470			info->monitor_supported = 1;
3471			break;
3472		}
3473	}
3474}
3475
3476
3477static int wiphy_info_iface_comb_process(struct wiphy_info_data *info,
3478					 struct nlattr *nl_combi)
3479{
3480	struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB];
3481	struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT];
3482	struct nlattr *nl_limit, *nl_mode;
3483	int err, rem_limit, rem_mode;
3484	int combination_has_p2p = 0, combination_has_mgd = 0;
3485	static struct nla_policy
3486	iface_combination_policy[NUM_NL80211_IFACE_COMB] = {
3487		[NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED },
3488		[NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 },
3489		[NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG },
3490		[NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 },
3491		[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS] = { .type = NLA_U32 },
3492	},
3493	iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = {
3494		[NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED },
3495		[NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 },
3496	};
3497
3498	err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB,
3499			       nl_combi, iface_combination_policy);
3500	if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] ||
3501	    !tb_comb[NL80211_IFACE_COMB_MAXNUM] ||
3502	    !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS])
3503		return 0; /* broken combination */
3504
3505	if (tb_comb[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS])
3506		info->capa->flags |= WPA_DRIVER_FLAGS_RADAR;
3507
3508	nla_for_each_nested(nl_limit, tb_comb[NL80211_IFACE_COMB_LIMITS],
3509			    rem_limit) {
3510		err = nla_parse_nested(tb_limit, MAX_NL80211_IFACE_LIMIT,
3511				       nl_limit, iface_limit_policy);
3512		if (err || !tb_limit[NL80211_IFACE_LIMIT_TYPES])
3513			return 0; /* broken combination */
3514
3515		nla_for_each_nested(nl_mode,
3516				    tb_limit[NL80211_IFACE_LIMIT_TYPES],
3517				    rem_mode) {
3518			int ift = nla_type(nl_mode);
3519			if (ift == NL80211_IFTYPE_P2P_GO ||
3520			    ift == NL80211_IFTYPE_P2P_CLIENT)
3521				combination_has_p2p = 1;
3522			if (ift == NL80211_IFTYPE_STATION)
3523				combination_has_mgd = 1;
3524		}
3525		if (combination_has_p2p && combination_has_mgd)
3526			break;
3527	}
3528
3529	if (combination_has_p2p && combination_has_mgd) {
3530		unsigned int num_channels =
3531			nla_get_u32(tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]);
3532
3533		info->p2p_concurrent = 1;
3534		if (info->num_multichan_concurrent < num_channels)
3535			info->num_multichan_concurrent = num_channels;
3536	}
3537
3538	return 0;
3539}
3540
3541
3542static void wiphy_info_iface_comb(struct wiphy_info_data *info,
3543				  struct nlattr *tb)
3544{
3545	struct nlattr *nl_combi;
3546	int rem_combi;
3547
3548	if (tb == NULL)
3549		return;
3550
3551	nla_for_each_nested(nl_combi, tb, rem_combi) {
3552		if (wiphy_info_iface_comb_process(info, nl_combi) > 0)
3553			break;
3554	}
3555}
3556
3557
3558static void wiphy_info_supp_cmds(struct wiphy_info_data *info,
3559				 struct nlattr *tb)
3560{
3561	struct nlattr *nl_cmd;
3562	int i;
3563
3564	if (tb == NULL)
3565		return;
3566
3567	nla_for_each_nested(nl_cmd, tb, i) {
3568		switch (nla_get_u32(nl_cmd)) {
3569		case NL80211_CMD_AUTHENTICATE:
3570			info->auth_supported = 1;
3571			break;
3572		case NL80211_CMD_CONNECT:
3573			info->connect_supported = 1;
3574			break;
3575		case NL80211_CMD_START_SCHED_SCAN:
3576			info->capa->sched_scan_supported = 1;
3577			break;
3578		case NL80211_CMD_PROBE_CLIENT:
3579			info->poll_command_supported = 1;
3580			break;
3581		case NL80211_CMD_CHANNEL_SWITCH:
3582			info->channel_switch_supported = 1;
3583			break;
3584		case NL80211_CMD_SET_QOS_MAP:
3585			info->set_qos_map_supported = 1;
3586			break;
3587		}
3588	}
3589}
3590
3591
3592static void wiphy_info_cipher_suites(struct wiphy_info_data *info,
3593				     struct nlattr *tb)
3594{
3595	int i, num;
3596	u32 *ciphers;
3597
3598	if (tb == NULL)
3599		return;
3600
3601	num = nla_len(tb) / sizeof(u32);
3602	ciphers = nla_data(tb);
3603	for (i = 0; i < num; i++) {
3604		u32 c = ciphers[i];
3605
3606		wpa_printf(MSG_DEBUG, "nl80211: Supported cipher %02x-%02x-%02x:%d",
3607			   c >> 24, (c >> 16) & 0xff,
3608			   (c >> 8) & 0xff, c & 0xff);
3609		switch (c) {
3610		case WLAN_CIPHER_SUITE_CCMP_256:
3611			info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP_256;
3612			break;
3613		case WLAN_CIPHER_SUITE_GCMP_256:
3614			info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP_256;
3615			break;
3616		case WLAN_CIPHER_SUITE_CCMP:
3617			info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP;
3618			break;
3619		case WLAN_CIPHER_SUITE_GCMP:
3620			info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP;
3621			break;
3622		case WLAN_CIPHER_SUITE_TKIP:
3623			info->capa->enc |= WPA_DRIVER_CAPA_ENC_TKIP;
3624			break;
3625		case WLAN_CIPHER_SUITE_WEP104:
3626			info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP104;
3627			break;
3628		case WLAN_CIPHER_SUITE_WEP40:
3629			info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP40;
3630			break;
3631		case WLAN_CIPHER_SUITE_AES_CMAC:
3632			info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP;
3633			break;
3634		case WLAN_CIPHER_SUITE_BIP_GMAC_128:
3635			info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_128;
3636			break;
3637		case WLAN_CIPHER_SUITE_BIP_GMAC_256:
3638			info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_256;
3639			break;
3640		case WLAN_CIPHER_SUITE_BIP_CMAC_256:
3641			info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_CMAC_256;
3642			break;
3643		case WLAN_CIPHER_SUITE_NO_GROUP_ADDR:
3644			info->capa->enc |= WPA_DRIVER_CAPA_ENC_GTK_NOT_USED;
3645			break;
3646		}
3647	}
3648}
3649
3650
3651static void wiphy_info_max_roc(struct wpa_driver_capa *capa,
3652			       struct nlattr *tb)
3653{
3654	if (tb)
3655		capa->max_remain_on_chan = nla_get_u32(tb);
3656}
3657
3658
3659static void wiphy_info_tdls(struct wpa_driver_capa *capa, struct nlattr *tdls,
3660			    struct nlattr *ext_setup)
3661{
3662	if (tdls == NULL)
3663		return;
3664
3665	wpa_printf(MSG_DEBUG, "nl80211: TDLS supported");
3666	capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT;
3667
3668	if (ext_setup) {
3669		wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup");
3670		capa->flags |= WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP;
3671	}
3672}
3673
3674
3675static void wiphy_info_feature_flags(struct wiphy_info_data *info,
3676				     struct nlattr *tb)
3677{
3678	u32 flags;
3679	struct wpa_driver_capa *capa = info->capa;
3680
3681	if (tb == NULL)
3682		return;
3683
3684	flags = nla_get_u32(tb);
3685
3686	if (flags & NL80211_FEATURE_SK_TX_STATUS)
3687		info->data_tx_status = 1;
3688
3689	if (flags & NL80211_FEATURE_INACTIVITY_TIMER)
3690		capa->flags |= WPA_DRIVER_FLAGS_INACTIVITY_TIMER;
3691
3692	if (flags & NL80211_FEATURE_SAE)
3693		capa->flags |= WPA_DRIVER_FLAGS_SAE;
3694
3695	if (flags & NL80211_FEATURE_NEED_OBSS_SCAN)
3696		capa->flags |= WPA_DRIVER_FLAGS_OBSS_SCAN;
3697
3698	if (flags & NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)
3699		capa->flags |= WPA_DRIVER_FLAGS_HT_2040_COEX;
3700
3701	if (flags & NL80211_FEATURE_LOW_PRIORITY_SCAN)
3702		info->have_low_prio_scan = 1;
3703}
3704
3705
3706static void wiphy_info_probe_resp_offload(struct wpa_driver_capa *capa,
3707					  struct nlattr *tb)
3708{
3709	u32 protocols;
3710
3711	if (tb == NULL)
3712		return;
3713
3714	protocols = nla_get_u32(tb);
3715	wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response offload in AP "
3716		   "mode");
3717	capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD;
3718	capa->probe_resp_offloads = probe_resp_offload_support(protocols);
3719}
3720
3721
3722static void wiphy_info_wowlan_triggers(struct wpa_driver_capa *capa,
3723				       struct nlattr *tb)
3724{
3725	struct nlattr *triggers[MAX_NL80211_WOWLAN_TRIG + 1];
3726
3727	if (tb == NULL)
3728		return;
3729
3730	if (nla_parse_nested(triggers, MAX_NL80211_WOWLAN_TRIG,
3731			     tb, NULL))
3732		return;
3733
3734	if (triggers[NL80211_WOWLAN_TRIG_ANY])
3735		capa->wowlan_triggers.any = 1;
3736	if (triggers[NL80211_WOWLAN_TRIG_DISCONNECT])
3737		capa->wowlan_triggers.disconnect = 1;
3738	if (triggers[NL80211_WOWLAN_TRIG_MAGIC_PKT])
3739		capa->wowlan_triggers.magic_pkt = 1;
3740	if (triggers[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE])
3741		capa->wowlan_triggers.gtk_rekey_failure = 1;
3742	if (triggers[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST])
3743		capa->wowlan_triggers.eap_identity_req = 1;
3744	if (triggers[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE])
3745		capa->wowlan_triggers.four_way_handshake = 1;
3746	if (triggers[NL80211_WOWLAN_TRIG_RFKILL_RELEASE])
3747		capa->wowlan_triggers.rfkill_release = 1;
3748}
3749
3750
3751static int wiphy_info_handler(struct nl_msg *msg, void *arg)
3752{
3753	struct nlattr *tb[NL80211_ATTR_MAX + 1];
3754	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3755	struct wiphy_info_data *info = arg;
3756	struct wpa_driver_capa *capa = info->capa;
3757	struct wpa_driver_nl80211_data *drv = info->drv;
3758
3759	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3760		  genlmsg_attrlen(gnlh, 0), NULL);
3761
3762	if (tb[NL80211_ATTR_WIPHY_NAME])
3763		os_strlcpy(drv->phyname,
3764			   nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]),
3765			   sizeof(drv->phyname));
3766	if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
3767		capa->max_scan_ssids =
3768			nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
3769
3770	if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS])
3771		capa->max_sched_scan_ssids =
3772			nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]);
3773
3774	if (tb[NL80211_ATTR_MAX_MATCH_SETS])
3775		capa->max_match_sets =
3776			nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]);
3777
3778	if (tb[NL80211_ATTR_MAC_ACL_MAX])
3779		capa->max_acl_mac_addrs =
3780			nla_get_u8(tb[NL80211_ATTR_MAC_ACL_MAX]);
3781
3782	wiphy_info_supported_iftypes(info, tb[NL80211_ATTR_SUPPORTED_IFTYPES]);
3783	wiphy_info_iface_comb(info, tb[NL80211_ATTR_INTERFACE_COMBINATIONS]);
3784	wiphy_info_supp_cmds(info, tb[NL80211_ATTR_SUPPORTED_COMMANDS]);
3785	wiphy_info_cipher_suites(info, tb[NL80211_ATTR_CIPHER_SUITES]);
3786
3787	if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) {
3788		wpa_printf(MSG_DEBUG, "nl80211: Using driver-based "
3789			   "off-channel TX");
3790		capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
3791	}
3792
3793	if (tb[NL80211_ATTR_ROAM_SUPPORT]) {
3794		wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming");
3795		capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION;
3796	}
3797
3798	wiphy_info_max_roc(capa,
3799			   tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]);
3800
3801	if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD])
3802		capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD;
3803
3804	wiphy_info_tdls(capa, tb[NL80211_ATTR_TDLS_SUPPORT],
3805			tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]);
3806
3807	if (tb[NL80211_ATTR_DEVICE_AP_SME])
3808		info->device_ap_sme = 1;
3809
3810	wiphy_info_feature_flags(info, tb[NL80211_ATTR_FEATURE_FLAGS]);
3811	wiphy_info_probe_resp_offload(capa,
3812				      tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]);
3813
3814	if (tb[NL80211_ATTR_EXT_CAPA] && tb[NL80211_ATTR_EXT_CAPA_MASK] &&
3815	    drv->extended_capa == NULL) {
3816		drv->extended_capa =
3817			os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3818		if (drv->extended_capa) {
3819			os_memcpy(drv->extended_capa,
3820				  nla_data(tb[NL80211_ATTR_EXT_CAPA]),
3821				  nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3822			drv->extended_capa_len =
3823				nla_len(tb[NL80211_ATTR_EXT_CAPA]);
3824		}
3825		drv->extended_capa_mask =
3826			os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3827		if (drv->extended_capa_mask) {
3828			os_memcpy(drv->extended_capa_mask,
3829				  nla_data(tb[NL80211_ATTR_EXT_CAPA]),
3830				  nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3831		} else {
3832			os_free(drv->extended_capa);
3833			drv->extended_capa = NULL;
3834			drv->extended_capa_len = 0;
3835		}
3836	}
3837
3838	if (tb[NL80211_ATTR_VENDOR_DATA]) {
3839		struct nlattr *nl;
3840		int rem;
3841
3842		nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_DATA], rem) {
3843			struct nl80211_vendor_cmd_info *vinfo;
3844			if (nla_len(nl) != sizeof(*vinfo)) {
3845				wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info");
3846				continue;
3847			}
3848			vinfo = nla_data(nl);
3849			if (vinfo->subcmd ==
3850			    QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY)
3851				drv->dfs_vendor_cmd_avail = 1;
3852
3853			wpa_printf(MSG_DEBUG, "nl80211: Supported vendor command: vendor_id=0x%x subcmd=%u",
3854				   vinfo->vendor_id, vinfo->subcmd);
3855		}
3856	}
3857
3858	if (tb[NL80211_ATTR_VENDOR_EVENTS]) {
3859		struct nlattr *nl;
3860		int rem;
3861
3862		nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_EVENTS], rem) {
3863			struct nl80211_vendor_cmd_info *vinfo;
3864			if (nla_len(nl) != sizeof(*vinfo)) {
3865				wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info");
3866				continue;
3867			}
3868			vinfo = nla_data(nl);
3869			wpa_printf(MSG_DEBUG, "nl80211: Supported vendor event: vendor_id=0x%x subcmd=%u",
3870				   vinfo->vendor_id, vinfo->subcmd);
3871		}
3872	}
3873
3874	wiphy_info_wowlan_triggers(capa,
3875				   tb[NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED]);
3876
3877	if (tb[NL80211_ATTR_MAX_AP_ASSOC_STA])
3878		capa->max_stations =
3879			nla_get_u32(tb[NL80211_ATTR_MAX_AP_ASSOC_STA]);
3880
3881	return NL_SKIP;
3882}
3883
3884
3885static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
3886				       struct wiphy_info_data *info)
3887{
3888	u32 feat;
3889	struct nl_msg *msg;
3890
3891	os_memset(info, 0, sizeof(*info));
3892	info->capa = &drv->capa;
3893	info->drv = drv;
3894
3895	msg = nlmsg_alloc();
3896	if (!msg)
3897		return -1;
3898
3899	feat = get_nl80211_protocol_features(drv);
3900	if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP)
3901		nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY);
3902	else
3903		nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
3904
3905	NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP);
3906	if (nl80211_set_iface_id(msg, drv->first_bss) < 0)
3907		goto nla_put_failure;
3908
3909	if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info))
3910		return -1;
3911
3912	if (info->auth_supported)
3913		drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
3914	else if (!info->connect_supported) {
3915		wpa_printf(MSG_INFO, "nl80211: Driver does not support "
3916			   "authentication/association or connect commands");
3917		info->error = 1;
3918	}
3919
3920	if (info->p2p_go_supported && info->p2p_client_supported)
3921		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE;
3922	if (info->p2p_concurrent) {
3923		wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
3924			   "interface (driver advertised support)");
3925		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
3926		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
3927	}
3928	if (info->num_multichan_concurrent > 1) {
3929		wpa_printf(MSG_DEBUG, "nl80211: Enable multi-channel "
3930			   "concurrent (driver advertised support)");
3931		drv->capa.num_multichan_concurrent =
3932			info->num_multichan_concurrent;
3933	}
3934
3935	/* default to 5000 since early versions of mac80211 don't set it */
3936	if (!drv->capa.max_remain_on_chan)
3937		drv->capa.max_remain_on_chan = 5000;
3938
3939	if (info->channel_switch_supported)
3940		drv->capa.flags |= WPA_DRIVER_FLAGS_AP_CSA;
3941
3942	return 0;
3943nla_put_failure:
3944	nlmsg_free(msg);
3945	return -1;
3946}
3947
3948
3949static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
3950{
3951	struct wiphy_info_data info;
3952	if (wpa_driver_nl80211_get_info(drv, &info))
3953		return -1;
3954
3955	if (info.error)
3956		return -1;
3957
3958	drv->has_capability = 1;
3959	drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
3960		WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
3961		WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
3962		WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
3963	drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
3964		WPA_DRIVER_AUTH_SHARED |
3965		WPA_DRIVER_AUTH_LEAP;
3966
3967	drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES;
3968	drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
3969	drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
3970
3971	/*
3972	 * As all cfg80211 drivers must support cases where the AP interface is
3973	 * removed without the knowledge of wpa_supplicant/hostapd, e.g., in
3974	 * case that the user space daemon has crashed, they must be able to
3975	 * cleanup all stations and key entries in the AP tear down flow. Thus,
3976	 * this flag can/should always be set for cfg80211 drivers.
3977	 */
3978	drv->capa.flags |= WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT;
3979
3980	if (!info.device_ap_sme) {
3981		drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS;
3982
3983		/*
3984		 * No AP SME is currently assumed to also indicate no AP MLME
3985		 * in the driver/firmware.
3986		 */
3987		drv->capa.flags |= WPA_DRIVER_FLAGS_AP_MLME;
3988	}
3989
3990	drv->device_ap_sme = info.device_ap_sme;
3991	drv->poll_command_supported = info.poll_command_supported;
3992	drv->data_tx_status = info.data_tx_status;
3993	if (info.set_qos_map_supported)
3994		drv->capa.flags |= WPA_DRIVER_FLAGS_QOS_MAPPING;
3995	drv->have_low_prio_scan = info.have_low_prio_scan;
3996
3997	/*
3998	 * If poll command and tx status are supported, mac80211 is new enough
3999	 * to have everything we need to not need monitor interfaces.
4000	 */
4001	drv->use_monitor = !info.poll_command_supported || !info.data_tx_status;
4002
4003	if (drv->device_ap_sme && drv->use_monitor) {
4004		/*
4005		 * Non-mac80211 drivers may not support monitor interface.
4006		 * Make sure we do not get stuck with incorrect capability here
4007		 * by explicitly testing this.
4008		 */
4009		if (!info.monitor_supported) {
4010			wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor "
4011				   "with device_ap_sme since no monitor mode "
4012				   "support detected");
4013			drv->use_monitor = 0;
4014		}
4015	}
4016
4017	/*
4018	 * If we aren't going to use monitor interfaces, but the
4019	 * driver doesn't support data TX status, we won't get TX
4020	 * status for EAPOL frames.
4021	 */
4022	if (!drv->use_monitor && !info.data_tx_status)
4023		drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
4024
4025	return 0;
4026}
4027
4028
4029#ifdef ANDROID
4030static int android_genl_ctrl_resolve(struct nl_handle *handle,
4031				     const char *name)
4032{
4033	/*
4034	 * Android ICS has very minimal genl_ctrl_resolve() implementation, so
4035	 * need to work around that.
4036	 */
4037	struct nl_cache *cache = NULL;
4038	struct genl_family *nl80211 = NULL;
4039	int id = -1;
4040
4041	if (genl_ctrl_alloc_cache(handle, &cache) < 0) {
4042		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
4043			   "netlink cache");
4044		goto fail;
4045	}
4046
4047	nl80211 = genl_ctrl_search_by_name(cache, name);
4048	if (nl80211 == NULL)
4049		goto fail;
4050
4051	id = genl_family_get_id(nl80211);
4052
4053fail:
4054	if (nl80211)
4055		genl_family_put(nl80211);
4056	if (cache)
4057		nl_cache_free(cache);
4058
4059	return id;
4060}
4061#define genl_ctrl_resolve android_genl_ctrl_resolve
4062#endif /* ANDROID */
4063
4064
4065static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
4066{
4067	int ret;
4068
4069	global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
4070	if (global->nl_cb == NULL) {
4071		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
4072			   "callbacks");
4073		return -1;
4074	}
4075
4076	global->nl = nl_create_handle(global->nl_cb, "nl");
4077	if (global->nl == NULL)
4078		goto err;
4079
4080	global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211");
4081	if (global->nl80211_id < 0) {
4082		wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
4083			   "found");
4084		goto err;
4085	}
4086
4087	global->nl_event = nl_create_handle(global->nl_cb, "event");
4088	if (global->nl_event == NULL)
4089		goto err;
4090
4091	ret = nl_get_multicast_id(global, "nl80211", "scan");
4092	if (ret >= 0)
4093		ret = nl_socket_add_membership(global->nl_event, ret);
4094	if (ret < 0) {
4095		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
4096			   "membership for scan events: %d (%s)",
4097			   ret, strerror(-ret));
4098		goto err;
4099	}
4100
4101	ret = nl_get_multicast_id(global, "nl80211", "mlme");
4102	if (ret >= 0)
4103		ret = nl_socket_add_membership(global->nl_event, ret);
4104	if (ret < 0) {
4105		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
4106			   "membership for mlme events: %d (%s)",
4107			   ret, strerror(-ret));
4108		goto err;
4109	}
4110
4111	ret = nl_get_multicast_id(global, "nl80211", "regulatory");
4112	if (ret >= 0)
4113		ret = nl_socket_add_membership(global->nl_event, ret);
4114	if (ret < 0) {
4115		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
4116			   "membership for regulatory events: %d (%s)",
4117			   ret, strerror(-ret));
4118		/* Continue without regulatory events */
4119	}
4120
4121	ret = nl_get_multicast_id(global, "nl80211", "vendor");
4122	if (ret >= 0)
4123		ret = nl_socket_add_membership(global->nl_event, ret);
4124	if (ret < 0) {
4125		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
4126			   "membership for vendor events: %d (%s)",
4127			   ret, strerror(-ret));
4128		/* Continue without vendor events */
4129	}
4130
4131	nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
4132		  no_seq_check, NULL);
4133	nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
4134		  process_global_event, global);
4135
4136	nl80211_register_eloop_read(&global->nl_event,
4137				    wpa_driver_nl80211_event_receive,
4138				    global->nl_cb);
4139
4140	return 0;
4141
4142err:
4143	nl_destroy_handles(&global->nl_event);
4144	nl_destroy_handles(&global->nl);
4145	nl_cb_put(global->nl_cb);
4146	global->nl_cb = NULL;
4147	return -1;
4148}
4149
4150
4151static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
4152{
4153	drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
4154	if (!drv->nl_cb) {
4155		wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct");
4156		return -1;
4157	}
4158
4159	nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
4160		  no_seq_check, NULL);
4161	nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
4162		  process_drv_event, drv);
4163
4164	return 0;
4165}
4166
4167
4168static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
4169{
4170	wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
4171	/*
4172	 * This may be for any interface; use ifdown event to disable
4173	 * interface.
4174	 */
4175}
4176
4177
4178static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
4179{
4180	struct wpa_driver_nl80211_data *drv = ctx;
4181	wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
4182	if (i802_set_iface_flags(drv->first_bss, 1)) {
4183		wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
4184			   "after rfkill unblock");
4185		return;
4186	}
4187	/* rtnetlink ifup handler will report interface as enabled */
4188}
4189
4190
4191static void wpa_driver_nl80211_handle_eapol_tx_status(int sock,
4192						      void *eloop_ctx,
4193						      void *handle)
4194{
4195	struct wpa_driver_nl80211_data *drv = eloop_ctx;
4196	u8 data[2048];
4197	struct msghdr msg;
4198	struct iovec entry;
4199	u8 control[512];
4200	struct cmsghdr *cmsg;
4201	int res, found_ee = 0, found_wifi = 0, acked = 0;
4202	union wpa_event_data event;
4203
4204	memset(&msg, 0, sizeof(msg));
4205	msg.msg_iov = &entry;
4206	msg.msg_iovlen = 1;
4207	entry.iov_base = data;
4208	entry.iov_len = sizeof(data);
4209	msg.msg_control = &control;
4210	msg.msg_controllen = sizeof(control);
4211
4212	res = recvmsg(sock, &msg, MSG_ERRQUEUE);
4213	/* if error or not fitting 802.3 header, return */
4214	if (res < 14)
4215		return;
4216
4217	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
4218	{
4219		if (cmsg->cmsg_level == SOL_SOCKET &&
4220		    cmsg->cmsg_type == SCM_WIFI_STATUS) {
4221			int *ack;
4222
4223			found_wifi = 1;
4224			ack = (void *)CMSG_DATA(cmsg);
4225			acked = *ack;
4226		}
4227
4228		if (cmsg->cmsg_level == SOL_PACKET &&
4229		    cmsg->cmsg_type == PACKET_TX_TIMESTAMP) {
4230			struct sock_extended_err *err =
4231				(struct sock_extended_err *)CMSG_DATA(cmsg);
4232
4233			if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS)
4234				found_ee = 1;
4235		}
4236	}
4237
4238	if (!found_ee || !found_wifi)
4239		return;
4240
4241	memset(&event, 0, sizeof(event));
4242	event.eapol_tx_status.dst = data;
4243	event.eapol_tx_status.data = data + 14;
4244	event.eapol_tx_status.data_len = res - 14;
4245	event.eapol_tx_status.ack = acked;
4246	wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event);
4247}
4248
4249
4250static int nl80211_init_bss(struct i802_bss *bss)
4251{
4252	bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
4253	if (!bss->nl_cb)
4254		return -1;
4255
4256	nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
4257		  no_seq_check, NULL);
4258	nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
4259		  process_bss_event, bss);
4260
4261	return 0;
4262}
4263
4264
4265static void nl80211_destroy_bss(struct i802_bss *bss)
4266{
4267	nl_cb_put(bss->nl_cb);
4268	bss->nl_cb = NULL;
4269}
4270
4271
4272static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname,
4273					  void *global_priv, int hostapd,
4274					  const u8 *set_addr)
4275{
4276	struct wpa_driver_nl80211_data *drv;
4277	struct rfkill_config *rcfg;
4278	struct i802_bss *bss;
4279
4280	if (global_priv == NULL)
4281		return NULL;
4282	drv = os_zalloc(sizeof(*drv));
4283	if (drv == NULL)
4284		return NULL;
4285	drv->global = global_priv;
4286	drv->ctx = ctx;
4287	drv->hostapd = !!hostapd;
4288	drv->eapol_sock = -1;
4289	drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
4290	drv->if_indices = drv->default_if_indices;
4291
4292	drv->first_bss = os_zalloc(sizeof(*drv->first_bss));
4293	if (!drv->first_bss) {
4294		os_free(drv);
4295		return NULL;
4296	}
4297	bss = drv->first_bss;
4298	bss->drv = drv;
4299	bss->ctx = ctx;
4300
4301	os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
4302	drv->monitor_ifidx = -1;
4303	drv->monitor_sock = -1;
4304	drv->eapol_tx_sock = -1;
4305	drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
4306
4307	if (wpa_driver_nl80211_init_nl(drv)) {
4308		os_free(drv);
4309		return NULL;
4310	}
4311
4312	if (nl80211_init_bss(bss))
4313		goto failed;
4314
4315	rcfg = os_zalloc(sizeof(*rcfg));
4316	if (rcfg == NULL)
4317		goto failed;
4318	rcfg->ctx = drv;
4319	os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
4320	rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
4321	rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
4322	drv->rfkill = rfkill_init(rcfg);
4323	if (drv->rfkill == NULL) {
4324		wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
4325		os_free(rcfg);
4326	}
4327
4328	if (linux_iface_up(drv->global->ioctl_sock, ifname) > 0)
4329		drv->start_iface_up = 1;
4330
4331	if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1))
4332		goto failed;
4333
4334	drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
4335	if (drv->eapol_tx_sock < 0)
4336		goto failed;
4337
4338	if (drv->data_tx_status) {
4339		int enabled = 1;
4340
4341		if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS,
4342			       &enabled, sizeof(enabled)) < 0) {
4343			wpa_printf(MSG_DEBUG,
4344				"nl80211: wifi status sockopt failed\n");
4345			drv->data_tx_status = 0;
4346			if (!drv->use_monitor)
4347				drv->capa.flags &=
4348					~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
4349		} else {
4350			eloop_register_read_sock(drv->eapol_tx_sock,
4351				wpa_driver_nl80211_handle_eapol_tx_status,
4352				drv, NULL);
4353		}
4354	}
4355
4356	if (drv->global) {
4357		dl_list_add(&drv->global->interfaces, &drv->list);
4358		drv->in_interface_list = 1;
4359	}
4360
4361	return bss;
4362
4363failed:
4364	wpa_driver_nl80211_deinit(bss);
4365	return NULL;
4366}
4367
4368
4369/**
4370 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
4371 * @ctx: context to be used when calling wpa_supplicant functions,
4372 * e.g., wpa_supplicant_event()
4373 * @ifname: interface name, e.g., wlan0
4374 * @global_priv: private driver global data from global_init()
4375 * Returns: Pointer to private data, %NULL on failure
4376 */
4377static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
4378				      void *global_priv)
4379{
4380	return wpa_driver_nl80211_drv_init(ctx, ifname, global_priv, 0, NULL);
4381}
4382
4383
4384static int nl80211_register_frame(struct i802_bss *bss,
4385				  struct nl_handle *nl_handle,
4386				  u16 type, const u8 *match, size_t match_len)
4387{
4388	struct wpa_driver_nl80211_data *drv = bss->drv;
4389	struct nl_msg *msg;
4390	int ret = -1;
4391	char buf[30];
4392
4393	msg = nlmsg_alloc();
4394	if (!msg)
4395		return -1;
4396
4397	buf[0] = '\0';
4398	wpa_snprintf_hex(buf, sizeof(buf), match, match_len);
4399	wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x (%s) nl_handle=%p match=%s",
4400		   type, fc2str(type), nl_handle, buf);
4401
4402	nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION);
4403
4404	if (nl80211_set_iface_id(msg, bss) < 0)
4405		goto nla_put_failure;
4406
4407	NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type);
4408	NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match);
4409
4410	ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL);
4411	msg = NULL;
4412	if (ret) {
4413		wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
4414			   "failed (type=%u): ret=%d (%s)",
4415			   type, ret, strerror(-ret));
4416		wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
4417			    match, match_len);
4418		goto nla_put_failure;
4419	}
4420	ret = 0;
4421nla_put_failure:
4422	nlmsg_free(msg);
4423	return ret;
4424}
4425
4426
4427static int nl80211_alloc_mgmt_handle(struct i802_bss *bss)
4428{
4429	struct wpa_driver_nl80211_data *drv = bss->drv;
4430
4431	if (bss->nl_mgmt) {
4432		wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting "
4433			   "already on! (nl_mgmt=%p)", bss->nl_mgmt);
4434		return -1;
4435	}
4436
4437	bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt");
4438	if (bss->nl_mgmt == NULL)
4439		return -1;
4440
4441	return 0;
4442}
4443
4444
4445static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss)
4446{
4447	nl80211_register_eloop_read(&bss->nl_mgmt,
4448				    wpa_driver_nl80211_event_receive,
4449				    bss->nl_cb);
4450}
4451
4452
4453static int nl80211_register_action_frame(struct i802_bss *bss,
4454					 const u8 *match, size_t match_len)
4455{
4456	u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
4457	return nl80211_register_frame(bss, bss->nl_mgmt,
4458				      type, match, match_len);
4459}
4460
4461
4462static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
4463{
4464	struct wpa_driver_nl80211_data *drv = bss->drv;
4465	int ret = 0;
4466
4467	if (nl80211_alloc_mgmt_handle(bss))
4468		return -1;
4469	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP "
4470		   "handle %p", bss->nl_mgmt);
4471
4472	if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
4473		u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4);
4474
4475		/* register for any AUTH message */
4476		nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0);
4477	}
4478
4479#ifdef CONFIG_INTERWORKING
4480	/* QoS Map Configure */
4481	if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0)
4482		ret = -1;
4483#endif /* CONFIG_INTERWORKING */
4484#if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING)
4485	/* GAS Initial Request */
4486	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0)
4487		ret = -1;
4488	/* GAS Initial Response */
4489	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0)
4490		ret = -1;
4491	/* GAS Comeback Request */
4492	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0)
4493		ret = -1;
4494	/* GAS Comeback Response */
4495	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0)
4496		ret = -1;
4497	/* Protected GAS Initial Request */
4498	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0a", 2) < 0)
4499		ret = -1;
4500	/* Protected GAS Initial Response */
4501	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0b", 2) < 0)
4502		ret = -1;
4503	/* Protected GAS Comeback Request */
4504	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0c", 2) < 0)
4505		ret = -1;
4506	/* Protected GAS Comeback Response */
4507	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0d", 2) < 0)
4508		ret = -1;
4509#endif /* CONFIG_P2P || CONFIG_INTERWORKING */
4510#ifdef CONFIG_P2P
4511	/* P2P Public Action */
4512	if (nl80211_register_action_frame(bss,
4513					  (u8 *) "\x04\x09\x50\x6f\x9a\x09",
4514					  6) < 0)
4515		ret = -1;
4516	/* P2P Action */
4517	if (nl80211_register_action_frame(bss,
4518					  (u8 *) "\x7f\x50\x6f\x9a\x09",
4519					  5) < 0)
4520		ret = -1;
4521#endif /* CONFIG_P2P */
4522#ifdef CONFIG_IEEE80211W
4523	/* SA Query Response */
4524	if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0)
4525		ret = -1;
4526#endif /* CONFIG_IEEE80211W */
4527#ifdef CONFIG_TDLS
4528	if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) {
4529		/* TDLS Discovery Response */
4530		if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) <
4531		    0)
4532			ret = -1;
4533	}
4534#endif /* CONFIG_TDLS */
4535
4536	/* FT Action frames */
4537	if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
4538		ret = -1;
4539	else
4540		drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
4541			WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
4542
4543	/* WNM - BSS Transition Management Request */
4544	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0)
4545		ret = -1;
4546	/* WNM-Sleep Mode Response */
4547	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0)
4548		ret = -1;
4549
4550#ifdef CONFIG_HS20
4551	/* WNM-Notification */
4552	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x1a", 2) < 0)
4553		return -1;
4554#endif /* CONFIG_HS20 */
4555
4556	nl80211_mgmt_handle_register_eloop(bss);
4557
4558	return ret;
4559}
4560
4561
4562static int nl80211_register_spurious_class3(struct i802_bss *bss)
4563{
4564	struct wpa_driver_nl80211_data *drv = bss->drv;
4565	struct nl_msg *msg;
4566	int ret = -1;
4567
4568	msg = nlmsg_alloc();
4569	if (!msg)
4570		return -1;
4571
4572	nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME);
4573
4574	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
4575
4576	ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL);
4577	msg = NULL;
4578	if (ret) {
4579		wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 "
4580			   "failed: ret=%d (%s)",
4581			   ret, strerror(-ret));
4582		goto nla_put_failure;
4583	}
4584	ret = 0;
4585nla_put_failure:
4586	nlmsg_free(msg);
4587	return ret;
4588}
4589
4590
4591static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss)
4592{
4593	static const int stypes[] = {
4594		WLAN_FC_STYPE_AUTH,
4595		WLAN_FC_STYPE_ASSOC_REQ,
4596		WLAN_FC_STYPE_REASSOC_REQ,
4597		WLAN_FC_STYPE_DISASSOC,
4598		WLAN_FC_STYPE_DEAUTH,
4599		WLAN_FC_STYPE_ACTION,
4600		WLAN_FC_STYPE_PROBE_REQ,
4601/* Beacon doesn't work as mac80211 doesn't currently allow
4602 * it, but it wouldn't really be the right thing anyway as
4603 * it isn't per interface ... maybe just dump the scan
4604 * results periodically for OLBC?
4605 */
4606		/* WLAN_FC_STYPE_BEACON, */
4607	};
4608	unsigned int i;
4609
4610	if (nl80211_alloc_mgmt_handle(bss))
4611		return -1;
4612	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
4613		   "handle %p", bss->nl_mgmt);
4614
4615	for (i = 0; i < ARRAY_SIZE(stypes); i++) {
4616		if (nl80211_register_frame(bss, bss->nl_mgmt,
4617					   (WLAN_FC_TYPE_MGMT << 2) |
4618					   (stypes[i] << 4),
4619					   NULL, 0) < 0) {
4620			goto out_err;
4621		}
4622	}
4623
4624	if (nl80211_register_spurious_class3(bss))
4625		goto out_err;
4626
4627	if (nl80211_get_wiphy_data_ap(bss) == NULL)
4628		goto out_err;
4629
4630	nl80211_mgmt_handle_register_eloop(bss);
4631	return 0;
4632
4633out_err:
4634	nl_destroy_handles(&bss->nl_mgmt);
4635	return -1;
4636}
4637
4638
4639static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss)
4640{
4641	if (nl80211_alloc_mgmt_handle(bss))
4642		return -1;
4643	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
4644		   "handle %p (device SME)", bss->nl_mgmt);
4645
4646	if (nl80211_register_frame(bss, bss->nl_mgmt,
4647				   (WLAN_FC_TYPE_MGMT << 2) |
4648				   (WLAN_FC_STYPE_ACTION << 4),
4649				   NULL, 0) < 0)
4650		goto out_err;
4651
4652	nl80211_mgmt_handle_register_eloop(bss);
4653	return 0;
4654
4655out_err:
4656	nl_destroy_handles(&bss->nl_mgmt);
4657	return -1;
4658}
4659
4660
4661static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason)
4662{
4663	if (bss->nl_mgmt == NULL)
4664		return;
4665	wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p "
4666		   "(%s)", bss->nl_mgmt, reason);
4667	nl80211_destroy_eloop_handle(&bss->nl_mgmt);
4668
4669	nl80211_put_wiphy_data_ap(bss);
4670}
4671
4672
4673static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
4674{
4675	wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
4676}
4677
4678
4679static void nl80211_del_p2pdev(struct i802_bss *bss)
4680{
4681	struct wpa_driver_nl80211_data *drv = bss->drv;
4682	struct nl_msg *msg;
4683	int ret;
4684
4685	msg = nlmsg_alloc();
4686	if (!msg)
4687		return;
4688
4689	nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE);
4690	NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
4691
4692	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4693	msg = NULL;
4694
4695	wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s",
4696		   bss->ifname, (long long unsigned int) bss->wdev_id,
4697		   strerror(-ret));
4698
4699nla_put_failure:
4700	nlmsg_free(msg);
4701}
4702
4703
4704static int nl80211_set_p2pdev(struct i802_bss *bss, int start)
4705{
4706	struct wpa_driver_nl80211_data *drv = bss->drv;
4707	struct nl_msg *msg;
4708	int ret = -1;
4709
4710	msg = nlmsg_alloc();
4711	if (!msg)
4712		return -1;
4713
4714	if (start)
4715		nl80211_cmd(drv, msg, 0, NL80211_CMD_START_P2P_DEVICE);
4716	else
4717		nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_P2P_DEVICE);
4718
4719	NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
4720
4721	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4722	msg = NULL;
4723
4724	wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s",
4725		   start ? "Start" : "Stop",
4726		   bss->ifname, (long long unsigned int) bss->wdev_id,
4727		   strerror(-ret));
4728
4729nla_put_failure:
4730	nlmsg_free(msg);
4731	return ret;
4732}
4733
4734
4735static int i802_set_iface_flags(struct i802_bss *bss, int up)
4736{
4737	enum nl80211_iftype nlmode;
4738
4739	nlmode = nl80211_get_ifmode(bss);
4740	if (nlmode != NL80211_IFTYPE_P2P_DEVICE) {
4741		return linux_set_iface_flags(bss->drv->global->ioctl_sock,
4742					     bss->ifname, up);
4743	}
4744
4745	/* P2P Device has start/stop which is equivalent */
4746	return nl80211_set_p2pdev(bss, up);
4747}
4748
4749
4750static int
4751wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
4752				   const u8 *set_addr, int first)
4753{
4754	struct i802_bss *bss = drv->first_bss;
4755	int send_rfkill_event = 0;
4756	enum nl80211_iftype nlmode;
4757
4758	drv->ifindex = if_nametoindex(bss->ifname);
4759	bss->ifindex = drv->ifindex;
4760	bss->wdev_id = drv->global->if_add_wdevid;
4761	bss->wdev_id_set = drv->global->if_add_wdevid_set;
4762
4763	bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex;
4764	bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set;
4765	drv->global->if_add_wdevid_set = 0;
4766
4767	if (!bss->if_dynamic && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP)
4768		bss->static_ap = 1;
4769
4770	if (wpa_driver_nl80211_capa(drv))
4771		return -1;
4772
4773	wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
4774		   bss->ifname, drv->phyname);
4775
4776	if (set_addr &&
4777	    (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) ||
4778	     linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
4779				set_addr)))
4780		return -1;
4781
4782	if (first && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP)
4783		drv->start_mode_ap = 1;
4784
4785	if (drv->hostapd || bss->static_ap)
4786		nlmode = NL80211_IFTYPE_AP;
4787	else if (bss->if_dynamic)
4788		nlmode = nl80211_get_ifmode(bss);
4789	else
4790		nlmode = NL80211_IFTYPE_STATION;
4791
4792	if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) {
4793		wpa_printf(MSG_ERROR, "nl80211: Could not configure driver mode");
4794		return -1;
4795	}
4796
4797	if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
4798		nl80211_get_macaddr(bss);
4799
4800	if (!rfkill_is_blocked(drv->rfkill)) {
4801		int ret = i802_set_iface_flags(bss, 1);
4802		if (ret) {
4803			wpa_printf(MSG_ERROR, "nl80211: Could not set "
4804				   "interface '%s' UP", bss->ifname);
4805			return ret;
4806		}
4807		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
4808			return ret;
4809	} else {
4810		wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
4811			   "interface '%s' due to rfkill", bss->ifname);
4812		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
4813			return 0;
4814		drv->if_disabled = 1;
4815		send_rfkill_event = 1;
4816	}
4817
4818	if (!drv->hostapd)
4819		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
4820				       1, IF_OPER_DORMANT);
4821
4822	if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
4823			       bss->addr))
4824		return -1;
4825
4826	if (send_rfkill_event) {
4827		eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
4828				       drv, drv->ctx);
4829	}
4830
4831	return 0;
4832}
4833
4834
4835static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
4836{
4837	struct nl_msg *msg;
4838
4839	msg = nlmsg_alloc();
4840	if (!msg)
4841		return -ENOMEM;
4842
4843	wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
4844		   drv->ifindex);
4845	nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON);
4846	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4847
4848	return send_and_recv_msgs(drv, msg, NULL, NULL);
4849 nla_put_failure:
4850	nlmsg_free(msg);
4851	return -ENOBUFS;
4852}
4853
4854
4855/**
4856 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
4857 * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init()
4858 *
4859 * Shut down driver interface and processing of driver events. Free
4860 * private data buffer if one was allocated in wpa_driver_nl80211_init().
4861 */
4862static void wpa_driver_nl80211_deinit(struct i802_bss *bss)
4863{
4864	struct wpa_driver_nl80211_data *drv = bss->drv;
4865
4866	bss->in_deinit = 1;
4867	if (drv->data_tx_status)
4868		eloop_unregister_read_sock(drv->eapol_tx_sock);
4869	if (drv->eapol_tx_sock >= 0)
4870		close(drv->eapol_tx_sock);
4871
4872	if (bss->nl_preq)
4873		wpa_driver_nl80211_probe_req_report(bss, 0);
4874	if (bss->added_if_into_bridge) {
4875		if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
4876				    bss->ifname) < 0)
4877			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
4878				   "interface %s from bridge %s: %s",
4879				   bss->ifname, bss->brname, strerror(errno));
4880	}
4881	if (bss->added_bridge) {
4882		if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
4883			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
4884				   "bridge %s: %s",
4885				   bss->brname, strerror(errno));
4886	}
4887
4888	nl80211_remove_monitor_interface(drv);
4889
4890	if (is_ap_interface(drv->nlmode))
4891		wpa_driver_nl80211_del_beacon(drv);
4892
4893	if (drv->eapol_sock >= 0) {
4894		eloop_unregister_read_sock(drv->eapol_sock);
4895		close(drv->eapol_sock);
4896	}
4897
4898	if (drv->if_indices != drv->default_if_indices)
4899		os_free(drv->if_indices);
4900
4901	if (drv->disabled_11b_rates)
4902		nl80211_disable_11b_rates(drv, drv->ifindex, 0);
4903
4904	netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0,
4905			       IF_OPER_UP);
4906	eloop_cancel_timeout(wpa_driver_nl80211_send_rfkill, drv, drv->ctx);
4907	rfkill_deinit(drv->rfkill);
4908
4909	eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
4910
4911	if (!drv->start_iface_up)
4912		(void) i802_set_iface_flags(bss, 0);
4913	if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) {
4914		if (!drv->hostapd || !drv->start_mode_ap)
4915			wpa_driver_nl80211_set_mode(bss,
4916						    NL80211_IFTYPE_STATION);
4917		nl80211_mgmt_unsubscribe(bss, "deinit");
4918	} else {
4919		nl80211_mgmt_unsubscribe(bss, "deinit");
4920		nl80211_del_p2pdev(bss);
4921	}
4922	nl_cb_put(drv->nl_cb);
4923
4924	nl80211_destroy_bss(drv->first_bss);
4925
4926	os_free(drv->filter_ssids);
4927
4928	os_free(drv->auth_ie);
4929
4930	if (drv->in_interface_list)
4931		dl_list_del(&drv->list);
4932
4933	os_free(drv->extended_capa);
4934	os_free(drv->extended_capa_mask);
4935	os_free(drv->first_bss);
4936	os_free(drv);
4937}
4938
4939
4940/**
4941 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
4942 * @eloop_ctx: Driver private data
4943 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
4944 *
4945 * This function can be used as registered timeout when starting a scan to
4946 * generate a scan completed event if the driver does not report this.
4947 */
4948static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
4949{
4950	struct wpa_driver_nl80211_data *drv = eloop_ctx;
4951	if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) {
4952		wpa_driver_nl80211_set_mode(drv->first_bss,
4953					    drv->ap_scan_as_station);
4954		drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
4955	}
4956	wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
4957	wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
4958}
4959
4960
4961static struct nl_msg *
4962nl80211_scan_common(struct wpa_driver_nl80211_data *drv, u8 cmd,
4963		    struct wpa_driver_scan_params *params, u64 *wdev_id)
4964{
4965	struct nl_msg *msg;
4966	size_t i;
4967	u32 scan_flags = 0;
4968
4969	msg = nlmsg_alloc();
4970	if (!msg)
4971		return NULL;
4972
4973	nl80211_cmd(drv, msg, 0, cmd);
4974
4975	if (!wdev_id)
4976		NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4977	else
4978		NLA_PUT_U64(msg, NL80211_ATTR_WDEV, *wdev_id);
4979
4980	if (params->num_ssids) {
4981		struct nlattr *ssids;
4982
4983		ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
4984		if (ssids == NULL)
4985			goto fail;
4986		for (i = 0; i < params->num_ssids; i++) {
4987			wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
4988					  params->ssids[i].ssid,
4989					  params->ssids[i].ssid_len);
4990			if (nla_put(msg, i + 1, params->ssids[i].ssid_len,
4991				    params->ssids[i].ssid) < 0)
4992				goto fail;
4993		}
4994		nla_nest_end(msg, ssids);
4995	}
4996
4997	if (params->extra_ies) {
4998		wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
4999			    params->extra_ies, params->extra_ies_len);
5000		if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len,
5001			    params->extra_ies) < 0)
5002			goto fail;
5003	}
5004
5005	if (params->freqs) {
5006		struct nlattr *freqs;
5007		freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
5008		if (freqs == NULL)
5009			goto fail;
5010		for (i = 0; params->freqs[i]; i++) {
5011			wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
5012				   "MHz", params->freqs[i]);
5013			if (nla_put_u32(msg, i + 1, params->freqs[i]) < 0)
5014				goto fail;
5015		}
5016		nla_nest_end(msg, freqs);
5017	}
5018
5019	os_free(drv->filter_ssids);
5020	drv->filter_ssids = params->filter_ssids;
5021	params->filter_ssids = NULL;
5022	drv->num_filter_ssids = params->num_filter_ssids;
5023
5024	if (params->only_new_results) {
5025		wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH");
5026		scan_flags |= NL80211_SCAN_FLAG_FLUSH;
5027	}
5028
5029	if (params->low_priority && drv->have_low_prio_scan) {
5030		wpa_printf(MSG_DEBUG,
5031			   "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY");
5032		scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY;
5033	}
5034
5035	if (scan_flags)
5036		NLA_PUT_U32(msg, NL80211_ATTR_SCAN_FLAGS, scan_flags);
5037
5038	return msg;
5039
5040fail:
5041nla_put_failure:
5042	nlmsg_free(msg);
5043	return NULL;
5044}
5045
5046
5047/**
5048 * wpa_driver_nl80211_scan - Request the driver to initiate scan
5049 * @bss: Pointer to private driver data from wpa_driver_nl80211_init()
5050 * @params: Scan parameters
5051 * Returns: 0 on success, -1 on failure
5052 */
5053static int wpa_driver_nl80211_scan(struct i802_bss *bss,
5054				   struct wpa_driver_scan_params *params)
5055{
5056	struct wpa_driver_nl80211_data *drv = bss->drv;
5057	int ret = -1, timeout;
5058	struct nl_msg *msg = NULL;
5059
5060	wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request");
5061	drv->scan_for_auth = 0;
5062
5063	msg = nl80211_scan_common(drv, NL80211_CMD_TRIGGER_SCAN, params,
5064				  bss->wdev_id_set ? &bss->wdev_id : NULL);
5065	if (!msg)
5066		return -1;
5067
5068	if (params->p2p_probe) {
5069		struct nlattr *rates;
5070
5071		wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates");
5072
5073		rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES);
5074		if (rates == NULL)
5075			goto nla_put_failure;
5076
5077		/*
5078		 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
5079		 * by masking out everything else apart from the OFDM rates 6,
5080		 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
5081		 * rates are left enabled.
5082		 */
5083		NLA_PUT(msg, NL80211_BAND_2GHZ, 8,
5084			"\x0c\x12\x18\x24\x30\x48\x60\x6c");
5085		nla_nest_end(msg, rates);
5086
5087		NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
5088	}
5089
5090	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5091	msg = NULL;
5092	if (ret) {
5093		wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
5094			   "(%s)", ret, strerror(-ret));
5095		if (drv->hostapd && is_ap_interface(drv->nlmode)) {
5096			enum nl80211_iftype old_mode = drv->nlmode;
5097
5098			/*
5099			 * mac80211 does not allow scan requests in AP mode, so
5100			 * try to do this in station mode.
5101			 */
5102			if (wpa_driver_nl80211_set_mode(
5103				    bss, NL80211_IFTYPE_STATION))
5104				goto nla_put_failure;
5105
5106			if (wpa_driver_nl80211_scan(bss, params)) {
5107				wpa_driver_nl80211_set_mode(bss, drv->nlmode);
5108				goto nla_put_failure;
5109			}
5110
5111			/* Restore AP mode when processing scan results */
5112			drv->ap_scan_as_station = old_mode;
5113			ret = 0;
5114		} else
5115			goto nla_put_failure;
5116	}
5117
5118	drv->scan_state = SCAN_REQUESTED;
5119	/* Not all drivers generate "scan completed" wireless event, so try to
5120	 * read results after a timeout. */
5121	timeout = 10;
5122	if (drv->scan_complete_events) {
5123		/*
5124		 * The driver seems to deliver events to notify when scan is
5125		 * complete, so use longer timeout to avoid race conditions
5126		 * with scanning and following association request.
5127		 */
5128		timeout = 30;
5129	}
5130	wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
5131		   "seconds", ret, timeout);
5132	eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
5133	eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
5134			       drv, drv->ctx);
5135
5136nla_put_failure:
5137	nlmsg_free(msg);
5138	return ret;
5139}
5140
5141
5142/**
5143 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan
5144 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
5145 * @params: Scan parameters
5146 * @interval: Interval between scan cycles in milliseconds
5147 * Returns: 0 on success, -1 on failure or if not supported
5148 */
5149static int wpa_driver_nl80211_sched_scan(void *priv,
5150					 struct wpa_driver_scan_params *params,
5151					 u32 interval)
5152{
5153	struct i802_bss *bss = priv;
5154	struct wpa_driver_nl80211_data *drv = bss->drv;
5155	int ret = -1;
5156	struct nl_msg *msg;
5157	size_t i;
5158
5159	wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request");
5160
5161#ifdef ANDROID
5162	if (!drv->capa.sched_scan_supported)
5163		return android_pno_start(bss, params);
5164#endif /* ANDROID */
5165
5166	msg = nl80211_scan_common(drv, NL80211_CMD_START_SCHED_SCAN, params,
5167				  bss->wdev_id_set ? &bss->wdev_id : NULL);
5168	if (!msg)
5169		goto nla_put_failure;
5170
5171	NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval);
5172
5173	if ((drv->num_filter_ssids &&
5174	    (int) drv->num_filter_ssids <= drv->capa.max_match_sets) ||
5175	    params->filter_rssi) {
5176		struct nlattr *match_sets;
5177		match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
5178		if (match_sets == NULL)
5179			goto nla_put_failure;
5180
5181		for (i = 0; i < drv->num_filter_ssids; i++) {
5182			struct nlattr *match_set_ssid;
5183			wpa_hexdump_ascii(MSG_MSGDUMP,
5184					  "nl80211: Sched scan filter SSID",
5185					  drv->filter_ssids[i].ssid,
5186					  drv->filter_ssids[i].ssid_len);
5187
5188			match_set_ssid = nla_nest_start(msg, i + 1);
5189			if (match_set_ssid == NULL)
5190				goto nla_put_failure;
5191			NLA_PUT(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID,
5192				drv->filter_ssids[i].ssid_len,
5193				drv->filter_ssids[i].ssid);
5194			if (params->filter_rssi)
5195				NLA_PUT_U32(msg,
5196					    NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
5197					    params->filter_rssi);
5198
5199			nla_nest_end(msg, match_set_ssid);
5200		}
5201
5202		/*
5203		 * Due to backward compatibility code, newer kernels treat this
5204		 * matchset (with only an RSSI filter) as the default for all
5205		 * other matchsets, unless it's the only one, in which case the
5206		 * matchset will actually allow all SSIDs above the RSSI.
5207		 */
5208		if (params->filter_rssi) {
5209			struct nlattr *match_set_rssi;
5210			match_set_rssi = nla_nest_start(msg, 0);
5211			if (match_set_rssi == NULL)
5212				goto nla_put_failure;
5213			NLA_PUT_U32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
5214				    params->filter_rssi);
5215			wpa_printf(MSG_MSGDUMP,
5216				   "nl80211: Sched scan RSSI filter %d dBm",
5217				   params->filter_rssi);
5218			nla_nest_end(msg, match_set_rssi);
5219		}
5220
5221		nla_nest_end(msg, match_sets);
5222	}
5223
5224	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5225
5226	/* TODO: if we get an error here, we should fall back to normal scan */
5227
5228	msg = NULL;
5229	if (ret) {
5230		wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: "
5231			   "ret=%d (%s)", ret, strerror(-ret));
5232		goto nla_put_failure;
5233	}
5234
5235	wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - "
5236		   "scan interval %d msec", ret, interval);
5237
5238nla_put_failure:
5239	nlmsg_free(msg);
5240	return ret;
5241}
5242
5243
5244/**
5245 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan
5246 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
5247 * Returns: 0 on success, -1 on failure or if not supported
5248 */
5249static int wpa_driver_nl80211_stop_sched_scan(void *priv)
5250{
5251	struct i802_bss *bss = priv;
5252	struct wpa_driver_nl80211_data *drv = bss->drv;
5253	int ret = 0;
5254	struct nl_msg *msg;
5255
5256#ifdef ANDROID
5257	if (!drv->capa.sched_scan_supported)
5258		return android_pno_stop(bss);
5259#endif /* ANDROID */
5260
5261	msg = nlmsg_alloc();
5262	if (!msg)
5263		return -1;
5264
5265	nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN);
5266
5267	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5268
5269	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5270	msg = NULL;
5271	if (ret) {
5272		wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: "
5273			   "ret=%d (%s)", ret, strerror(-ret));
5274		goto nla_put_failure;
5275	}
5276
5277	wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret);
5278
5279nla_put_failure:
5280	nlmsg_free(msg);
5281	return ret;
5282}
5283
5284
5285static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie)
5286{
5287	const u8 *end, *pos;
5288
5289	if (ies == NULL)
5290		return NULL;
5291
5292	pos = ies;
5293	end = ies + ies_len;
5294
5295	while (pos + 1 < end) {
5296		if (pos + 2 + pos[1] > end)
5297			break;
5298		if (pos[0] == ie)
5299			return pos;
5300		pos += 2 + pos[1];
5301	}
5302
5303	return NULL;
5304}
5305
5306
5307static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
5308				 const u8 *ie, size_t ie_len)
5309{
5310	const u8 *ssid;
5311	size_t i;
5312
5313	if (drv->filter_ssids == NULL)
5314		return 0;
5315
5316	ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID);
5317	if (ssid == NULL)
5318		return 1;
5319
5320	for (i = 0; i < drv->num_filter_ssids; i++) {
5321		if (ssid[1] == drv->filter_ssids[i].ssid_len &&
5322		    os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
5323		    0)
5324			return 0;
5325	}
5326
5327	return 1;
5328}
5329
5330
5331static int bss_info_handler(struct nl_msg *msg, void *arg)
5332{
5333	struct nlattr *tb[NL80211_ATTR_MAX + 1];
5334	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5335	struct nlattr *bss[NL80211_BSS_MAX + 1];
5336	static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
5337		[NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
5338		[NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
5339		[NL80211_BSS_TSF] = { .type = NLA_U64 },
5340		[NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
5341		[NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
5342		[NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
5343		[NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
5344		[NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
5345		[NL80211_BSS_STATUS] = { .type = NLA_U32 },
5346		[NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
5347		[NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
5348	};
5349	struct nl80211_bss_info_arg *_arg = arg;
5350	struct wpa_scan_results *res = _arg->res;
5351	struct wpa_scan_res **tmp;
5352	struct wpa_scan_res *r;
5353	const u8 *ie, *beacon_ie;
5354	size_t ie_len, beacon_ie_len;
5355	u8 *pos;
5356	size_t i;
5357
5358	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5359		  genlmsg_attrlen(gnlh, 0), NULL);
5360	if (!tb[NL80211_ATTR_BSS])
5361		return NL_SKIP;
5362	if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
5363			     bss_policy))
5364		return NL_SKIP;
5365	if (bss[NL80211_BSS_STATUS]) {
5366		enum nl80211_bss_status status;
5367		status = nla_get_u32(bss[NL80211_BSS_STATUS]);
5368		if (status == NL80211_BSS_STATUS_ASSOCIATED &&
5369		    bss[NL80211_BSS_FREQUENCY]) {
5370			_arg->assoc_freq =
5371				nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
5372			wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz",
5373				   _arg->assoc_freq);
5374		}
5375		if (status == NL80211_BSS_STATUS_IBSS_JOINED &&
5376		    bss[NL80211_BSS_FREQUENCY]) {
5377			_arg->ibss_freq =
5378				nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
5379			wpa_printf(MSG_DEBUG, "nl80211: IBSS-joined on %u MHz",
5380				   _arg->ibss_freq);
5381		}
5382		if (status == NL80211_BSS_STATUS_ASSOCIATED &&
5383		    bss[NL80211_BSS_BSSID]) {
5384			os_memcpy(_arg->assoc_bssid,
5385				  nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN);
5386			wpa_printf(MSG_DEBUG, "nl80211: Associated with "
5387				   MACSTR, MAC2STR(_arg->assoc_bssid));
5388		}
5389	}
5390	if (!res)
5391		return NL_SKIP;
5392	if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
5393		ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
5394		ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
5395	} else {
5396		ie = NULL;
5397		ie_len = 0;
5398	}
5399	if (bss[NL80211_BSS_BEACON_IES]) {
5400		beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
5401		beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
5402	} else {
5403		beacon_ie = NULL;
5404		beacon_ie_len = 0;
5405	}
5406
5407	if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie,
5408				  ie ? ie_len : beacon_ie_len))
5409		return NL_SKIP;
5410
5411	r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
5412	if (r == NULL)
5413		return NL_SKIP;
5414	if (bss[NL80211_BSS_BSSID])
5415		os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
5416			  ETH_ALEN);
5417	if (bss[NL80211_BSS_FREQUENCY])
5418		r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
5419	if (bss[NL80211_BSS_BEACON_INTERVAL])
5420		r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
5421	if (bss[NL80211_BSS_CAPABILITY])
5422		r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
5423	r->flags |= WPA_SCAN_NOISE_INVALID;
5424	if (bss[NL80211_BSS_SIGNAL_MBM]) {
5425		r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
5426		r->level /= 100; /* mBm to dBm */
5427		r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
5428	} else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
5429		r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
5430		r->flags |= WPA_SCAN_QUAL_INVALID;
5431	} else
5432		r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
5433	if (bss[NL80211_BSS_TSF])
5434		r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
5435	if (bss[NL80211_BSS_SEEN_MS_AGO])
5436		r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
5437	r->ie_len = ie_len;
5438	pos = (u8 *) (r + 1);
5439	if (ie) {
5440		os_memcpy(pos, ie, ie_len);
5441		pos += ie_len;
5442	}
5443	r->beacon_ie_len = beacon_ie_len;
5444	if (beacon_ie)
5445		os_memcpy(pos, beacon_ie, beacon_ie_len);
5446
5447	if (bss[NL80211_BSS_STATUS]) {
5448		enum nl80211_bss_status status;
5449		status = nla_get_u32(bss[NL80211_BSS_STATUS]);
5450		switch (status) {
5451		case NL80211_BSS_STATUS_AUTHENTICATED:
5452			r->flags |= WPA_SCAN_AUTHENTICATED;
5453			break;
5454		case NL80211_BSS_STATUS_ASSOCIATED:
5455			r->flags |= WPA_SCAN_ASSOCIATED;
5456			break;
5457		default:
5458			break;
5459		}
5460	}
5461
5462	/*
5463	 * cfg80211 maintains separate BSS table entries for APs if the same
5464	 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does
5465	 * not use frequency as a separate key in the BSS table, so filter out
5466	 * duplicated entries. Prefer associated BSS entry in such a case in
5467	 * order to get the correct frequency into the BSS table. Similarly,
5468	 * prefer newer entries over older.
5469	 */
5470	for (i = 0; i < res->num; i++) {
5471		const u8 *s1, *s2;
5472		if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0)
5473			continue;
5474
5475		s1 = nl80211_get_ie((u8 *) (res->res[i] + 1),
5476				    res->res[i]->ie_len, WLAN_EID_SSID);
5477		s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID);
5478		if (s1 == NULL || s2 == NULL || s1[1] != s2[1] ||
5479		    os_memcmp(s1, s2, 2 + s1[1]) != 0)
5480			continue;
5481
5482		/* Same BSSID,SSID was already included in scan results */
5483		wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result "
5484			   "for " MACSTR, MAC2STR(r->bssid));
5485
5486		if (((r->flags & WPA_SCAN_ASSOCIATED) &&
5487		     !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) ||
5488		    r->age < res->res[i]->age) {
5489			os_free(res->res[i]);
5490			res->res[i] = r;
5491		} else
5492			os_free(r);
5493		return NL_SKIP;
5494	}
5495
5496	tmp = os_realloc_array(res->res, res->num + 1,
5497			       sizeof(struct wpa_scan_res *));
5498	if (tmp == NULL) {
5499		os_free(r);
5500		return NL_SKIP;
5501	}
5502	tmp[res->num++] = r;
5503	res->res = tmp;
5504
5505	return NL_SKIP;
5506}
5507
5508
5509static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
5510				 const u8 *addr)
5511{
5512	if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
5513		wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
5514			   "mismatch (" MACSTR ")", MAC2STR(addr));
5515		wpa_driver_nl80211_mlme(drv, addr,
5516					NL80211_CMD_DEAUTHENTICATE,
5517					WLAN_REASON_PREV_AUTH_NOT_VALID, 1);
5518	}
5519}
5520
5521
5522static void wpa_driver_nl80211_check_bss_status(
5523	struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
5524{
5525	size_t i;
5526
5527	for (i = 0; i < res->num; i++) {
5528		struct wpa_scan_res *r = res->res[i];
5529		if (r->flags & WPA_SCAN_AUTHENTICATED) {
5530			wpa_printf(MSG_DEBUG, "nl80211: Scan results "
5531				   "indicates BSS status with " MACSTR
5532				   " as authenticated",
5533				   MAC2STR(r->bssid));
5534			if (is_sta_interface(drv->nlmode) &&
5535			    os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 &&
5536			    os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) !=
5537			    0) {
5538				wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID"
5539					   " in local state (auth=" MACSTR
5540					   " assoc=" MACSTR ")",
5541					   MAC2STR(drv->auth_bssid),
5542					   MAC2STR(drv->bssid));
5543				clear_state_mismatch(drv, r->bssid);
5544			}
5545		}
5546
5547		if (r->flags & WPA_SCAN_ASSOCIATED) {
5548			wpa_printf(MSG_DEBUG, "nl80211: Scan results "
5549				   "indicate BSS status with " MACSTR
5550				   " as associated",
5551				   MAC2STR(r->bssid));
5552			if (is_sta_interface(drv->nlmode) &&
5553			    !drv->associated) {
5554				wpa_printf(MSG_DEBUG, "nl80211: Local state "
5555					   "(not associated) does not match "
5556					   "with BSS state");
5557				clear_state_mismatch(drv, r->bssid);
5558			} else if (is_sta_interface(drv->nlmode) &&
5559				   os_memcmp(drv->bssid, r->bssid, ETH_ALEN) !=
5560				   0) {
5561				wpa_printf(MSG_DEBUG, "nl80211: Local state "
5562					   "(associated with " MACSTR ") does "
5563					   "not match with BSS state",
5564					   MAC2STR(drv->bssid));
5565				clear_state_mismatch(drv, r->bssid);
5566				clear_state_mismatch(drv, drv->bssid);
5567			}
5568		}
5569	}
5570}
5571
5572
5573static struct wpa_scan_results *
5574nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
5575{
5576	struct nl_msg *msg;
5577	struct wpa_scan_results *res;
5578	int ret;
5579	struct nl80211_bss_info_arg arg;
5580
5581	res = os_zalloc(sizeof(*res));
5582	if (res == NULL)
5583		return NULL;
5584	msg = nlmsg_alloc();
5585	if (!msg)
5586		goto nla_put_failure;
5587
5588	nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
5589	if (nl80211_set_iface_id(msg, drv->first_bss) < 0)
5590		goto nla_put_failure;
5591
5592	arg.drv = drv;
5593	arg.res = res;
5594	ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
5595	msg = NULL;
5596	if (ret == 0) {
5597		wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu "
5598			   "BSSes)", (unsigned long) res->num);
5599		nl80211_get_noise_for_scan_results(drv, res);
5600		return res;
5601	}
5602	wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
5603		   "(%s)", ret, strerror(-ret));
5604nla_put_failure:
5605	nlmsg_free(msg);
5606	wpa_scan_results_free(res);
5607	return NULL;
5608}
5609
5610
5611/**
5612 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
5613 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
5614 * Returns: Scan results on success, -1 on failure
5615 */
5616static struct wpa_scan_results *
5617wpa_driver_nl80211_get_scan_results(void *priv)
5618{
5619	struct i802_bss *bss = priv;
5620	struct wpa_driver_nl80211_data *drv = bss->drv;
5621	struct wpa_scan_results *res;
5622
5623	res = nl80211_get_scan_results(drv);
5624	if (res)
5625		wpa_driver_nl80211_check_bss_status(drv, res);
5626	return res;
5627}
5628
5629
5630static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
5631{
5632	struct wpa_scan_results *res;
5633	size_t i;
5634
5635	res = nl80211_get_scan_results(drv);
5636	if (res == NULL) {
5637		wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results");
5638		return;
5639	}
5640
5641	wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
5642	for (i = 0; i < res->num; i++) {
5643		struct wpa_scan_res *r = res->res[i];
5644		wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s",
5645			   (int) i, (int) res->num, MAC2STR(r->bssid),
5646			   r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "",
5647			   r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
5648	}
5649
5650	wpa_scan_results_free(res);
5651}
5652
5653
5654static u32 wpa_alg_to_cipher_suite(enum wpa_alg alg, size_t key_len)
5655{
5656	switch (alg) {
5657	case WPA_ALG_WEP:
5658		if (key_len == 5)
5659			return WLAN_CIPHER_SUITE_WEP40;
5660		return WLAN_CIPHER_SUITE_WEP104;
5661	case WPA_ALG_TKIP:
5662		return WLAN_CIPHER_SUITE_TKIP;
5663	case WPA_ALG_CCMP:
5664		return WLAN_CIPHER_SUITE_CCMP;
5665	case WPA_ALG_GCMP:
5666		return WLAN_CIPHER_SUITE_GCMP;
5667	case WPA_ALG_CCMP_256:
5668		return WLAN_CIPHER_SUITE_CCMP_256;
5669	case WPA_ALG_GCMP_256:
5670		return WLAN_CIPHER_SUITE_GCMP_256;
5671	case WPA_ALG_IGTK:
5672		return WLAN_CIPHER_SUITE_AES_CMAC;
5673	case WPA_ALG_BIP_GMAC_128:
5674		return WLAN_CIPHER_SUITE_BIP_GMAC_128;
5675	case WPA_ALG_BIP_GMAC_256:
5676		return WLAN_CIPHER_SUITE_BIP_GMAC_256;
5677	case WPA_ALG_BIP_CMAC_256:
5678		return WLAN_CIPHER_SUITE_BIP_CMAC_256;
5679	case WPA_ALG_SMS4:
5680		return WLAN_CIPHER_SUITE_SMS4;
5681	case WPA_ALG_KRK:
5682		return WLAN_CIPHER_SUITE_KRK;
5683	case WPA_ALG_NONE:
5684	case WPA_ALG_PMK:
5685		wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm %d",
5686			   alg);
5687		return 0;
5688	}
5689
5690	wpa_printf(MSG_ERROR, "nl80211: Unsupported encryption algorithm %d",
5691		   alg);
5692	return 0;
5693}
5694
5695
5696static u32 wpa_cipher_to_cipher_suite(unsigned int cipher)
5697{
5698	switch (cipher) {
5699	case WPA_CIPHER_CCMP_256:
5700		return WLAN_CIPHER_SUITE_CCMP_256;
5701	case WPA_CIPHER_GCMP_256:
5702		return WLAN_CIPHER_SUITE_GCMP_256;
5703	case WPA_CIPHER_CCMP:
5704		return WLAN_CIPHER_SUITE_CCMP;
5705	case WPA_CIPHER_GCMP:
5706		return WLAN_CIPHER_SUITE_GCMP;
5707	case WPA_CIPHER_TKIP:
5708		return WLAN_CIPHER_SUITE_TKIP;
5709	case WPA_CIPHER_WEP104:
5710		return WLAN_CIPHER_SUITE_WEP104;
5711	case WPA_CIPHER_WEP40:
5712		return WLAN_CIPHER_SUITE_WEP40;
5713	case WPA_CIPHER_GTK_NOT_USED:
5714		return WLAN_CIPHER_SUITE_NO_GROUP_ADDR;
5715	}
5716
5717	return 0;
5718}
5719
5720
5721static int wpa_cipher_to_cipher_suites(unsigned int ciphers, u32 suites[],
5722				       int max_suites)
5723{
5724	int num_suites = 0;
5725
5726	if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP_256)
5727		suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP_256;
5728	if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP_256)
5729		suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP_256;
5730	if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP)
5731		suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP;
5732	if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP)
5733		suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP;
5734	if (num_suites < max_suites && ciphers & WPA_CIPHER_TKIP)
5735		suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP;
5736	if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP104)
5737		suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104;
5738	if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP40)
5739		suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40;
5740
5741	return num_suites;
5742}
5743
5744
5745static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
5746				      enum wpa_alg alg, const u8 *addr,
5747				      int key_idx, int set_tx,
5748				      const u8 *seq, size_t seq_len,
5749				      const u8 *key, size_t key_len)
5750{
5751	struct wpa_driver_nl80211_data *drv = bss->drv;
5752	int ifindex;
5753	struct nl_msg *msg;
5754	int ret;
5755	int tdls = 0;
5756
5757	/* Ignore for P2P Device */
5758	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
5759		return 0;
5760
5761	ifindex = if_nametoindex(ifname);
5762	wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d "
5763		   "set_tx=%d seq_len=%lu key_len=%lu",
5764		   __func__, ifindex, ifname, alg, addr, key_idx, set_tx,
5765		   (unsigned long) seq_len, (unsigned long) key_len);
5766#ifdef CONFIG_TDLS
5767	if (key_idx == -1) {
5768		key_idx = 0;
5769		tdls = 1;
5770	}
5771#endif /* CONFIG_TDLS */
5772
5773	msg = nlmsg_alloc();
5774	if (!msg)
5775		return -ENOMEM;
5776
5777	if (alg == WPA_ALG_NONE) {
5778		nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY);
5779	} else {
5780		nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY);
5781		NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
5782		wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len);
5783		NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
5784			    wpa_alg_to_cipher_suite(alg, key_len));
5785	}
5786
5787	if (seq && seq_len) {
5788		NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
5789		wpa_hexdump(MSG_DEBUG, "nl80211: KEY_SEQ", seq, seq_len);
5790	}
5791
5792	if (addr && !is_broadcast_ether_addr(addr)) {
5793		wpa_printf(MSG_DEBUG, "   addr=" MACSTR, MAC2STR(addr));
5794		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5795
5796		if (alg != WPA_ALG_WEP && key_idx && !set_tx) {
5797			wpa_printf(MSG_DEBUG, "   RSN IBSS RX GTK");
5798			NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE,
5799				    NL80211_KEYTYPE_GROUP);
5800		}
5801	} else if (addr && is_broadcast_ether_addr(addr)) {
5802		struct nlattr *types;
5803
5804		wpa_printf(MSG_DEBUG, "   broadcast key");
5805
5806		types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
5807		if (!types)
5808			goto nla_put_failure;
5809		NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
5810		nla_nest_end(msg, types);
5811	}
5812	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
5813	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
5814
5815	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5816	if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
5817		ret = 0;
5818	if (ret)
5819		wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
5820			   ret, strerror(-ret));
5821
5822	/*
5823	 * If we failed or don't need to set the default TX key (below),
5824	 * we're done here.
5825	 */
5826	if (ret || !set_tx || alg == WPA_ALG_NONE || tdls)
5827		return ret;
5828	if (is_ap_interface(drv->nlmode) && addr &&
5829	    !is_broadcast_ether_addr(addr))
5830		return ret;
5831
5832	msg = nlmsg_alloc();
5833	if (!msg)
5834		return -ENOMEM;
5835
5836	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY);
5837	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
5838	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
5839	if (alg == WPA_ALG_IGTK)
5840		NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
5841	else
5842		NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
5843	if (addr && is_broadcast_ether_addr(addr)) {
5844		struct nlattr *types;
5845
5846		types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
5847		if (!types)
5848			goto nla_put_failure;
5849		NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
5850		nla_nest_end(msg, types);
5851	} else if (addr) {
5852		struct nlattr *types;
5853
5854		types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
5855		if (!types)
5856			goto nla_put_failure;
5857		NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_UNICAST);
5858		nla_nest_end(msg, types);
5859	}
5860
5861	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5862	if (ret == -ENOENT)
5863		ret = 0;
5864	if (ret)
5865		wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
5866			   "err=%d %s)", ret, strerror(-ret));
5867	return ret;
5868
5869nla_put_failure:
5870	nlmsg_free(msg);
5871	return -ENOBUFS;
5872}
5873
5874
5875static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
5876		      int key_idx, int defkey,
5877		      const u8 *seq, size_t seq_len,
5878		      const u8 *key, size_t key_len)
5879{
5880	struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
5881	if (!key_attr)
5882		return -1;
5883
5884	if (defkey && alg == WPA_ALG_IGTK)
5885		NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT);
5886	else if (defkey)
5887		NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
5888
5889	NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx);
5890
5891	NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
5892		    wpa_alg_to_cipher_suite(alg, key_len));
5893
5894	if (seq && seq_len)
5895		NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq);
5896
5897	NLA_PUT(msg, NL80211_KEY_DATA, key_len, key);
5898
5899	nla_nest_end(msg, key_attr);
5900
5901	return 0;
5902 nla_put_failure:
5903	return -1;
5904}
5905
5906
5907static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
5908				 struct nl_msg *msg)
5909{
5910	int i, privacy = 0;
5911	struct nlattr *nl_keys, *nl_key;
5912
5913	for (i = 0; i < 4; i++) {
5914		if (!params->wep_key[i])
5915			continue;
5916		privacy = 1;
5917		break;
5918	}
5919	if (params->wps == WPS_MODE_PRIVACY)
5920		privacy = 1;
5921	if (params->pairwise_suite &&
5922	    params->pairwise_suite != WPA_CIPHER_NONE)
5923		privacy = 1;
5924
5925	if (!privacy)
5926		return 0;
5927
5928	NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
5929
5930	nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
5931	if (!nl_keys)
5932		goto nla_put_failure;
5933
5934	for (i = 0; i < 4; i++) {
5935		if (!params->wep_key[i])
5936			continue;
5937
5938		nl_key = nla_nest_start(msg, i);
5939		if (!nl_key)
5940			goto nla_put_failure;
5941
5942		NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i],
5943			params->wep_key[i]);
5944		if (params->wep_key_len[i] == 5)
5945			NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
5946				    WLAN_CIPHER_SUITE_WEP40);
5947		else
5948			NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
5949				    WLAN_CIPHER_SUITE_WEP104);
5950
5951		NLA_PUT_U8(msg, NL80211_KEY_IDX, i);
5952
5953		if (i == params->wep_tx_keyidx)
5954			NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
5955
5956		nla_nest_end(msg, nl_key);
5957	}
5958	nla_nest_end(msg, nl_keys);
5959
5960	return 0;
5961
5962nla_put_failure:
5963	return -ENOBUFS;
5964}
5965
5966
5967static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
5968				   const u8 *addr, int cmd, u16 reason_code,
5969				   int local_state_change)
5970{
5971	int ret = -1;
5972	struct nl_msg *msg;
5973
5974	msg = nlmsg_alloc();
5975	if (!msg)
5976		return -1;
5977
5978	nl80211_cmd(drv, msg, 0, cmd);
5979
5980	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5981	NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
5982	if (addr)
5983		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5984	if (local_state_change)
5985		NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
5986
5987	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5988	msg = NULL;
5989	if (ret) {
5990		wpa_dbg(drv->ctx, MSG_DEBUG,
5991			"nl80211: MLME command failed: reason=%u ret=%d (%s)",
5992			reason_code, ret, strerror(-ret));
5993		goto nla_put_failure;
5994	}
5995	ret = 0;
5996
5997nla_put_failure:
5998	nlmsg_free(msg);
5999	return ret;
6000}
6001
6002
6003static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
6004					 int reason_code)
6005{
6006	int ret;
6007
6008	wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code);
6009	nl80211_mark_disconnected(drv);
6010	/* Disconnect command doesn't need BSSID - it uses cached value */
6011	ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT,
6012				      reason_code, 0);
6013	/*
6014	 * For locally generated disconnect, supplicant already generates a
6015	 * DEAUTH event, so ignore the event from NL80211.
6016	 */
6017	drv->ignore_next_local_disconnect = ret == 0;
6018
6019	return ret;
6020}
6021
6022
6023static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss,
6024					     const u8 *addr, int reason_code)
6025{
6026	struct wpa_driver_nl80211_data *drv = bss->drv;
6027	int ret;
6028
6029	if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
6030		nl80211_mark_disconnected(drv);
6031		return nl80211_leave_ibss(drv);
6032	}
6033	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
6034		return wpa_driver_nl80211_disconnect(drv, reason_code);
6035	wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
6036		   __func__, MAC2STR(addr), reason_code);
6037	nl80211_mark_disconnected(drv);
6038	ret = wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
6039				      reason_code, 0);
6040	/*
6041	 * For locally generated deauthenticate, supplicant already generates a
6042	 * DEAUTH event, so ignore the event from NL80211.
6043	 */
6044	drv->ignore_next_local_deauth = ret == 0;
6045	return ret;
6046}
6047
6048
6049static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv,
6050				     struct wpa_driver_auth_params *params)
6051{
6052	int i;
6053
6054	drv->auth_freq = params->freq;
6055	drv->auth_alg = params->auth_alg;
6056	drv->auth_wep_tx_keyidx = params->wep_tx_keyidx;
6057	drv->auth_local_state_change = params->local_state_change;
6058	drv->auth_p2p = params->p2p;
6059
6060	if (params->bssid)
6061		os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN);
6062	else
6063		os_memset(drv->auth_bssid_, 0, ETH_ALEN);
6064
6065	if (params->ssid) {
6066		os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len);
6067		drv->auth_ssid_len = params->ssid_len;
6068	} else
6069		drv->auth_ssid_len = 0;
6070
6071
6072	os_free(drv->auth_ie);
6073	drv->auth_ie = NULL;
6074	drv->auth_ie_len = 0;
6075	if (params->ie) {
6076		drv->auth_ie = os_malloc(params->ie_len);
6077		if (drv->auth_ie) {
6078			os_memcpy(drv->auth_ie, params->ie, params->ie_len);
6079			drv->auth_ie_len = params->ie_len;
6080		}
6081	}
6082
6083	for (i = 0; i < 4; i++) {
6084		if (params->wep_key[i] && params->wep_key_len[i] &&
6085		    params->wep_key_len[i] <= 16) {
6086			os_memcpy(drv->auth_wep_key[i], params->wep_key[i],
6087				  params->wep_key_len[i]);
6088			drv->auth_wep_key_len[i] = params->wep_key_len[i];
6089		} else
6090			drv->auth_wep_key_len[i] = 0;
6091	}
6092}
6093
6094
6095static int wpa_driver_nl80211_authenticate(
6096	struct i802_bss *bss, struct wpa_driver_auth_params *params)
6097{
6098	struct wpa_driver_nl80211_data *drv = bss->drv;
6099	int ret = -1, i;
6100	struct nl_msg *msg;
6101	enum nl80211_auth_type type;
6102	enum nl80211_iftype nlmode;
6103	int count = 0;
6104	int is_retry;
6105
6106	is_retry = drv->retry_auth;
6107	drv->retry_auth = 0;
6108	drv->ignore_deauth_event = 0;
6109
6110	nl80211_mark_disconnected(drv);
6111	os_memset(drv->auth_bssid, 0, ETH_ALEN);
6112	if (params->bssid)
6113		os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN);
6114	else
6115		os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
6116	/* FIX: IBSS mode */
6117	nlmode = params->p2p ?
6118		NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
6119	if (drv->nlmode != nlmode &&
6120	    wpa_driver_nl80211_set_mode(bss, nlmode) < 0)
6121		return -1;
6122
6123retry:
6124	msg = nlmsg_alloc();
6125	if (!msg)
6126		return -1;
6127
6128	wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
6129		   drv->ifindex);
6130
6131	nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE);
6132
6133	for (i = 0; i < 4; i++) {
6134		if (!params->wep_key[i])
6135			continue;
6136		wpa_driver_nl80211_set_key(bss->ifname, bss, WPA_ALG_WEP,
6137					   NULL, i,
6138					   i == params->wep_tx_keyidx, NULL, 0,
6139					   params->wep_key[i],
6140					   params->wep_key_len[i]);
6141		if (params->wep_tx_keyidx != i)
6142			continue;
6143		if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
6144			       params->wep_key[i], params->wep_key_len[i])) {
6145			nlmsg_free(msg);
6146			return -1;
6147		}
6148	}
6149
6150	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6151	if (params->bssid) {
6152		wpa_printf(MSG_DEBUG, "  * bssid=" MACSTR,
6153			   MAC2STR(params->bssid));
6154		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
6155	}
6156	if (params->freq) {
6157		wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq);
6158		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
6159	}
6160	if (params->ssid) {
6161		wpa_hexdump_ascii(MSG_DEBUG, "  * SSID",
6162				  params->ssid, params->ssid_len);
6163		NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
6164			params->ssid);
6165	}
6166	wpa_hexdump(MSG_DEBUG, "  * IEs", params->ie, params->ie_len);
6167	if (params->ie)
6168		NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
6169	if (params->sae_data) {
6170		wpa_hexdump(MSG_DEBUG, "  * SAE data", params->sae_data,
6171			    params->sae_data_len);
6172		NLA_PUT(msg, NL80211_ATTR_SAE_DATA, params->sae_data_len,
6173			params->sae_data);
6174	}
6175	if (params->auth_alg & WPA_AUTH_ALG_OPEN)
6176		type = NL80211_AUTHTYPE_OPEN_SYSTEM;
6177	else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
6178		type = NL80211_AUTHTYPE_SHARED_KEY;
6179	else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
6180		type = NL80211_AUTHTYPE_NETWORK_EAP;
6181	else if (params->auth_alg & WPA_AUTH_ALG_FT)
6182		type = NL80211_AUTHTYPE_FT;
6183	else if (params->auth_alg & WPA_AUTH_ALG_SAE)
6184		type = NL80211_AUTHTYPE_SAE;
6185	else
6186		goto nla_put_failure;
6187	wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
6188	NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
6189	if (params->local_state_change) {
6190		wpa_printf(MSG_DEBUG, "  * Local state change only");
6191		NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
6192	}
6193
6194	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6195	msg = NULL;
6196	if (ret) {
6197		wpa_dbg(drv->ctx, MSG_DEBUG,
6198			"nl80211: MLME command failed (auth): ret=%d (%s)",
6199			ret, strerror(-ret));
6200		count++;
6201		if (ret == -EALREADY && count == 1 && params->bssid &&
6202		    !params->local_state_change) {
6203			/*
6204			 * mac80211 does not currently accept new
6205			 * authentication if we are already authenticated. As a
6206			 * workaround, force deauthentication and try again.
6207			 */
6208			wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
6209				   "after forced deauthentication");
6210			drv->ignore_deauth_event = 1;
6211			wpa_driver_nl80211_deauthenticate(
6212				bss, params->bssid,
6213				WLAN_REASON_PREV_AUTH_NOT_VALID);
6214			nlmsg_free(msg);
6215			goto retry;
6216		}
6217
6218		if (ret == -ENOENT && params->freq && !is_retry) {
6219			/*
6220			 * cfg80211 has likely expired the BSS entry even
6221			 * though it was previously available in our internal
6222			 * BSS table. To recover quickly, start a single
6223			 * channel scan on the specified channel.
6224			 */
6225			struct wpa_driver_scan_params scan;
6226			int freqs[2];
6227
6228			os_memset(&scan, 0, sizeof(scan));
6229			scan.num_ssids = 1;
6230			if (params->ssid) {
6231				scan.ssids[0].ssid = params->ssid;
6232				scan.ssids[0].ssid_len = params->ssid_len;
6233			}
6234			freqs[0] = params->freq;
6235			freqs[1] = 0;
6236			scan.freqs = freqs;
6237			wpa_printf(MSG_DEBUG, "nl80211: Trigger single "
6238				   "channel scan to refresh cfg80211 BSS "
6239				   "entry");
6240			ret = wpa_driver_nl80211_scan(bss, &scan);
6241			if (ret == 0) {
6242				nl80211_copy_auth_params(drv, params);
6243				drv->scan_for_auth = 1;
6244			}
6245		} else if (is_retry) {
6246			/*
6247			 * Need to indicate this with an event since the return
6248			 * value from the retry is not delivered to core code.
6249			 */
6250			union wpa_event_data event;
6251			wpa_printf(MSG_DEBUG, "nl80211: Authentication retry "
6252				   "failed");
6253			os_memset(&event, 0, sizeof(event));
6254			os_memcpy(event.timeout_event.addr, drv->auth_bssid_,
6255				  ETH_ALEN);
6256			wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT,
6257					     &event);
6258		}
6259
6260		goto nla_put_failure;
6261	}
6262	ret = 0;
6263	wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
6264		   "successfully");
6265
6266nla_put_failure:
6267	nlmsg_free(msg);
6268	return ret;
6269}
6270
6271
6272static int wpa_driver_nl80211_authenticate_retry(
6273	struct wpa_driver_nl80211_data *drv)
6274{
6275	struct wpa_driver_auth_params params;
6276	struct i802_bss *bss = drv->first_bss;
6277	int i;
6278
6279	wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again");
6280
6281	os_memset(&params, 0, sizeof(params));
6282	params.freq = drv->auth_freq;
6283	params.auth_alg = drv->auth_alg;
6284	params.wep_tx_keyidx = drv->auth_wep_tx_keyidx;
6285	params.local_state_change = drv->auth_local_state_change;
6286	params.p2p = drv->auth_p2p;
6287
6288	if (!is_zero_ether_addr(drv->auth_bssid_))
6289		params.bssid = drv->auth_bssid_;
6290
6291	if (drv->auth_ssid_len) {
6292		params.ssid = drv->auth_ssid;
6293		params.ssid_len = drv->auth_ssid_len;
6294	}
6295
6296	params.ie = drv->auth_ie;
6297	params.ie_len = drv->auth_ie_len;
6298
6299	for (i = 0; i < 4; i++) {
6300		if (drv->auth_wep_key_len[i]) {
6301			params.wep_key[i] = drv->auth_wep_key[i];
6302			params.wep_key_len[i] = drv->auth_wep_key_len[i];
6303		}
6304	}
6305
6306	drv->retry_auth = 1;
6307	return wpa_driver_nl80211_authenticate(bss, &params);
6308}
6309
6310
6311struct phy_info_arg {
6312	u16 *num_modes;
6313	struct hostapd_hw_modes *modes;
6314	int last_mode, last_chan_idx;
6315};
6316
6317static void phy_info_ht_capa(struct hostapd_hw_modes *mode, struct nlattr *capa,
6318			     struct nlattr *ampdu_factor,
6319			     struct nlattr *ampdu_density,
6320			     struct nlattr *mcs_set)
6321{
6322	if (capa)
6323		mode->ht_capab = nla_get_u16(capa);
6324
6325	if (ampdu_factor)
6326		mode->a_mpdu_params |= nla_get_u8(ampdu_factor) & 0x03;
6327
6328	if (ampdu_density)
6329		mode->a_mpdu_params |= nla_get_u8(ampdu_density) << 2;
6330
6331	if (mcs_set && nla_len(mcs_set) >= 16) {
6332		u8 *mcs;
6333		mcs = nla_data(mcs_set);
6334		os_memcpy(mode->mcs_set, mcs, 16);
6335	}
6336}
6337
6338
6339static void phy_info_vht_capa(struct hostapd_hw_modes *mode,
6340			      struct nlattr *capa,
6341			      struct nlattr *mcs_set)
6342{
6343	if (capa)
6344		mode->vht_capab = nla_get_u32(capa);
6345
6346	if (mcs_set && nla_len(mcs_set) >= 8) {
6347		u8 *mcs;
6348		mcs = nla_data(mcs_set);
6349		os_memcpy(mode->vht_mcs_set, mcs, 8);
6350	}
6351}
6352
6353
6354static void phy_info_freq(struct hostapd_hw_modes *mode,
6355			  struct hostapd_channel_data *chan,
6356			  struct nlattr *tb_freq[])
6357{
6358	u8 channel;
6359	chan->freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
6360	chan->flag = 0;
6361	chan->dfs_cac_ms = 0;
6362	if (ieee80211_freq_to_chan(chan->freq, &channel) != NUM_HOSTAPD_MODES)
6363		chan->chan = channel;
6364
6365	if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
6366		chan->flag |= HOSTAPD_CHAN_DISABLED;
6367	if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IR])
6368		chan->flag |= HOSTAPD_CHAN_PASSIVE_SCAN | HOSTAPD_CHAN_NO_IBSS;
6369	if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
6370		chan->flag |= HOSTAPD_CHAN_RADAR;
6371
6372	if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]) {
6373		enum nl80211_dfs_state state =
6374			nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]);
6375
6376		switch (state) {
6377		case NL80211_DFS_USABLE:
6378			chan->flag |= HOSTAPD_CHAN_DFS_USABLE;
6379			break;
6380		case NL80211_DFS_AVAILABLE:
6381			chan->flag |= HOSTAPD_CHAN_DFS_AVAILABLE;
6382			break;
6383		case NL80211_DFS_UNAVAILABLE:
6384			chan->flag |= HOSTAPD_CHAN_DFS_UNAVAILABLE;
6385			break;
6386		}
6387	}
6388
6389	if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_CAC_TIME]) {
6390		chan->dfs_cac_ms = nla_get_u32(
6391			tb_freq[NL80211_FREQUENCY_ATTR_DFS_CAC_TIME]);
6392	}
6393}
6394
6395
6396static int phy_info_freqs(struct phy_info_arg *phy_info,
6397			  struct hostapd_hw_modes *mode, struct nlattr *tb)
6398{
6399	static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
6400		[NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
6401		[NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
6402		[NL80211_FREQUENCY_ATTR_NO_IR] = { .type = NLA_FLAG },
6403		[NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
6404		[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
6405		[NL80211_FREQUENCY_ATTR_DFS_STATE] = { .type = NLA_U32 },
6406	};
6407	int new_channels = 0;
6408	struct hostapd_channel_data *channel;
6409	struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
6410	struct nlattr *nl_freq;
6411	int rem_freq, idx;
6412
6413	if (tb == NULL)
6414		return NL_OK;
6415
6416	nla_for_each_nested(nl_freq, tb, rem_freq) {
6417		nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX,
6418			  nla_data(nl_freq), nla_len(nl_freq), freq_policy);
6419		if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
6420			continue;
6421		new_channels++;
6422	}
6423
6424	channel = os_realloc_array(mode->channels,
6425				   mode->num_channels + new_channels,
6426				   sizeof(struct hostapd_channel_data));
6427	if (!channel)
6428		return NL_SKIP;
6429
6430	mode->channels = channel;
6431	mode->num_channels += new_channels;
6432
6433	idx = phy_info->last_chan_idx;
6434
6435	nla_for_each_nested(nl_freq, tb, rem_freq) {
6436		nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX,
6437			  nla_data(nl_freq), nla_len(nl_freq), freq_policy);
6438		if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
6439			continue;
6440		phy_info_freq(mode, &mode->channels[idx], tb_freq);
6441		idx++;
6442	}
6443	phy_info->last_chan_idx = idx;
6444
6445	return NL_OK;
6446}
6447
6448
6449static int phy_info_rates(struct hostapd_hw_modes *mode, struct nlattr *tb)
6450{
6451	static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
6452		[NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
6453		[NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] =
6454		{ .type = NLA_FLAG },
6455	};
6456	struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
6457	struct nlattr *nl_rate;
6458	int rem_rate, idx;
6459
6460	if (tb == NULL)
6461		return NL_OK;
6462
6463	nla_for_each_nested(nl_rate, tb, rem_rate) {
6464		nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX,
6465			  nla_data(nl_rate), nla_len(nl_rate),
6466			  rate_policy);
6467		if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
6468			continue;
6469		mode->num_rates++;
6470	}
6471
6472	mode->rates = os_calloc(mode->num_rates, sizeof(int));
6473	if (!mode->rates)
6474		return NL_SKIP;
6475
6476	idx = 0;
6477
6478	nla_for_each_nested(nl_rate, tb, rem_rate) {
6479		nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX,
6480			  nla_data(nl_rate), nla_len(nl_rate),
6481			  rate_policy);
6482		if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
6483			continue;
6484		mode->rates[idx] = nla_get_u32(
6485			tb_rate[NL80211_BITRATE_ATTR_RATE]);
6486		idx++;
6487	}
6488
6489	return NL_OK;
6490}
6491
6492
6493static int phy_info_band(struct phy_info_arg *phy_info, struct nlattr *nl_band)
6494{
6495	struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
6496	struct hostapd_hw_modes *mode;
6497	int ret;
6498
6499	if (phy_info->last_mode != nl_band->nla_type) {
6500		mode = os_realloc_array(phy_info->modes,
6501					*phy_info->num_modes + 1,
6502					sizeof(*mode));
6503		if (!mode)
6504			return NL_SKIP;
6505		phy_info->modes = mode;
6506
6507		mode = &phy_info->modes[*(phy_info->num_modes)];
6508		os_memset(mode, 0, sizeof(*mode));
6509		mode->mode = NUM_HOSTAPD_MODES;
6510		mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN |
6511			HOSTAPD_MODE_FLAG_VHT_INFO_KNOWN;
6512
6513		/*
6514		 * Unsupported VHT MCS stream is defined as value 3, so the VHT
6515		 * MCS RX/TX map must be initialized with 0xffff to mark all 8
6516		 * possible streams as unsupported. This will be overridden if
6517		 * driver advertises VHT support.
6518		 */
6519		mode->vht_mcs_set[0] = 0xff;
6520		mode->vht_mcs_set[1] = 0xff;
6521		mode->vht_mcs_set[4] = 0xff;
6522		mode->vht_mcs_set[5] = 0xff;
6523
6524		*(phy_info->num_modes) += 1;
6525		phy_info->last_mode = nl_band->nla_type;
6526		phy_info->last_chan_idx = 0;
6527	} else
6528		mode = &phy_info->modes[*(phy_info->num_modes) - 1];
6529
6530	nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
6531		  nla_len(nl_band), NULL);
6532
6533	phy_info_ht_capa(mode, tb_band[NL80211_BAND_ATTR_HT_CAPA],
6534			 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR],
6535			 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY],
6536			 tb_band[NL80211_BAND_ATTR_HT_MCS_SET]);
6537	phy_info_vht_capa(mode, tb_band[NL80211_BAND_ATTR_VHT_CAPA],
6538			  tb_band[NL80211_BAND_ATTR_VHT_MCS_SET]);
6539	ret = phy_info_freqs(phy_info, mode, tb_band[NL80211_BAND_ATTR_FREQS]);
6540	if (ret != NL_OK)
6541		return ret;
6542	ret = phy_info_rates(mode, tb_band[NL80211_BAND_ATTR_RATES]);
6543	if (ret != NL_OK)
6544		return ret;
6545
6546	return NL_OK;
6547}
6548
6549
6550static int phy_info_handler(struct nl_msg *msg, void *arg)
6551{
6552	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
6553	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6554	struct phy_info_arg *phy_info = arg;
6555	struct nlattr *nl_band;
6556	int rem_band;
6557
6558	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6559		  genlmsg_attrlen(gnlh, 0), NULL);
6560
6561	if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
6562		return NL_SKIP;
6563
6564	nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band)
6565	{
6566		int res = phy_info_band(phy_info, nl_band);
6567		if (res != NL_OK)
6568			return res;
6569	}
6570
6571	return NL_SKIP;
6572}
6573
6574
6575static struct hostapd_hw_modes *
6576wpa_driver_nl80211_postprocess_modes(struct hostapd_hw_modes *modes,
6577				     u16 *num_modes)
6578{
6579	u16 m;
6580	struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
6581	int i, mode11g_idx = -1;
6582
6583	/* heuristic to set up modes */
6584	for (m = 0; m < *num_modes; m++) {
6585		if (!modes[m].num_channels)
6586			continue;
6587		if (modes[m].channels[0].freq < 4000) {
6588			modes[m].mode = HOSTAPD_MODE_IEEE80211B;
6589			for (i = 0; i < modes[m].num_rates; i++) {
6590				if (modes[m].rates[i] > 200) {
6591					modes[m].mode = HOSTAPD_MODE_IEEE80211G;
6592					break;
6593				}
6594			}
6595		} else if (modes[m].channels[0].freq > 50000)
6596			modes[m].mode = HOSTAPD_MODE_IEEE80211AD;
6597		else
6598			modes[m].mode = HOSTAPD_MODE_IEEE80211A;
6599	}
6600
6601	/* If only 802.11g mode is included, use it to construct matching
6602	 * 802.11b mode data. */
6603
6604	for (m = 0; m < *num_modes; m++) {
6605		if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
6606			return modes; /* 802.11b already included */
6607		if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
6608			mode11g_idx = m;
6609	}
6610
6611	if (mode11g_idx < 0)
6612		return modes; /* 2.4 GHz band not supported at all */
6613
6614	nmodes = os_realloc_array(modes, *num_modes + 1, sizeof(*nmodes));
6615	if (nmodes == NULL)
6616		return modes; /* Could not add 802.11b mode */
6617
6618	mode = &nmodes[*num_modes];
6619	os_memset(mode, 0, sizeof(*mode));
6620	(*num_modes)++;
6621	modes = nmodes;
6622
6623	mode->mode = HOSTAPD_MODE_IEEE80211B;
6624
6625	mode11g = &modes[mode11g_idx];
6626	mode->num_channels = mode11g->num_channels;
6627	mode->channels = os_malloc(mode11g->num_channels *
6628				   sizeof(struct hostapd_channel_data));
6629	if (mode->channels == NULL) {
6630		(*num_modes)--;
6631		return modes; /* Could not add 802.11b mode */
6632	}
6633	os_memcpy(mode->channels, mode11g->channels,
6634		  mode11g->num_channels * sizeof(struct hostapd_channel_data));
6635
6636	mode->num_rates = 0;
6637	mode->rates = os_malloc(4 * sizeof(int));
6638	if (mode->rates == NULL) {
6639		os_free(mode->channels);
6640		(*num_modes)--;
6641		return modes; /* Could not add 802.11b mode */
6642	}
6643
6644	for (i = 0; i < mode11g->num_rates; i++) {
6645		if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 &&
6646		    mode11g->rates[i] != 55 && mode11g->rates[i] != 110)
6647			continue;
6648		mode->rates[mode->num_rates] = mode11g->rates[i];
6649		mode->num_rates++;
6650		if (mode->num_rates == 4)
6651			break;
6652	}
6653
6654	if (mode->num_rates == 0) {
6655		os_free(mode->channels);
6656		os_free(mode->rates);
6657		(*num_modes)--;
6658		return modes; /* No 802.11b rates */
6659	}
6660
6661	wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
6662		   "information");
6663
6664	return modes;
6665}
6666
6667
6668static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start,
6669				  int end)
6670{
6671	int c;
6672
6673	for (c = 0; c < mode->num_channels; c++) {
6674		struct hostapd_channel_data *chan = &mode->channels[c];
6675		if (chan->freq - 10 >= start && chan->freq + 10 <= end)
6676			chan->flag |= HOSTAPD_CHAN_HT40;
6677	}
6678}
6679
6680
6681static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start,
6682				      int end)
6683{
6684	int c;
6685
6686	for (c = 0; c < mode->num_channels; c++) {
6687		struct hostapd_channel_data *chan = &mode->channels[c];
6688		if (!(chan->flag & HOSTAPD_CHAN_HT40))
6689			continue;
6690		if (chan->freq - 30 >= start && chan->freq - 10 <= end)
6691			chan->flag |= HOSTAPD_CHAN_HT40MINUS;
6692		if (chan->freq + 10 >= start && chan->freq + 30 <= end)
6693			chan->flag |= HOSTAPD_CHAN_HT40PLUS;
6694	}
6695}
6696
6697
6698static void nl80211_reg_rule_max_eirp(u32 start, u32 end, u32 max_eirp,
6699				      struct phy_info_arg *results)
6700{
6701	u16 m;
6702
6703	for (m = 0; m < *results->num_modes; m++) {
6704		int c;
6705		struct hostapd_hw_modes *mode = &results->modes[m];
6706
6707		for (c = 0; c < mode->num_channels; c++) {
6708			struct hostapd_channel_data *chan = &mode->channels[c];
6709			if ((u32) chan->freq - 10 >= start &&
6710			    (u32) chan->freq + 10 <= end)
6711				chan->max_tx_power = max_eirp;
6712		}
6713	}
6714}
6715
6716
6717static void nl80211_reg_rule_ht40(u32 start, u32 end,
6718				  struct phy_info_arg *results)
6719{
6720	u16 m;
6721
6722	for (m = 0; m < *results->num_modes; m++) {
6723		if (!(results->modes[m].ht_capab &
6724		      HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
6725			continue;
6726		nl80211_set_ht40_mode(&results->modes[m], start, end);
6727	}
6728}
6729
6730
6731static void nl80211_reg_rule_sec(struct nlattr *tb[],
6732				 struct phy_info_arg *results)
6733{
6734	u32 start, end, max_bw;
6735	u16 m;
6736
6737	if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
6738	    tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
6739	    tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
6740		return;
6741
6742	start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
6743	end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
6744	max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
6745
6746	if (max_bw < 20)
6747		return;
6748
6749	for (m = 0; m < *results->num_modes; m++) {
6750		if (!(results->modes[m].ht_capab &
6751		      HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
6752			continue;
6753		nl80211_set_ht40_mode_sec(&results->modes[m], start, end);
6754	}
6755}
6756
6757
6758static void nl80211_set_vht_mode(struct hostapd_hw_modes *mode, int start,
6759				 int end)
6760{
6761	int c;
6762
6763	for (c = 0; c < mode->num_channels; c++) {
6764		struct hostapd_channel_data *chan = &mode->channels[c];
6765		if (chan->freq - 10 >= start && chan->freq + 70 <= end)
6766			chan->flag |= HOSTAPD_CHAN_VHT_10_70;
6767
6768		if (chan->freq - 30 >= start && chan->freq + 50 <= end)
6769			chan->flag |= HOSTAPD_CHAN_VHT_30_50;
6770
6771		if (chan->freq - 50 >= start && chan->freq + 30 <= end)
6772			chan->flag |= HOSTAPD_CHAN_VHT_50_30;
6773
6774		if (chan->freq - 70 >= start && chan->freq + 10 <= end)
6775			chan->flag |= HOSTAPD_CHAN_VHT_70_10;
6776	}
6777}
6778
6779
6780static void nl80211_reg_rule_vht(struct nlattr *tb[],
6781				 struct phy_info_arg *results)
6782{
6783	u32 start, end, max_bw;
6784	u16 m;
6785
6786	if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
6787	    tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
6788	    tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
6789		return;
6790
6791	start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
6792	end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
6793	max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
6794
6795	if (max_bw < 80)
6796		return;
6797
6798	for (m = 0; m < *results->num_modes; m++) {
6799		if (!(results->modes[m].ht_capab &
6800		      HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
6801			continue;
6802		/* TODO: use a real VHT support indication */
6803		if (!results->modes[m].vht_capab)
6804			continue;
6805
6806		nl80211_set_vht_mode(&results->modes[m], start, end);
6807	}
6808}
6809
6810
6811static const char * dfs_domain_name(enum nl80211_dfs_regions region)
6812{
6813	switch (region) {
6814	case NL80211_DFS_UNSET:
6815		return "DFS-UNSET";
6816	case NL80211_DFS_FCC:
6817		return "DFS-FCC";
6818	case NL80211_DFS_ETSI:
6819		return "DFS-ETSI";
6820	case NL80211_DFS_JP:
6821		return "DFS-JP";
6822	default:
6823		return "DFS-invalid";
6824	}
6825}
6826
6827
6828static int nl80211_get_reg(struct nl_msg *msg, void *arg)
6829{
6830	struct phy_info_arg *results = arg;
6831	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
6832	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6833	struct nlattr *nl_rule;
6834	struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1];
6835	int rem_rule;
6836	static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
6837		[NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
6838		[NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
6839		[NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
6840		[NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
6841		[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
6842		[NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
6843	};
6844
6845	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6846		  genlmsg_attrlen(gnlh, 0), NULL);
6847	if (!tb_msg[NL80211_ATTR_REG_ALPHA2] ||
6848	    !tb_msg[NL80211_ATTR_REG_RULES]) {
6849		wpa_printf(MSG_DEBUG, "nl80211: No regulatory information "
6850			   "available");
6851		return NL_SKIP;
6852	}
6853
6854	if (tb_msg[NL80211_ATTR_DFS_REGION]) {
6855		enum nl80211_dfs_regions dfs_domain;
6856		dfs_domain = nla_get_u8(tb_msg[NL80211_ATTR_DFS_REGION]);
6857		wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s (%s)",
6858			   (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]),
6859			   dfs_domain_name(dfs_domain));
6860	} else {
6861		wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s",
6862			   (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]));
6863	}
6864
6865	nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
6866	{
6867		u32 start, end, max_eirp = 0, max_bw = 0, flags = 0;
6868		nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
6869			  nla_data(nl_rule), nla_len(nl_rule), reg_policy);
6870		if (tb_rule[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
6871		    tb_rule[NL80211_ATTR_FREQ_RANGE_END] == NULL)
6872			continue;
6873		start = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
6874		end = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
6875		if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP])
6876			max_eirp = nla_get_u32(tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) / 100;
6877		if (tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW])
6878			max_bw = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
6879		if (tb_rule[NL80211_ATTR_REG_RULE_FLAGS])
6880			flags = nla_get_u32(tb_rule[NL80211_ATTR_REG_RULE_FLAGS]);
6881
6882		wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz %u mBm%s%s%s%s%s%s%s%s",
6883			   start, end, max_bw, max_eirp,
6884			   flags & NL80211_RRF_NO_OFDM ? " (no OFDM)" : "",
6885			   flags & NL80211_RRF_NO_CCK ? " (no CCK)" : "",
6886			   flags & NL80211_RRF_NO_INDOOR ? " (no indoor)" : "",
6887			   flags & NL80211_RRF_NO_OUTDOOR ? " (no outdoor)" :
6888			   "",
6889			   flags & NL80211_RRF_DFS ? " (DFS)" : "",
6890			   flags & NL80211_RRF_PTP_ONLY ? " (PTP only)" : "",
6891			   flags & NL80211_RRF_PTMP_ONLY ? " (PTMP only)" : "",
6892			   flags & NL80211_RRF_NO_IR ? " (no IR)" : "");
6893		if (max_bw >= 40)
6894			nl80211_reg_rule_ht40(start, end, results);
6895		if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP])
6896			nl80211_reg_rule_max_eirp(start, end, max_eirp,
6897						  results);
6898	}
6899
6900	nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
6901	{
6902		nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
6903			  nla_data(nl_rule), nla_len(nl_rule), reg_policy);
6904		nl80211_reg_rule_sec(tb_rule, results);
6905	}
6906
6907	nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
6908	{
6909		nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
6910			  nla_data(nl_rule), nla_len(nl_rule), reg_policy);
6911		nl80211_reg_rule_vht(tb_rule, results);
6912	}
6913
6914	return NL_SKIP;
6915}
6916
6917
6918static int nl80211_set_regulatory_flags(struct wpa_driver_nl80211_data *drv,
6919					struct phy_info_arg *results)
6920{
6921	struct nl_msg *msg;
6922
6923	msg = nlmsg_alloc();
6924	if (!msg)
6925		return -ENOMEM;
6926
6927	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG);
6928	return send_and_recv_msgs(drv, msg, nl80211_get_reg, results);
6929}
6930
6931
6932static struct hostapd_hw_modes *
6933wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
6934{
6935	u32 feat;
6936	struct i802_bss *bss = priv;
6937	struct wpa_driver_nl80211_data *drv = bss->drv;
6938	struct nl_msg *msg;
6939	struct phy_info_arg result = {
6940		.num_modes = num_modes,
6941		.modes = NULL,
6942		.last_mode = -1,
6943	};
6944
6945	*num_modes = 0;
6946	*flags = 0;
6947
6948	msg = nlmsg_alloc();
6949	if (!msg)
6950		return NULL;
6951
6952	feat = get_nl80211_protocol_features(drv);
6953	if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP)
6954		nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY);
6955	else
6956		nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
6957
6958	NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP);
6959	if (nl80211_set_iface_id(msg, bss) < 0)
6960		goto nla_put_failure;
6961
6962	if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) {
6963		nl80211_set_regulatory_flags(drv, &result);
6964		return wpa_driver_nl80211_postprocess_modes(result.modes,
6965							    num_modes);
6966	}
6967	msg = NULL;
6968 nla_put_failure:
6969	nlmsg_free(msg);
6970	return NULL;
6971}
6972
6973
6974static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv,
6975					const void *data, size_t len,
6976					int encrypt, int noack)
6977{
6978	__u8 rtap_hdr[] = {
6979		0x00, 0x00, /* radiotap version */
6980		0x0e, 0x00, /* radiotap length */
6981		0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
6982		IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
6983		0x00,       /* padding */
6984		0x00, 0x00, /* RX and TX flags to indicate that */
6985		0x00, 0x00, /* this is the injected frame directly */
6986	};
6987	struct iovec iov[2] = {
6988		{
6989			.iov_base = &rtap_hdr,
6990			.iov_len = sizeof(rtap_hdr),
6991		},
6992		{
6993			.iov_base = (void *) data,
6994			.iov_len = len,
6995		}
6996	};
6997	struct msghdr msg = {
6998		.msg_name = NULL,
6999		.msg_namelen = 0,
7000		.msg_iov = iov,
7001		.msg_iovlen = 2,
7002		.msg_control = NULL,
7003		.msg_controllen = 0,
7004		.msg_flags = 0,
7005	};
7006	int res;
7007	u16 txflags = 0;
7008
7009	if (encrypt)
7010		rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
7011
7012	if (drv->monitor_sock < 0) {
7013		wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available "
7014			   "for %s", __func__);
7015		return -1;
7016	}
7017
7018	if (noack)
7019		txflags |= IEEE80211_RADIOTAP_F_TX_NOACK;
7020	WPA_PUT_LE16(&rtap_hdr[12], txflags);
7021
7022	res = sendmsg(drv->monitor_sock, &msg, 0);
7023	if (res < 0) {
7024		wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno));
7025		return -1;
7026	}
7027	return 0;
7028}
7029
7030
7031static int wpa_driver_nl80211_send_frame(struct i802_bss *bss,
7032					 const void *data, size_t len,
7033					 int encrypt, int noack,
7034					 unsigned int freq, int no_cck,
7035					 int offchanok, unsigned int wait_time)
7036{
7037	struct wpa_driver_nl80211_data *drv = bss->drv;
7038	u64 cookie;
7039	int res;
7040
7041	if (freq == 0 && drv->nlmode == NL80211_IFTYPE_ADHOC) {
7042		freq = nl80211_get_assoc_freq(drv);
7043		wpa_printf(MSG_DEBUG,
7044			   "nl80211: send_frame - Use assoc_freq=%u for IBSS",
7045			   freq);
7046	}
7047	if (freq == 0) {
7048		wpa_printf(MSG_DEBUG, "nl80211: send_frame - Use bss->freq=%u",
7049			   bss->freq);
7050		freq = bss->freq;
7051	}
7052
7053	if (drv->use_monitor) {
7054		wpa_printf(MSG_DEBUG, "nl80211: send_frame(freq=%u bss->freq=%u) -> send_mntr",
7055			   freq, bss->freq);
7056		return wpa_driver_nl80211_send_mntr(drv, data, len,
7057						    encrypt, noack);
7058	}
7059
7060	wpa_printf(MSG_DEBUG, "nl80211: send_frame -> send_frame_cmd");
7061	res = nl80211_send_frame_cmd(bss, freq, wait_time, data, len,
7062				     &cookie, no_cck, noack, offchanok);
7063	if (res == 0 && !noack) {
7064		const struct ieee80211_mgmt *mgmt;
7065		u16 fc;
7066
7067		mgmt = (const struct ieee80211_mgmt *) data;
7068		fc = le_to_host16(mgmt->frame_control);
7069		if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
7070		    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION) {
7071			wpa_printf(MSG_MSGDUMP,
7072				   "nl80211: Update send_action_cookie from 0x%llx to 0x%llx",
7073				   (long long unsigned int)
7074				   drv->send_action_cookie,
7075				   (long long unsigned int) cookie);
7076			drv->send_action_cookie = cookie;
7077		}
7078	}
7079
7080	return res;
7081}
7082
7083
7084static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data,
7085					size_t data_len, int noack,
7086					unsigned int freq, int no_cck,
7087					int offchanok,
7088					unsigned int wait_time)
7089{
7090	struct wpa_driver_nl80211_data *drv = bss->drv;
7091	struct ieee80211_mgmt *mgmt;
7092	int encrypt = 1;
7093	u16 fc;
7094
7095	mgmt = (struct ieee80211_mgmt *) data;
7096	fc = le_to_host16(mgmt->frame_control);
7097	wpa_printf(MSG_DEBUG, "nl80211: send_mlme - da= " MACSTR
7098		   " noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u fc=0x%x (%s) nlmode=%d",
7099		   MAC2STR(mgmt->da), noack, freq, no_cck, offchanok, wait_time,
7100		   fc, fc2str(fc), drv->nlmode);
7101
7102	if ((is_sta_interface(drv->nlmode) ||
7103	     drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) &&
7104	    WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
7105	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
7106		/*
7107		 * The use of last_mgmt_freq is a bit of a hack,
7108		 * but it works due to the single-threaded nature
7109		 * of wpa_supplicant.
7110		 */
7111		if (freq == 0) {
7112			wpa_printf(MSG_DEBUG, "nl80211: Use last_mgmt_freq=%d",
7113				   drv->last_mgmt_freq);
7114			freq = drv->last_mgmt_freq;
7115		}
7116		return nl80211_send_frame_cmd(bss, freq, 0,
7117					      data, data_len, NULL, 1, noack,
7118					      1);
7119	}
7120
7121	if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) {
7122		if (freq == 0) {
7123			wpa_printf(MSG_DEBUG, "nl80211: Use bss->freq=%d",
7124				   bss->freq);
7125			freq = bss->freq;
7126		}
7127		return nl80211_send_frame_cmd(bss, freq,
7128					      (int) freq == bss->freq ? 0 :
7129					      wait_time,
7130					      data, data_len,
7131					      &drv->send_action_cookie,
7132					      no_cck, noack, offchanok);
7133	}
7134
7135	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
7136	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
7137		/*
7138		 * Only one of the authentication frame types is encrypted.
7139		 * In order for static WEP encryption to work properly (i.e.,
7140		 * to not encrypt the frame), we need to tell mac80211 about
7141		 * the frames that must not be encrypted.
7142		 */
7143		u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
7144		u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
7145		if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
7146			encrypt = 0;
7147	}
7148
7149	wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame");
7150	return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt,
7151					     noack, freq, no_cck, offchanok,
7152					     wait_time);
7153}
7154
7155
7156static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble,
7157			   int slot, int ht_opmode, int ap_isolate,
7158			   int *basic_rates)
7159{
7160	struct wpa_driver_nl80211_data *drv = bss->drv;
7161	struct nl_msg *msg;
7162
7163	msg = nlmsg_alloc();
7164	if (!msg)
7165		return -ENOMEM;
7166
7167	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS);
7168
7169	if (cts >= 0)
7170		NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
7171	if (preamble >= 0)
7172		NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
7173	if (slot >= 0)
7174		NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
7175	if (ht_opmode >= 0)
7176		NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode);
7177	if (ap_isolate >= 0)
7178		NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate);
7179
7180	if (basic_rates) {
7181		u8 rates[NL80211_MAX_SUPP_RATES];
7182		u8 rates_len = 0;
7183		int i;
7184
7185		for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0;
7186		     i++)
7187			rates[rates_len++] = basic_rates[i] / 5;
7188
7189		NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
7190	}
7191
7192	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
7193
7194	return send_and_recv_msgs(drv, msg, NULL, NULL);
7195 nla_put_failure:
7196	nlmsg_free(msg);
7197	return -ENOBUFS;
7198}
7199
7200
7201static int wpa_driver_nl80211_set_acl(void *priv,
7202				      struct hostapd_acl_params *params)
7203{
7204	struct i802_bss *bss = priv;
7205	struct wpa_driver_nl80211_data *drv = bss->drv;
7206	struct nl_msg *msg;
7207	struct nlattr *acl;
7208	unsigned int i;
7209	int ret = 0;
7210
7211	if (!(drv->capa.max_acl_mac_addrs))
7212		return -ENOTSUP;
7213
7214	if (params->num_mac_acl > drv->capa.max_acl_mac_addrs)
7215		return -ENOTSUP;
7216
7217	msg = nlmsg_alloc();
7218	if (!msg)
7219		return -ENOMEM;
7220
7221	wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)",
7222		   params->acl_policy ? "Accept" : "Deny", params->num_mac_acl);
7223
7224	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_MAC_ACL);
7225
7226	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7227
7228	NLA_PUT_U32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ?
7229		    NL80211_ACL_POLICY_DENY_UNLESS_LISTED :
7230		    NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED);
7231
7232	acl = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
7233	if (acl == NULL)
7234		goto nla_put_failure;
7235
7236	for (i = 0; i < params->num_mac_acl; i++)
7237		NLA_PUT(msg, i + 1, ETH_ALEN, params->mac_acl[i].addr);
7238
7239	nla_nest_end(msg, acl);
7240
7241	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7242	msg = NULL;
7243	if (ret) {
7244		wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)",
7245			   ret, strerror(-ret));
7246	}
7247
7248nla_put_failure:
7249	nlmsg_free(msg);
7250
7251	return ret;
7252}
7253
7254
7255static int wpa_driver_nl80211_set_ap(void *priv,
7256				     struct wpa_driver_ap_params *params)
7257{
7258	struct i802_bss *bss = priv;
7259	struct wpa_driver_nl80211_data *drv = bss->drv;
7260	struct nl_msg *msg;
7261	u8 cmd = NL80211_CMD_NEW_BEACON;
7262	int ret;
7263	int beacon_set;
7264	int ifindex = if_nametoindex(bss->ifname);
7265	int num_suites;
7266	u32 suites[10], suite;
7267	u32 ver;
7268
7269	beacon_set = bss->beacon_set;
7270
7271	msg = nlmsg_alloc();
7272	if (!msg)
7273		return -ENOMEM;
7274
7275	wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
7276		   beacon_set);
7277	if (beacon_set)
7278		cmd = NL80211_CMD_SET_BEACON;
7279
7280	nl80211_cmd(drv, msg, 0, cmd);
7281	wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head",
7282		    params->head, params->head_len);
7283	NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head);
7284	wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail",
7285		    params->tail, params->tail_len);
7286	NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail);
7287	wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", ifindex);
7288	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
7289	wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int);
7290	NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int);
7291	wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period);
7292	NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period);
7293	wpa_hexdump_ascii(MSG_DEBUG, "nl80211: ssid",
7294			  params->ssid, params->ssid_len);
7295	NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
7296		params->ssid);
7297	if (params->proberesp && params->proberesp_len) {
7298		wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)",
7299			    params->proberesp, params->proberesp_len);
7300		NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len,
7301			params->proberesp);
7302	}
7303	switch (params->hide_ssid) {
7304	case NO_SSID_HIDING:
7305		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use");
7306		NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
7307			    NL80211_HIDDEN_SSID_NOT_IN_USE);
7308		break;
7309	case HIDDEN_SSID_ZERO_LEN:
7310		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len");
7311		NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
7312			    NL80211_HIDDEN_SSID_ZERO_LEN);
7313		break;
7314	case HIDDEN_SSID_ZERO_CONTENTS:
7315		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents");
7316		NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
7317			    NL80211_HIDDEN_SSID_ZERO_CONTENTS);
7318		break;
7319	}
7320	wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy);
7321	if (params->privacy)
7322		NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
7323	wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs);
7324	if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) ==
7325	    (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) {
7326		/* Leave out the attribute */
7327	} else if (params->auth_algs & WPA_AUTH_ALG_SHARED)
7328		NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
7329			    NL80211_AUTHTYPE_SHARED_KEY);
7330	else
7331		NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
7332			    NL80211_AUTHTYPE_OPEN_SYSTEM);
7333
7334	wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version);
7335	ver = 0;
7336	if (params->wpa_version & WPA_PROTO_WPA)
7337		ver |= NL80211_WPA_VERSION_1;
7338	if (params->wpa_version & WPA_PROTO_RSN)
7339		ver |= NL80211_WPA_VERSION_2;
7340	if (ver)
7341		NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
7342
7343	wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x",
7344		   params->key_mgmt_suites);
7345	num_suites = 0;
7346	if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X)
7347		suites[num_suites++] = WLAN_AKM_SUITE_8021X;
7348	if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)
7349		suites[num_suites++] = WLAN_AKM_SUITE_PSK;
7350	if (num_suites) {
7351		NLA_PUT(msg, NL80211_ATTR_AKM_SUITES,
7352			num_suites * sizeof(u32), suites);
7353	}
7354
7355	if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X &&
7356	    params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40))
7357		NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT);
7358
7359	wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x",
7360		   params->pairwise_ciphers);
7361	num_suites = wpa_cipher_to_cipher_suites(params->pairwise_ciphers,
7362						 suites, ARRAY_SIZE(suites));
7363	if (num_suites) {
7364		NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
7365			num_suites * sizeof(u32), suites);
7366	}
7367
7368	wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x",
7369		   params->group_cipher);
7370	suite = wpa_cipher_to_cipher_suite(params->group_cipher);
7371	if (suite)
7372		NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite);
7373
7374	if (params->beacon_ies) {
7375		wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies",
7376				params->beacon_ies);
7377		NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies),
7378			wpabuf_head(params->beacon_ies));
7379	}
7380	if (params->proberesp_ies) {
7381		wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies",
7382				params->proberesp_ies);
7383		NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP,
7384			wpabuf_len(params->proberesp_ies),
7385			wpabuf_head(params->proberesp_ies));
7386	}
7387	if (params->assocresp_ies) {
7388		wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies",
7389				params->assocresp_ies);
7390		NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP,
7391			wpabuf_len(params->assocresp_ies),
7392			wpabuf_head(params->assocresp_ies));
7393	}
7394
7395	if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)  {
7396		wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d",
7397			   params->ap_max_inactivity);
7398		NLA_PUT_U16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT,
7399			    params->ap_max_inactivity);
7400	}
7401
7402	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7403	if (ret) {
7404		wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
7405			   ret, strerror(-ret));
7406	} else {
7407		bss->beacon_set = 1;
7408		nl80211_set_bss(bss, params->cts_protect, params->preamble,
7409				params->short_slot_time, params->ht_opmode,
7410				params->isolate, params->basic_rates);
7411		if (beacon_set && params->freq &&
7412		    params->freq->bandwidth != bss->bandwidth) {
7413			wpa_printf(MSG_DEBUG,
7414				   "nl80211: Update BSS %s bandwidth: %d -> %d",
7415				   bss->ifname, bss->bandwidth,
7416				   params->freq->bandwidth);
7417			ret = nl80211_set_channel(bss, params->freq, 1);
7418			if (ret) {
7419				wpa_printf(MSG_DEBUG,
7420					   "nl80211: Frequency set failed: %d (%s)",
7421					   ret, strerror(-ret));
7422			} else {
7423				wpa_printf(MSG_DEBUG,
7424					   "nl80211: Frequency set succeeded for ht2040 coex");
7425				bss->bandwidth = params->freq->bandwidth;
7426			}
7427		} else if (!beacon_set) {
7428			/*
7429			 * cfg80211 updates the driver on frequence change in AP
7430			 * mode only at the point when beaconing is started, so
7431			 * set the initial value here.
7432			 */
7433			bss->bandwidth = params->freq->bandwidth;
7434		}
7435	}
7436	return ret;
7437 nla_put_failure:
7438	nlmsg_free(msg);
7439	return -ENOBUFS;
7440}
7441
7442
7443static int nl80211_put_freq_params(struct nl_msg *msg,
7444				   struct hostapd_freq_params *freq)
7445{
7446	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq);
7447	if (freq->vht_enabled) {
7448		switch (freq->bandwidth) {
7449		case 20:
7450			NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
7451				    NL80211_CHAN_WIDTH_20);
7452			break;
7453		case 40:
7454			NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
7455				    NL80211_CHAN_WIDTH_40);
7456			break;
7457		case 80:
7458			if (freq->center_freq2)
7459				NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
7460					    NL80211_CHAN_WIDTH_80P80);
7461			else
7462				NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
7463					    NL80211_CHAN_WIDTH_80);
7464			break;
7465		case 160:
7466			NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
7467				    NL80211_CHAN_WIDTH_160);
7468			break;
7469		default:
7470			return -EINVAL;
7471		}
7472		NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1);
7473		if (freq->center_freq2)
7474			NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2,
7475				    freq->center_freq2);
7476	} else if (freq->ht_enabled) {
7477		switch (freq->sec_channel_offset) {
7478		case -1:
7479			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
7480				    NL80211_CHAN_HT40MINUS);
7481			break;
7482		case 1:
7483			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
7484				    NL80211_CHAN_HT40PLUS);
7485			break;
7486		default:
7487			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
7488				    NL80211_CHAN_HT20);
7489			break;
7490		}
7491	}
7492	return 0;
7493
7494nla_put_failure:
7495	return -ENOBUFS;
7496}
7497
7498
7499static int nl80211_set_channel(struct i802_bss *bss,
7500			       struct hostapd_freq_params *freq, int set_chan)
7501{
7502	struct wpa_driver_nl80211_data *drv = bss->drv;
7503	struct nl_msg *msg;
7504	int ret;
7505
7506	wpa_printf(MSG_DEBUG,
7507		   "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
7508		   freq->freq, freq->ht_enabled, freq->vht_enabled,
7509		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
7510	msg = nlmsg_alloc();
7511	if (!msg)
7512		return -1;
7513
7514	nl80211_cmd(drv, msg, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
7515		    NL80211_CMD_SET_WIPHY);
7516
7517	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7518	if (nl80211_put_freq_params(msg, freq) < 0)
7519		goto nla_put_failure;
7520
7521	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7522	msg = NULL;
7523	if (ret == 0) {
7524		bss->freq = freq->freq;
7525		return 0;
7526	}
7527	wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
7528		   "%d (%s)", freq->freq, ret, strerror(-ret));
7529nla_put_failure:
7530	nlmsg_free(msg);
7531	return -1;
7532}
7533
7534
7535static u32 sta_flags_nl80211(int flags)
7536{
7537	u32 f = 0;
7538
7539	if (flags & WPA_STA_AUTHORIZED)
7540		f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
7541	if (flags & WPA_STA_WMM)
7542		f |= BIT(NL80211_STA_FLAG_WME);
7543	if (flags & WPA_STA_SHORT_PREAMBLE)
7544		f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
7545	if (flags & WPA_STA_MFP)
7546		f |= BIT(NL80211_STA_FLAG_MFP);
7547	if (flags & WPA_STA_TDLS_PEER)
7548		f |= BIT(NL80211_STA_FLAG_TDLS_PEER);
7549
7550	return f;
7551}
7552
7553
7554static int wpa_driver_nl80211_sta_add(void *priv,
7555				      struct hostapd_sta_add_params *params)
7556{
7557	struct i802_bss *bss = priv;
7558	struct wpa_driver_nl80211_data *drv = bss->drv;
7559	struct nl_msg *msg;
7560	struct nl80211_sta_flag_update upd;
7561	int ret = -ENOBUFS;
7562
7563	if ((params->flags & WPA_STA_TDLS_PEER) &&
7564	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
7565		return -EOPNOTSUPP;
7566
7567	msg = nlmsg_alloc();
7568	if (!msg)
7569		return -ENOMEM;
7570
7571	wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR,
7572		   params->set ? "Set" : "Add", MAC2STR(params->addr));
7573	nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION :
7574		    NL80211_CMD_NEW_STATION);
7575
7576	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
7577	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
7578	NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
7579		params->supp_rates);
7580	wpa_hexdump(MSG_DEBUG, "  * supported rates", params->supp_rates,
7581		    params->supp_rates_len);
7582	if (!params->set) {
7583		if (params->aid) {
7584			wpa_printf(MSG_DEBUG, "  * aid=%u", params->aid);
7585			NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
7586		} else {
7587			/*
7588			 * cfg80211 validates that AID is non-zero, so we have
7589			 * to make this a non-zero value for the TDLS case where
7590			 * a dummy STA entry is used for now.
7591			 */
7592			wpa_printf(MSG_DEBUG, "  * aid=1 (TDLS workaround)");
7593			NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, 1);
7594		}
7595		wpa_printf(MSG_DEBUG, "  * listen_interval=%u",
7596			   params->listen_interval);
7597		NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
7598			    params->listen_interval);
7599	} else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) {
7600		wpa_printf(MSG_DEBUG, "  * peer_aid=%u", params->aid);
7601		NLA_PUT_U16(msg, NL80211_ATTR_PEER_AID, params->aid);
7602	}
7603	if (params->ht_capabilities) {
7604		wpa_hexdump(MSG_DEBUG, "  * ht_capabilities",
7605			    (u8 *) params->ht_capabilities,
7606			    sizeof(*params->ht_capabilities));
7607		NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
7608			sizeof(*params->ht_capabilities),
7609			params->ht_capabilities);
7610	}
7611
7612	if (params->vht_capabilities) {
7613		wpa_hexdump(MSG_DEBUG, "  * vht_capabilities",
7614			    (u8 *) params->vht_capabilities,
7615			    sizeof(*params->vht_capabilities));
7616		NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY,
7617			sizeof(*params->vht_capabilities),
7618			params->vht_capabilities);
7619	}
7620
7621	if (params->vht_opmode_enabled) {
7622		wpa_printf(MSG_DEBUG, "  * opmode=%u", params->vht_opmode);
7623		NLA_PUT_U8(msg, NL80211_ATTR_OPMODE_NOTIF,
7624			   params->vht_opmode);
7625	}
7626
7627	wpa_printf(MSG_DEBUG, "  * capability=0x%x", params->capability);
7628	NLA_PUT_U16(msg, NL80211_ATTR_STA_CAPABILITY, params->capability);
7629
7630	if (params->ext_capab) {
7631		wpa_hexdump(MSG_DEBUG, "  * ext_capab",
7632			    params->ext_capab, params->ext_capab_len);
7633		NLA_PUT(msg, NL80211_ATTR_STA_EXT_CAPABILITY,
7634			params->ext_capab_len, params->ext_capab);
7635	}
7636
7637	if (params->supp_channels) {
7638		wpa_hexdump(MSG_DEBUG, "  * supported channels",
7639			    params->supp_channels, params->supp_channels_len);
7640		NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_CHANNELS,
7641			params->supp_channels_len, params->supp_channels);
7642	}
7643
7644	if (params->supp_oper_classes) {
7645		wpa_hexdump(MSG_DEBUG, "  * supported operating classes",
7646			    params->supp_oper_classes,
7647			    params->supp_oper_classes_len);
7648		NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES,
7649			params->supp_oper_classes_len,
7650			params->supp_oper_classes);
7651	}
7652
7653	os_memset(&upd, 0, sizeof(upd));
7654	upd.mask = sta_flags_nl80211(params->flags);
7655	upd.set = upd.mask;
7656	wpa_printf(MSG_DEBUG, "  * flags set=0x%x mask=0x%x",
7657		   upd.set, upd.mask);
7658	NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
7659
7660	if (params->flags & WPA_STA_WMM) {
7661		struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME);
7662
7663		if (!wme)
7664			goto nla_put_failure;
7665
7666		wpa_printf(MSG_DEBUG, "  * qosinfo=0x%x", params->qosinfo);
7667		NLA_PUT_U8(msg, NL80211_STA_WME_UAPSD_QUEUES,
7668				params->qosinfo & WMM_QOSINFO_STA_AC_MASK);
7669		NLA_PUT_U8(msg, NL80211_STA_WME_MAX_SP,
7670				(params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) &
7671				WMM_QOSINFO_STA_SP_MASK);
7672		nla_nest_end(msg, wme);
7673	}
7674
7675	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7676	msg = NULL;
7677	if (ret)
7678		wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION "
7679			   "result: %d (%s)", params->set ? "SET" : "NEW", ret,
7680			   strerror(-ret));
7681	if (ret == -EEXIST)
7682		ret = 0;
7683 nla_put_failure:
7684	nlmsg_free(msg);
7685	return ret;
7686}
7687
7688
7689static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr)
7690{
7691	struct wpa_driver_nl80211_data *drv = bss->drv;
7692	struct nl_msg *msg;
7693	int ret;
7694
7695	msg = nlmsg_alloc();
7696	if (!msg)
7697		return -ENOMEM;
7698
7699	nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION);
7700
7701	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
7702		    if_nametoindex(bss->ifname));
7703	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7704
7705	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7706	wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR
7707		   " --> %d (%s)",
7708		   bss->ifname, MAC2STR(addr), ret, strerror(-ret));
7709	if (ret == -ENOENT)
7710		return 0;
7711	return ret;
7712 nla_put_failure:
7713	nlmsg_free(msg);
7714	return -ENOBUFS;
7715}
7716
7717
7718static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
7719				 int ifidx)
7720{
7721	struct nl_msg *msg;
7722	struct wpa_driver_nl80211_data *drv2;
7723
7724	wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
7725
7726	/* stop listening for EAPOL on this interface */
7727	dl_list_for_each(drv2, &drv->global->interfaces,
7728			 struct wpa_driver_nl80211_data, list)
7729		del_ifidx(drv2, ifidx);
7730
7731	msg = nlmsg_alloc();
7732	if (!msg)
7733		goto nla_put_failure;
7734
7735	nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE);
7736	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
7737
7738	if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
7739		return;
7740	msg = NULL;
7741 nla_put_failure:
7742	nlmsg_free(msg);
7743	wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
7744}
7745
7746
7747static const char * nl80211_iftype_str(enum nl80211_iftype mode)
7748{
7749	switch (mode) {
7750	case NL80211_IFTYPE_ADHOC:
7751		return "ADHOC";
7752	case NL80211_IFTYPE_STATION:
7753		return "STATION";
7754	case NL80211_IFTYPE_AP:
7755		return "AP";
7756	case NL80211_IFTYPE_AP_VLAN:
7757		return "AP_VLAN";
7758	case NL80211_IFTYPE_WDS:
7759		return "WDS";
7760	case NL80211_IFTYPE_MONITOR:
7761		return "MONITOR";
7762	case NL80211_IFTYPE_MESH_POINT:
7763		return "MESH_POINT";
7764	case NL80211_IFTYPE_P2P_CLIENT:
7765		return "P2P_CLIENT";
7766	case NL80211_IFTYPE_P2P_GO:
7767		return "P2P_GO";
7768	case NL80211_IFTYPE_P2P_DEVICE:
7769		return "P2P_DEVICE";
7770	default:
7771		return "unknown";
7772	}
7773}
7774
7775
7776static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
7777				     const char *ifname,
7778				     enum nl80211_iftype iftype,
7779				     const u8 *addr, int wds,
7780				     int (*handler)(struct nl_msg *, void *),
7781				     void *arg)
7782{
7783	struct nl_msg *msg;
7784	int ifidx;
7785	int ret = -ENOBUFS;
7786
7787	wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)",
7788		   iftype, nl80211_iftype_str(iftype));
7789
7790	msg = nlmsg_alloc();
7791	if (!msg)
7792		return -1;
7793
7794	nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE);
7795	if (nl80211_set_iface_id(msg, drv->first_bss) < 0)
7796		goto nla_put_failure;
7797	NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
7798	NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
7799
7800	if (iftype == NL80211_IFTYPE_MONITOR) {
7801		struct nlattr *flags;
7802
7803		flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS);
7804		if (!flags)
7805			goto nla_put_failure;
7806
7807		NLA_PUT_FLAG(msg, NL80211_MNTR_FLAG_COOK_FRAMES);
7808
7809		nla_nest_end(msg, flags);
7810	} else if (wds) {
7811		NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds);
7812	}
7813
7814	/*
7815	 * Tell cfg80211 that the interface belongs to the socket that created
7816	 * it, and the interface should be deleted when the socket is closed.
7817	 */
7818	NLA_PUT_FLAG(msg, NL80211_ATTR_IFACE_SOCKET_OWNER);
7819
7820	ret = send_and_recv_msgs(drv, msg, handler, arg);
7821	msg = NULL;
7822	if (ret) {
7823 nla_put_failure:
7824		nlmsg_free(msg);
7825		wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
7826			   ifname, ret, strerror(-ret));
7827		return ret;
7828	}
7829
7830	if (iftype == NL80211_IFTYPE_P2P_DEVICE)
7831		return 0;
7832
7833	ifidx = if_nametoindex(ifname);
7834	wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
7835		   ifname, ifidx);
7836
7837	if (ifidx <= 0)
7838		return -1;
7839
7840	/*
7841	 * Some virtual interfaces need to process EAPOL packets and events on
7842	 * the parent interface. This is used mainly with hostapd.
7843	 */
7844	if (drv->hostapd ||
7845	    iftype == NL80211_IFTYPE_AP_VLAN ||
7846	    iftype == NL80211_IFTYPE_WDS ||
7847	    iftype == NL80211_IFTYPE_MONITOR) {
7848		/* start listening for EAPOL on this interface */
7849		add_ifidx(drv, ifidx);
7850	}
7851
7852	if (addr && iftype != NL80211_IFTYPE_MONITOR &&
7853	    linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) {
7854		nl80211_remove_iface(drv, ifidx);
7855		return -1;
7856	}
7857
7858	return ifidx;
7859}
7860
7861
7862static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
7863				const char *ifname, enum nl80211_iftype iftype,
7864				const u8 *addr, int wds,
7865				int (*handler)(struct nl_msg *, void *),
7866				void *arg, int use_existing)
7867{
7868	int ret;
7869
7870	ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler,
7871					arg);
7872
7873	/* if error occurred and interface exists already */
7874	if (ret == -ENFILE && if_nametoindex(ifname)) {
7875		if (use_existing) {
7876			wpa_printf(MSG_DEBUG, "nl80211: Continue using existing interface %s",
7877				   ifname);
7878			if (addr && iftype != NL80211_IFTYPE_MONITOR &&
7879			    linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
7880					       addr) < 0 &&
7881			    (linux_set_iface_flags(drv->global->ioctl_sock,
7882						   ifname, 0) < 0 ||
7883			     linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
7884						addr) < 0 ||
7885			     linux_set_iface_flags(drv->global->ioctl_sock,
7886						   ifname, 1) < 0))
7887					return -1;
7888			return -ENFILE;
7889		}
7890		wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
7891
7892		/* Try to remove the interface that was already there. */
7893		nl80211_remove_iface(drv, if_nametoindex(ifname));
7894
7895		/* Try to create the interface again */
7896		ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
7897						wds, handler, arg);
7898	}
7899
7900	if (ret >= 0 && is_p2p_net_interface(iftype))
7901		nl80211_disable_11b_rates(drv, ret, 1);
7902
7903	return ret;
7904}
7905
7906
7907static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
7908{
7909	struct ieee80211_hdr *hdr;
7910	u16 fc;
7911	union wpa_event_data event;
7912
7913	hdr = (struct ieee80211_hdr *) buf;
7914	fc = le_to_host16(hdr->frame_control);
7915
7916	os_memset(&event, 0, sizeof(event));
7917	event.tx_status.type = WLAN_FC_GET_TYPE(fc);
7918	event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
7919	event.tx_status.dst = hdr->addr1;
7920	event.tx_status.data = buf;
7921	event.tx_status.data_len = len;
7922	event.tx_status.ack = ok;
7923	wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event);
7924}
7925
7926
7927static void from_unknown_sta(struct wpa_driver_nl80211_data *drv,
7928			     u8 *buf, size_t len)
7929{
7930	struct ieee80211_hdr *hdr = (void *)buf;
7931	u16 fc;
7932	union wpa_event_data event;
7933
7934	if (len < sizeof(*hdr))
7935		return;
7936
7937	fc = le_to_host16(hdr->frame_control);
7938
7939	os_memset(&event, 0, sizeof(event));
7940	event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len);
7941	event.rx_from_unknown.addr = hdr->addr2;
7942	event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) ==
7943		(WLAN_FC_FROMDS | WLAN_FC_TODS);
7944	wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
7945}
7946
7947
7948static void handle_frame(struct wpa_driver_nl80211_data *drv,
7949			 u8 *buf, size_t len, int datarate, int ssi_signal)
7950{
7951	struct ieee80211_hdr *hdr;
7952	u16 fc;
7953	union wpa_event_data event;
7954
7955	hdr = (struct ieee80211_hdr *) buf;
7956	fc = le_to_host16(hdr->frame_control);
7957
7958	switch (WLAN_FC_GET_TYPE(fc)) {
7959	case WLAN_FC_TYPE_MGMT:
7960		os_memset(&event, 0, sizeof(event));
7961		event.rx_mgmt.frame = buf;
7962		event.rx_mgmt.frame_len = len;
7963		event.rx_mgmt.datarate = datarate;
7964		event.rx_mgmt.ssi_signal = ssi_signal;
7965		wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
7966		break;
7967	case WLAN_FC_TYPE_CTRL:
7968		/* can only get here with PS-Poll frames */
7969		wpa_printf(MSG_DEBUG, "CTRL");
7970		from_unknown_sta(drv, buf, len);
7971		break;
7972	case WLAN_FC_TYPE_DATA:
7973		from_unknown_sta(drv, buf, len);
7974		break;
7975	}
7976}
7977
7978
7979static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
7980{
7981	struct wpa_driver_nl80211_data *drv = eloop_ctx;
7982	int len;
7983	unsigned char buf[3000];
7984	struct ieee80211_radiotap_iterator iter;
7985	int ret;
7986	int datarate = 0, ssi_signal = 0;
7987	int injected = 0, failed = 0, rxflags = 0;
7988
7989	len = recv(sock, buf, sizeof(buf), 0);
7990	if (len < 0) {
7991		wpa_printf(MSG_ERROR, "nl80211: Monitor socket recv failed: %s",
7992			   strerror(errno));
7993		return;
7994	}
7995
7996	if (ieee80211_radiotap_iterator_init(&iter, (void *) buf, len, NULL)) {
7997		wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame");
7998		return;
7999	}
8000
8001	while (1) {
8002		ret = ieee80211_radiotap_iterator_next(&iter);
8003		if (ret == -ENOENT)
8004			break;
8005		if (ret) {
8006			wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame (%d)",
8007				   ret);
8008			return;
8009		}
8010		switch (iter.this_arg_index) {
8011		case IEEE80211_RADIOTAP_FLAGS:
8012			if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
8013				len -= 4;
8014			break;
8015		case IEEE80211_RADIOTAP_RX_FLAGS:
8016			rxflags = 1;
8017			break;
8018		case IEEE80211_RADIOTAP_TX_FLAGS:
8019			injected = 1;
8020			failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
8021					IEEE80211_RADIOTAP_F_TX_FAIL;
8022			break;
8023		case IEEE80211_RADIOTAP_DATA_RETRIES:
8024			break;
8025		case IEEE80211_RADIOTAP_CHANNEL:
8026			/* TODO: convert from freq/flags to channel number */
8027			break;
8028		case IEEE80211_RADIOTAP_RATE:
8029			datarate = *iter.this_arg * 5;
8030			break;
8031		case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
8032			ssi_signal = (s8) *iter.this_arg;
8033			break;
8034		}
8035	}
8036
8037	if (rxflags && injected)
8038		return;
8039
8040	if (!injected)
8041		handle_frame(drv, buf + iter._max_length,
8042			     len - iter._max_length, datarate, ssi_signal);
8043	else
8044		handle_tx_callback(drv->ctx, buf + iter._max_length,
8045				   len - iter._max_length, !failed);
8046}
8047
8048
8049/*
8050 * we post-process the filter code later and rewrite
8051 * this to the offset to the last instruction
8052 */
8053#define PASS	0xFF
8054#define FAIL	0xFE
8055
8056static struct sock_filter msock_filter_insns[] = {
8057	/*
8058	 * do a little-endian load of the radiotap length field
8059	 */
8060	/* load lower byte into A */
8061	BPF_STMT(BPF_LD  | BPF_B | BPF_ABS, 2),
8062	/* put it into X (== index register) */
8063	BPF_STMT(BPF_MISC| BPF_TAX, 0),
8064	/* load upper byte into A */
8065	BPF_STMT(BPF_LD  | BPF_B | BPF_ABS, 3),
8066	/* left-shift it by 8 */
8067	BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
8068	/* or with X */
8069	BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
8070	/* put result into X */
8071	BPF_STMT(BPF_MISC| BPF_TAX, 0),
8072
8073	/*
8074	 * Allow management frames through, this also gives us those
8075	 * management frames that we sent ourselves with status
8076	 */
8077	/* load the lower byte of the IEEE 802.11 frame control field */
8078	BPF_STMT(BPF_LD  | BPF_B | BPF_IND, 0),
8079	/* mask off frame type and version */
8080	BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
8081	/* accept frame if it's both 0, fall through otherwise */
8082	BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
8083
8084	/*
8085	 * TODO: add a bit to radiotap RX flags that indicates
8086	 * that the sending station is not associated, then
8087	 * add a filter here that filters on our DA and that flag
8088	 * to allow us to deauth frames to that bad station.
8089	 *
8090	 * For now allow all To DS data frames through.
8091	 */
8092	/* load the IEEE 802.11 frame control field */
8093	BPF_STMT(BPF_LD  | BPF_H | BPF_IND, 0),
8094	/* mask off frame type, version and DS status */
8095	BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03),
8096	/* accept frame if version 0, type 2 and To DS, fall through otherwise
8097	 */
8098	BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0),
8099
8100#if 0
8101	/*
8102	 * drop non-data frames
8103	 */
8104	/* load the lower byte of the frame control field */
8105	BPF_STMT(BPF_LD   | BPF_B | BPF_IND, 0),
8106	/* mask off QoS bit */
8107	BPF_STMT(BPF_ALU  | BPF_AND | BPF_K, 0x0c),
8108	/* drop non-data frames */
8109	BPF_JUMP(BPF_JMP  | BPF_JEQ | BPF_K, 8, 0, FAIL),
8110#endif
8111	/* load the upper byte of the frame control field */
8112	BPF_STMT(BPF_LD   | BPF_B | BPF_IND, 1),
8113	/* mask off toDS/fromDS */
8114	BPF_STMT(BPF_ALU  | BPF_AND | BPF_K, 0x03),
8115	/* accept WDS frames */
8116	BPF_JUMP(BPF_JMP  | BPF_JEQ | BPF_K, 3, PASS, 0),
8117
8118	/*
8119	 * add header length to index
8120	 */
8121	/* load the lower byte of the frame control field */
8122	BPF_STMT(BPF_LD   | BPF_B | BPF_IND, 0),
8123	/* mask off QoS bit */
8124	BPF_STMT(BPF_ALU  | BPF_AND | BPF_K, 0x80),
8125	/* right shift it by 6 to give 0 or 2 */
8126	BPF_STMT(BPF_ALU  | BPF_RSH | BPF_K, 6),
8127	/* add data frame header length */
8128	BPF_STMT(BPF_ALU  | BPF_ADD | BPF_K, 24),
8129	/* add index, was start of 802.11 header */
8130	BPF_STMT(BPF_ALU  | BPF_ADD | BPF_X, 0),
8131	/* move to index, now start of LL header */
8132	BPF_STMT(BPF_MISC | BPF_TAX, 0),
8133
8134	/*
8135	 * Accept empty data frames, we use those for
8136	 * polling activity.
8137	 */
8138	BPF_STMT(BPF_LD  | BPF_W | BPF_LEN, 0),
8139	BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
8140
8141	/*
8142	 * Accept EAPOL frames
8143	 */
8144	BPF_STMT(BPF_LD  | BPF_W | BPF_IND, 0),
8145	BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
8146	BPF_STMT(BPF_LD  | BPF_W | BPF_IND, 4),
8147	BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
8148
8149	/* keep these last two statements or change the code below */
8150	/* return 0 == "DROP" */
8151	BPF_STMT(BPF_RET | BPF_K, 0),
8152	/* return ~0 == "keep all" */
8153	BPF_STMT(BPF_RET | BPF_K, ~0),
8154};
8155
8156static struct sock_fprog msock_filter = {
8157	.len = ARRAY_SIZE(msock_filter_insns),
8158	.filter = msock_filter_insns,
8159};
8160
8161
8162static int add_monitor_filter(int s)
8163{
8164	int idx;
8165
8166	/* rewrite all PASS/FAIL jump offsets */
8167	for (idx = 0; idx < msock_filter.len; idx++) {
8168		struct sock_filter *insn = &msock_filter_insns[idx];
8169
8170		if (BPF_CLASS(insn->code) == BPF_JMP) {
8171			if (insn->code == (BPF_JMP|BPF_JA)) {
8172				if (insn->k == PASS)
8173					insn->k = msock_filter.len - idx - 2;
8174				else if (insn->k == FAIL)
8175					insn->k = msock_filter.len - idx - 3;
8176			}
8177
8178			if (insn->jt == PASS)
8179				insn->jt = msock_filter.len - idx - 2;
8180			else if (insn->jt == FAIL)
8181				insn->jt = msock_filter.len - idx - 3;
8182
8183			if (insn->jf == PASS)
8184				insn->jf = msock_filter.len - idx - 2;
8185			else if (insn->jf == FAIL)
8186				insn->jf = msock_filter.len - idx - 3;
8187		}
8188	}
8189
8190	if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
8191		       &msock_filter, sizeof(msock_filter))) {
8192		wpa_printf(MSG_ERROR, "nl80211: setsockopt(SO_ATTACH_FILTER) failed: %s",
8193			   strerror(errno));
8194		return -1;
8195	}
8196
8197	return 0;
8198}
8199
8200
8201static void nl80211_remove_monitor_interface(
8202	struct wpa_driver_nl80211_data *drv)
8203{
8204	if (drv->monitor_refcount > 0)
8205		drv->monitor_refcount--;
8206	wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface: refcount=%d",
8207		   drv->monitor_refcount);
8208	if (drv->monitor_refcount > 0)
8209		return;
8210
8211	if (drv->monitor_ifidx >= 0) {
8212		nl80211_remove_iface(drv, drv->monitor_ifidx);
8213		drv->monitor_ifidx = -1;
8214	}
8215	if (drv->monitor_sock >= 0) {
8216		eloop_unregister_read_sock(drv->monitor_sock);
8217		close(drv->monitor_sock);
8218		drv->monitor_sock = -1;
8219	}
8220}
8221
8222
8223static int
8224nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
8225{
8226	char buf[IFNAMSIZ];
8227	struct sockaddr_ll ll;
8228	int optval;
8229	socklen_t optlen;
8230
8231	if (drv->monitor_ifidx >= 0) {
8232		drv->monitor_refcount++;
8233		wpa_printf(MSG_DEBUG, "nl80211: Re-use existing monitor interface: refcount=%d",
8234			   drv->monitor_refcount);
8235		return 0;
8236	}
8237
8238	if (os_strncmp(drv->first_bss->ifname, "p2p-", 4) == 0) {
8239		/*
8240		 * P2P interface name is of the format p2p-%s-%d. For monitor
8241		 * interface name corresponding to P2P GO, replace "p2p-" with
8242		 * "mon-" to retain the same interface name length and to
8243		 * indicate that it is a monitor interface.
8244		 */
8245		snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss->ifname + 4);
8246	} else {
8247		/* Non-P2P interface with AP functionality. */
8248		snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss->ifname);
8249	}
8250
8251	buf[IFNAMSIZ - 1] = '\0';
8252
8253	drv->monitor_ifidx =
8254		nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL,
8255				     0, NULL, NULL, 0);
8256
8257	if (drv->monitor_ifidx == -EOPNOTSUPP) {
8258		/*
8259		 * This is backward compatibility for a few versions of
8260		 * the kernel only that didn't advertise the right
8261		 * attributes for the only driver that then supported
8262		 * AP mode w/o monitor -- ath6kl.
8263		 */
8264		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support "
8265			   "monitor interface type - try to run without it");
8266		drv->device_ap_sme = 1;
8267	}
8268
8269	if (drv->monitor_ifidx < 0)
8270		return -1;
8271
8272	if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1))
8273		goto error;
8274
8275	memset(&ll, 0, sizeof(ll));
8276	ll.sll_family = AF_PACKET;
8277	ll.sll_ifindex = drv->monitor_ifidx;
8278	drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
8279	if (drv->monitor_sock < 0) {
8280		wpa_printf(MSG_ERROR, "nl80211: socket[PF_PACKET,SOCK_RAW] failed: %s",
8281			   strerror(errno));
8282		goto error;
8283	}
8284
8285	if (add_monitor_filter(drv->monitor_sock)) {
8286		wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
8287			   "interface; do filtering in user space");
8288		/* This works, but will cost in performance. */
8289	}
8290
8291	if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
8292		wpa_printf(MSG_ERROR, "nl80211: monitor socket bind failed: %s",
8293			   strerror(errno));
8294		goto error;
8295	}
8296
8297	optlen = sizeof(optval);
8298	optval = 20;
8299	if (setsockopt
8300	    (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
8301		wpa_printf(MSG_ERROR, "nl80211: Failed to set socket priority: %s",
8302			   strerror(errno));
8303		goto error;
8304	}
8305
8306	if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
8307				     drv, NULL)) {
8308		wpa_printf(MSG_INFO, "nl80211: Could not register monitor read socket");
8309		goto error;
8310	}
8311
8312	drv->monitor_refcount++;
8313	return 0;
8314 error:
8315	nl80211_remove_monitor_interface(drv);
8316	return -1;
8317}
8318
8319
8320static int nl80211_setup_ap(struct i802_bss *bss)
8321{
8322	struct wpa_driver_nl80211_data *drv = bss->drv;
8323
8324	wpa_printf(MSG_DEBUG, "nl80211: Setup AP(%s) - device_ap_sme=%d use_monitor=%d",
8325		   bss->ifname, drv->device_ap_sme, drv->use_monitor);
8326
8327	/*
8328	 * Disable Probe Request reporting unless we need it in this way for
8329	 * devices that include the AP SME, in the other case (unless using
8330	 * monitor iface) we'll get it through the nl_mgmt socket instead.
8331	 */
8332	if (!drv->device_ap_sme)
8333		wpa_driver_nl80211_probe_req_report(bss, 0);
8334
8335	if (!drv->device_ap_sme && !drv->use_monitor)
8336		if (nl80211_mgmt_subscribe_ap(bss))
8337			return -1;
8338
8339	if (drv->device_ap_sme && !drv->use_monitor)
8340		if (nl80211_mgmt_subscribe_ap_dev_sme(bss))
8341			return -1;
8342
8343	if (!drv->device_ap_sme && drv->use_monitor &&
8344	    nl80211_create_monitor_interface(drv) &&
8345	    !drv->device_ap_sme)
8346		return -1;
8347
8348	if (drv->device_ap_sme &&
8349	    wpa_driver_nl80211_probe_req_report(bss, 1) < 0) {
8350		wpa_printf(MSG_DEBUG, "nl80211: Failed to enable "
8351			   "Probe Request frame reporting in AP mode");
8352		/* Try to survive without this */
8353	}
8354
8355	return 0;
8356}
8357
8358
8359static void nl80211_teardown_ap(struct i802_bss *bss)
8360{
8361	struct wpa_driver_nl80211_data *drv = bss->drv;
8362
8363	wpa_printf(MSG_DEBUG, "nl80211: Teardown AP(%s) - device_ap_sme=%d use_monitor=%d",
8364		   bss->ifname, drv->device_ap_sme, drv->use_monitor);
8365	if (drv->device_ap_sme) {
8366		wpa_driver_nl80211_probe_req_report(bss, 0);
8367		if (!drv->use_monitor)
8368			nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)");
8369	} else if (drv->use_monitor)
8370		nl80211_remove_monitor_interface(drv);
8371	else
8372		nl80211_mgmt_unsubscribe(bss, "AP teardown");
8373
8374	bss->beacon_set = 0;
8375}
8376
8377
8378static int nl80211_send_eapol_data(struct i802_bss *bss,
8379				   const u8 *addr, const u8 *data,
8380				   size_t data_len)
8381{
8382	struct sockaddr_ll ll;
8383	int ret;
8384
8385	if (bss->drv->eapol_tx_sock < 0) {
8386		wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL");
8387		return -1;
8388	}
8389
8390	os_memset(&ll, 0, sizeof(ll));
8391	ll.sll_family = AF_PACKET;
8392	ll.sll_ifindex = bss->ifindex;
8393	ll.sll_protocol = htons(ETH_P_PAE);
8394	ll.sll_halen = ETH_ALEN;
8395	os_memcpy(ll.sll_addr, addr, ETH_ALEN);
8396	ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0,
8397		     (struct sockaddr *) &ll, sizeof(ll));
8398	if (ret < 0)
8399		wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s",
8400			   strerror(errno));
8401
8402	return ret;
8403}
8404
8405
8406static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
8407
8408static int wpa_driver_nl80211_hapd_send_eapol(
8409	void *priv, const u8 *addr, const u8 *data,
8410	size_t data_len, int encrypt, const u8 *own_addr, u32 flags)
8411{
8412	struct i802_bss *bss = priv;
8413	struct wpa_driver_nl80211_data *drv = bss->drv;
8414	struct ieee80211_hdr *hdr;
8415	size_t len;
8416	u8 *pos;
8417	int res;
8418	int qos = flags & WPA_STA_WMM;
8419
8420	if (drv->device_ap_sme || !drv->use_monitor)
8421		return nl80211_send_eapol_data(bss, addr, data, data_len);
8422
8423	len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
8424		data_len;
8425	hdr = os_zalloc(len);
8426	if (hdr == NULL) {
8427		wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)",
8428			   (unsigned long) len);
8429		return -1;
8430	}
8431
8432	hdr->frame_control =
8433		IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
8434	hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
8435	if (encrypt)
8436		hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
8437	if (qos) {
8438		hdr->frame_control |=
8439			host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
8440	}
8441
8442	memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
8443	memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
8444	memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
8445	pos = (u8 *) (hdr + 1);
8446
8447	if (qos) {
8448		/* Set highest priority in QoS header */
8449		pos[0] = 7;
8450		pos[1] = 0;
8451		pos += 2;
8452	}
8453
8454	memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
8455	pos += sizeof(rfc1042_header);
8456	WPA_PUT_BE16(pos, ETH_P_PAE);
8457	pos += 2;
8458	memcpy(pos, data, data_len);
8459
8460	res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0,
8461					    0, 0, 0, 0);
8462	if (res < 0) {
8463		wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
8464			   "failed: %d (%s)",
8465			   (unsigned long) len, errno, strerror(errno));
8466	}
8467	os_free(hdr);
8468
8469	return res;
8470}
8471
8472
8473static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
8474					    int total_flags,
8475					    int flags_or, int flags_and)
8476{
8477	struct i802_bss *bss = priv;
8478	struct wpa_driver_nl80211_data *drv = bss->drv;
8479	struct nl_msg *msg;
8480	struct nlattr *flags;
8481	struct nl80211_sta_flag_update upd;
8482
8483	msg = nlmsg_alloc();
8484	if (!msg)
8485		return -ENOMEM;
8486
8487	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
8488
8489	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
8490		    if_nametoindex(bss->ifname));
8491	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
8492
8493	/*
8494	 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
8495	 * can be removed eventually.
8496	 */
8497	flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS);
8498	if (!flags)
8499		goto nla_put_failure;
8500	if (total_flags & WPA_STA_AUTHORIZED)
8501		NLA_PUT_FLAG(msg, NL80211_STA_FLAG_AUTHORIZED);
8502
8503	if (total_flags & WPA_STA_WMM)
8504		NLA_PUT_FLAG(msg, NL80211_STA_FLAG_WME);
8505
8506	if (total_flags & WPA_STA_SHORT_PREAMBLE)
8507		NLA_PUT_FLAG(msg, NL80211_STA_FLAG_SHORT_PREAMBLE);
8508
8509	if (total_flags & WPA_STA_MFP)
8510		NLA_PUT_FLAG(msg, NL80211_STA_FLAG_MFP);
8511
8512	if (total_flags & WPA_STA_TDLS_PEER)
8513		NLA_PUT_FLAG(msg, NL80211_STA_FLAG_TDLS_PEER);
8514
8515	nla_nest_end(msg, flags);
8516
8517	os_memset(&upd, 0, sizeof(upd));
8518	upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
8519	upd.set = sta_flags_nl80211(flags_or);
8520	NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
8521
8522	return send_and_recv_msgs(drv, msg, NULL, NULL);
8523 nla_put_failure:
8524	nlmsg_free(msg);
8525	return -ENOBUFS;
8526}
8527
8528
8529static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
8530				 struct wpa_driver_associate_params *params)
8531{
8532	enum nl80211_iftype nlmode, old_mode;
8533	struct hostapd_freq_params freq = {
8534		.freq = params->freq,
8535	};
8536
8537	if (params->p2p) {
8538		wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P "
8539			   "group (GO)");
8540		nlmode = NL80211_IFTYPE_P2P_GO;
8541	} else
8542		nlmode = NL80211_IFTYPE_AP;
8543
8544	old_mode = drv->nlmode;
8545	if (wpa_driver_nl80211_set_mode(drv->first_bss, nlmode)) {
8546		nl80211_remove_monitor_interface(drv);
8547		return -1;
8548	}
8549
8550	if (nl80211_set_channel(drv->first_bss, &freq, 0)) {
8551		if (old_mode != nlmode)
8552			wpa_driver_nl80211_set_mode(drv->first_bss, old_mode);
8553		nl80211_remove_monitor_interface(drv);
8554		return -1;
8555	}
8556
8557	return 0;
8558}
8559
8560
8561static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
8562{
8563	struct nl_msg *msg;
8564	int ret = -1;
8565
8566	msg = nlmsg_alloc();
8567	if (!msg)
8568		return -1;
8569
8570	nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS);
8571	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
8572	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8573	msg = NULL;
8574	if (ret) {
8575		wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
8576			   "(%s)", ret, strerror(-ret));
8577		goto nla_put_failure;
8578	}
8579
8580	ret = 0;
8581	wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully");
8582
8583nla_put_failure:
8584	if (wpa_driver_nl80211_set_mode(drv->first_bss,
8585					NL80211_IFTYPE_STATION)) {
8586		wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
8587			   "station mode");
8588	}
8589
8590	nlmsg_free(msg);
8591	return ret;
8592}
8593
8594
8595static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
8596				   struct wpa_driver_associate_params *params)
8597{
8598	struct nl_msg *msg;
8599	int ret = -1;
8600	int count = 0;
8601
8602	wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
8603
8604	if (wpa_driver_nl80211_set_mode_ibss(drv->first_bss, params->freq)) {
8605		wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
8606			   "IBSS mode");
8607		return -1;
8608	}
8609
8610retry:
8611	msg = nlmsg_alloc();
8612	if (!msg)
8613		return -1;
8614
8615	nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS);
8616	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
8617
8618	if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
8619		goto nla_put_failure;
8620
8621	wpa_hexdump_ascii(MSG_DEBUG, "  * SSID",
8622			  params->ssid, params->ssid_len);
8623	NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
8624		params->ssid);
8625	os_memcpy(drv->ssid, params->ssid, params->ssid_len);
8626	drv->ssid_len = params->ssid_len;
8627
8628	wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq);
8629	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
8630
8631	if (params->beacon_int > 0) {
8632		wpa_printf(MSG_DEBUG, "  * beacon_int=%d", params->beacon_int);
8633		NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL,
8634			    params->beacon_int);
8635	}
8636
8637	ret = nl80211_set_conn_keys(params, msg);
8638	if (ret)
8639		goto nla_put_failure;
8640
8641	if (params->bssid && params->fixed_bssid) {
8642		wpa_printf(MSG_DEBUG, "  * BSSID=" MACSTR,
8643			   MAC2STR(params->bssid));
8644		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
8645	}
8646
8647	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
8648	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
8649	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
8650	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) {
8651		wpa_printf(MSG_DEBUG, "  * control port");
8652		NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
8653	}
8654
8655	if (params->wpa_ie) {
8656		wpa_hexdump(MSG_DEBUG,
8657			    "  * Extra IEs for Beacon/Probe Response frames",
8658			    params->wpa_ie, params->wpa_ie_len);
8659		NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
8660			params->wpa_ie);
8661	}
8662
8663	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8664	msg = NULL;
8665	if (ret) {
8666		wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
8667			   ret, strerror(-ret));
8668		count++;
8669		if (ret == -EALREADY && count == 1) {
8670			wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
8671				   "forced leave");
8672			nl80211_leave_ibss(drv);
8673			nlmsg_free(msg);
8674			goto retry;
8675		}
8676
8677		goto nla_put_failure;
8678	}
8679	ret = 0;
8680	wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully");
8681
8682nla_put_failure:
8683	nlmsg_free(msg);
8684	return ret;
8685}
8686
8687
8688static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
8689				  struct wpa_driver_associate_params *params,
8690				  struct nl_msg *msg)
8691{
8692	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
8693
8694	if (params->bssid) {
8695		wpa_printf(MSG_DEBUG, "  * bssid=" MACSTR,
8696			   MAC2STR(params->bssid));
8697		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
8698	}
8699
8700	if (params->bssid_hint) {
8701		wpa_printf(MSG_DEBUG, "  * bssid_hint=" MACSTR,
8702			   MAC2STR(params->bssid_hint));
8703		NLA_PUT(msg, NL80211_ATTR_MAC_HINT, ETH_ALEN,
8704			params->bssid_hint);
8705	}
8706
8707	if (params->freq) {
8708		wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq);
8709		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
8710		drv->assoc_freq = params->freq;
8711	} else
8712		drv->assoc_freq = 0;
8713
8714	if (params->freq_hint) {
8715		wpa_printf(MSG_DEBUG, "  * freq_hint=%d", params->freq_hint);
8716		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ_HINT,
8717			    params->freq_hint);
8718	}
8719
8720	if (params->bg_scan_period >= 0) {
8721		wpa_printf(MSG_DEBUG, "  * bg scan period=%d",
8722			   params->bg_scan_period);
8723		NLA_PUT_U16(msg, NL80211_ATTR_BG_SCAN_PERIOD,
8724			    params->bg_scan_period);
8725	}
8726
8727	if (params->ssid) {
8728		wpa_hexdump_ascii(MSG_DEBUG, "  * SSID",
8729				  params->ssid, params->ssid_len);
8730		NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
8731			params->ssid);
8732		if (params->ssid_len > sizeof(drv->ssid))
8733			goto nla_put_failure;
8734		os_memcpy(drv->ssid, params->ssid, params->ssid_len);
8735		drv->ssid_len = params->ssid_len;
8736	}
8737
8738	wpa_hexdump(MSG_DEBUG, "  * IEs", params->wpa_ie, params->wpa_ie_len);
8739	if (params->wpa_ie)
8740		NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
8741			params->wpa_ie);
8742
8743	if (params->wpa_proto) {
8744		enum nl80211_wpa_versions ver = 0;
8745
8746		if (params->wpa_proto & WPA_PROTO_WPA)
8747			ver |= NL80211_WPA_VERSION_1;
8748		if (params->wpa_proto & WPA_PROTO_RSN)
8749			ver |= NL80211_WPA_VERSION_2;
8750
8751		wpa_printf(MSG_DEBUG, "  * WPA Versions 0x%x", ver);
8752		NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
8753	}
8754
8755	if (params->pairwise_suite != WPA_CIPHER_NONE) {
8756		u32 cipher = wpa_cipher_to_cipher_suite(params->pairwise_suite);
8757		wpa_printf(MSG_DEBUG, "  * pairwise=0x%x", cipher);
8758		NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
8759	}
8760
8761	if (params->group_suite == WPA_CIPHER_GTK_NOT_USED &&
8762	    !(drv->capa.enc & WPA_DRIVER_CAPA_ENC_GTK_NOT_USED)) {
8763		/*
8764		 * This is likely to work even though many drivers do not
8765		 * advertise support for operations without GTK.
8766		 */
8767		wpa_printf(MSG_DEBUG, "  * skip group cipher configuration for GTK_NOT_USED due to missing driver support advertisement");
8768	} else if (params->group_suite != WPA_CIPHER_NONE) {
8769		u32 cipher = wpa_cipher_to_cipher_suite(params->group_suite);
8770		wpa_printf(MSG_DEBUG, "  * group=0x%x", cipher);
8771		NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
8772	}
8773
8774	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
8775	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
8776	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X ||
8777	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK ||
8778	    params->key_mgmt_suite == WPA_KEY_MGMT_CCKM ||
8779	    params->key_mgmt_suite == WPA_KEY_MGMT_OSEN ||
8780	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
8781	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) {
8782		int mgmt = WLAN_AKM_SUITE_PSK;
8783
8784		switch (params->key_mgmt_suite) {
8785		case WPA_KEY_MGMT_CCKM:
8786			mgmt = WLAN_AKM_SUITE_CCKM;
8787			break;
8788		case WPA_KEY_MGMT_IEEE8021X:
8789			mgmt = WLAN_AKM_SUITE_8021X;
8790			break;
8791		case WPA_KEY_MGMT_FT_IEEE8021X:
8792			mgmt = WLAN_AKM_SUITE_FT_8021X;
8793			break;
8794		case WPA_KEY_MGMT_FT_PSK:
8795			mgmt = WLAN_AKM_SUITE_FT_PSK;
8796			break;
8797		case WPA_KEY_MGMT_IEEE8021X_SHA256:
8798			mgmt = WLAN_AKM_SUITE_8021X_SHA256;
8799			break;
8800		case WPA_KEY_MGMT_PSK_SHA256:
8801			mgmt = WLAN_AKM_SUITE_PSK_SHA256;
8802			break;
8803		case WPA_KEY_MGMT_OSEN:
8804			mgmt = WLAN_AKM_SUITE_OSEN;
8805			break;
8806		case WPA_KEY_MGMT_PSK:
8807		default:
8808			mgmt = WLAN_AKM_SUITE_PSK;
8809			break;
8810		}
8811		wpa_printf(MSG_DEBUG, "  * akm=0x%x", mgmt);
8812		NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt);
8813	}
8814
8815	NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
8816
8817	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED)
8818		NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
8819
8820	if (params->disable_ht)
8821		NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT);
8822
8823	if (params->htcaps && params->htcaps_mask) {
8824		int sz = sizeof(struct ieee80211_ht_capabilities);
8825		wpa_hexdump(MSG_DEBUG, "  * htcaps", params->htcaps, sz);
8826		NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps);
8827		wpa_hexdump(MSG_DEBUG, "  * htcaps_mask",
8828			    params->htcaps_mask, sz);
8829		NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz,
8830			params->htcaps_mask);
8831	}
8832
8833#ifdef CONFIG_VHT_OVERRIDES
8834	if (params->disable_vht) {
8835		wpa_printf(MSG_DEBUG, "  * VHT disabled");
8836		NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_VHT);
8837	}
8838
8839	if (params->vhtcaps && params->vhtcaps_mask) {
8840		int sz = sizeof(struct ieee80211_vht_capabilities);
8841		wpa_hexdump(MSG_DEBUG, "  * vhtcaps", params->vhtcaps, sz);
8842		NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, sz, params->vhtcaps);
8843		wpa_hexdump(MSG_DEBUG, "  * vhtcaps_mask",
8844			    params->vhtcaps_mask, sz);
8845		NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz,
8846			params->vhtcaps_mask);
8847	}
8848#endif /* CONFIG_VHT_OVERRIDES */
8849
8850	if (params->p2p)
8851		wpa_printf(MSG_DEBUG, "  * P2P group");
8852
8853	return 0;
8854nla_put_failure:
8855	return -1;
8856}
8857
8858
8859static int wpa_driver_nl80211_try_connect(
8860	struct wpa_driver_nl80211_data *drv,
8861	struct wpa_driver_associate_params *params)
8862{
8863	struct nl_msg *msg;
8864	enum nl80211_auth_type type;
8865	int ret;
8866	int algs;
8867
8868	msg = nlmsg_alloc();
8869	if (!msg)
8870		return -1;
8871
8872	wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
8873	nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT);
8874
8875	ret = nl80211_connect_common(drv, params, msg);
8876	if (ret)
8877		goto nla_put_failure;
8878
8879	algs = 0;
8880	if (params->auth_alg & WPA_AUTH_ALG_OPEN)
8881		algs++;
8882	if (params->auth_alg & WPA_AUTH_ALG_SHARED)
8883		algs++;
8884	if (params->auth_alg & WPA_AUTH_ALG_LEAP)
8885		algs++;
8886	if (algs > 1) {
8887		wpa_printf(MSG_DEBUG, "  * Leave out Auth Type for automatic "
8888			   "selection");
8889		goto skip_auth_type;
8890	}
8891
8892	if (params->auth_alg & WPA_AUTH_ALG_OPEN)
8893		type = NL80211_AUTHTYPE_OPEN_SYSTEM;
8894	else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
8895		type = NL80211_AUTHTYPE_SHARED_KEY;
8896	else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
8897		type = NL80211_AUTHTYPE_NETWORK_EAP;
8898	else if (params->auth_alg & WPA_AUTH_ALG_FT)
8899		type = NL80211_AUTHTYPE_FT;
8900	else
8901		goto nla_put_failure;
8902
8903	wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
8904	NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
8905
8906skip_auth_type:
8907	ret = nl80211_set_conn_keys(params, msg);
8908	if (ret)
8909		goto nla_put_failure;
8910
8911	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8912	msg = NULL;
8913	if (ret) {
8914		wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
8915			   "(%s)", ret, strerror(-ret));
8916		goto nla_put_failure;
8917	}
8918	ret = 0;
8919	wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully");
8920
8921nla_put_failure:
8922	nlmsg_free(msg);
8923	return ret;
8924
8925}
8926
8927
8928static int wpa_driver_nl80211_connect(
8929	struct wpa_driver_nl80211_data *drv,
8930	struct wpa_driver_associate_params *params)
8931{
8932	int ret = wpa_driver_nl80211_try_connect(drv, params);
8933	if (ret == -EALREADY) {
8934		/*
8935		 * cfg80211 does not currently accept new connections if
8936		 * we are already connected. As a workaround, force
8937		 * disconnection and try again.
8938		 */
8939		wpa_printf(MSG_DEBUG, "nl80211: Explicitly "
8940			   "disconnecting before reassociation "
8941			   "attempt");
8942		if (wpa_driver_nl80211_disconnect(
8943			    drv, WLAN_REASON_PREV_AUTH_NOT_VALID))
8944			return -1;
8945		ret = wpa_driver_nl80211_try_connect(drv, params);
8946	}
8947	return ret;
8948}
8949
8950
8951static int wpa_driver_nl80211_associate(
8952	void *priv, struct wpa_driver_associate_params *params)
8953{
8954	struct i802_bss *bss = priv;
8955	struct wpa_driver_nl80211_data *drv = bss->drv;
8956	int ret;
8957	struct nl_msg *msg;
8958
8959	if (params->mode == IEEE80211_MODE_AP)
8960		return wpa_driver_nl80211_ap(drv, params);
8961
8962	if (params->mode == IEEE80211_MODE_IBSS)
8963		return wpa_driver_nl80211_ibss(drv, params);
8964
8965	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
8966		enum nl80211_iftype nlmode = params->p2p ?
8967			NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
8968
8969		if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
8970			return -1;
8971		return wpa_driver_nl80211_connect(drv, params);
8972	}
8973
8974	nl80211_mark_disconnected(drv);
8975
8976	msg = nlmsg_alloc();
8977	if (!msg)
8978		return -1;
8979
8980	wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
8981		   drv->ifindex);
8982	nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE);
8983
8984	ret = nl80211_connect_common(drv, params, msg);
8985	if (ret)
8986		goto nla_put_failure;
8987
8988	if (params->prev_bssid) {
8989		wpa_printf(MSG_DEBUG, "  * prev_bssid=" MACSTR,
8990			   MAC2STR(params->prev_bssid));
8991		NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
8992			params->prev_bssid);
8993	}
8994
8995	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8996	msg = NULL;
8997	if (ret) {
8998		wpa_dbg(drv->ctx, MSG_DEBUG,
8999			"nl80211: MLME command failed (assoc): ret=%d (%s)",
9000			ret, strerror(-ret));
9001		nl80211_dump_scan(drv);
9002		goto nla_put_failure;
9003	}
9004	ret = 0;
9005	wpa_printf(MSG_DEBUG, "nl80211: Association request send "
9006		   "successfully");
9007
9008nla_put_failure:
9009	nlmsg_free(msg);
9010	return ret;
9011}
9012
9013
9014static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
9015			    int ifindex, enum nl80211_iftype mode)
9016{
9017	struct nl_msg *msg;
9018	int ret = -ENOBUFS;
9019
9020	wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)",
9021		   ifindex, mode, nl80211_iftype_str(mode));
9022
9023	msg = nlmsg_alloc();
9024	if (!msg)
9025		return -ENOMEM;
9026
9027	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE);
9028	if (nl80211_set_iface_id(msg, drv->first_bss) < 0)
9029		goto nla_put_failure;
9030	NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
9031
9032	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9033	msg = NULL;
9034	if (!ret)
9035		return 0;
9036nla_put_failure:
9037	nlmsg_free(msg);
9038	wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
9039		   " %d (%s)", ifindex, mode, ret, strerror(-ret));
9040	return ret;
9041}
9042
9043
9044static int wpa_driver_nl80211_set_mode_impl(
9045		struct i802_bss *bss,
9046		enum nl80211_iftype nlmode,
9047		struct hostapd_freq_params *desired_freq_params)
9048{
9049	struct wpa_driver_nl80211_data *drv = bss->drv;
9050	int ret = -1;
9051	int i;
9052	int was_ap = is_ap_interface(drv->nlmode);
9053	int res;
9054	int mode_switch_res;
9055
9056	mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode);
9057	if (mode_switch_res && nlmode == nl80211_get_ifmode(bss))
9058		mode_switch_res = 0;
9059
9060	if (mode_switch_res == 0) {
9061		drv->nlmode = nlmode;
9062		ret = 0;
9063		goto done;
9064	}
9065
9066	if (mode_switch_res == -ENODEV)
9067		return -1;
9068
9069	if (nlmode == drv->nlmode) {
9070		wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
9071			   "requested mode - ignore error");
9072		ret = 0;
9073		goto done; /* Already in the requested mode */
9074	}
9075
9076	/* mac80211 doesn't allow mode changes while the device is up, so
9077	 * take the device down, try to set the mode again, and bring the
9078	 * device back up.
9079	 */
9080	wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
9081		   "interface down");
9082	for (i = 0; i < 10; i++) {
9083		res = i802_set_iface_flags(bss, 0);
9084		if (res == -EACCES || res == -ENODEV)
9085			break;
9086		if (res != 0) {
9087			wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
9088				   "interface down");
9089			os_sleep(0, 100000);
9090			continue;
9091		}
9092
9093		/*
9094		 * Setting the mode will fail for some drivers if the phy is
9095		 * on a frequency that the mode is disallowed in.
9096		 */
9097		if (desired_freq_params) {
9098			res = i802_set_freq(bss, desired_freq_params);
9099			if (res) {
9100				wpa_printf(MSG_DEBUG,
9101					   "nl80211: Failed to set frequency on interface");
9102			}
9103		}
9104
9105		/* Try to set the mode again while the interface is down */
9106		mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode);
9107		if (mode_switch_res == -EBUSY) {
9108			wpa_printf(MSG_DEBUG,
9109				   "nl80211: Delaying mode set while interface going down");
9110			os_sleep(0, 100000);
9111			continue;
9112		}
9113		ret = mode_switch_res;
9114		break;
9115	}
9116
9117	if (!ret) {
9118		wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
9119			   "interface is down");
9120		drv->nlmode = nlmode;
9121		drv->ignore_if_down_event = 1;
9122	}
9123
9124	/* Bring the interface back up */
9125	res = linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1);
9126	if (res != 0) {
9127		wpa_printf(MSG_DEBUG,
9128			   "nl80211: Failed to set interface up after switching mode");
9129		ret = -1;
9130	}
9131
9132done:
9133	if (ret) {
9134		wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
9135			   "from %d failed", nlmode, drv->nlmode);
9136		return ret;
9137	}
9138
9139	if (is_p2p_net_interface(nlmode))
9140		nl80211_disable_11b_rates(drv, drv->ifindex, 1);
9141	else if (drv->disabled_11b_rates)
9142		nl80211_disable_11b_rates(drv, drv->ifindex, 0);
9143
9144	if (is_ap_interface(nlmode)) {
9145		nl80211_mgmt_unsubscribe(bss, "start AP");
9146		/* Setup additional AP mode functionality if needed */
9147		if (nl80211_setup_ap(bss))
9148			return -1;
9149	} else if (was_ap) {
9150		/* Remove additional AP mode functionality */
9151		nl80211_teardown_ap(bss);
9152	} else {
9153		nl80211_mgmt_unsubscribe(bss, "mode change");
9154	}
9155
9156	if (!bss->in_deinit && !is_ap_interface(nlmode) &&
9157	    nl80211_mgmt_subscribe_non_ap(bss) < 0)
9158		wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
9159			   "frame processing - ignore for now");
9160
9161	return 0;
9162}
9163
9164
9165static int dfs_info_handler(struct nl_msg *msg, void *arg)
9166{
9167	struct nlattr *tb[NL80211_ATTR_MAX + 1];
9168	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9169	int *dfs_capability_ptr = arg;
9170
9171	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
9172		  genlmsg_attrlen(gnlh, 0), NULL);
9173
9174	if (tb[NL80211_ATTR_VENDOR_DATA]) {
9175		struct nlattr *nl_vend = tb[NL80211_ATTR_VENDOR_DATA];
9176		struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1];
9177
9178		nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX,
9179			  nla_data(nl_vend), nla_len(nl_vend), NULL);
9180
9181		if (tb_vendor[QCA_WLAN_VENDOR_ATTR_DFS]) {
9182			u32 val;
9183			val = nla_get_u32(tb_vendor[QCA_WLAN_VENDOR_ATTR_DFS]);
9184			wpa_printf(MSG_DEBUG, "nl80211: DFS offload capability: %u",
9185				   val);
9186			*dfs_capability_ptr = val;
9187		}
9188	}
9189
9190	return NL_SKIP;
9191}
9192
9193
9194static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
9195				       enum nl80211_iftype nlmode)
9196{
9197	return wpa_driver_nl80211_set_mode_impl(bss, nlmode, NULL);
9198}
9199
9200
9201static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss, int freq)
9202{
9203	struct hostapd_freq_params freq_params;
9204	os_memset(&freq_params, 0, sizeof(freq_params));
9205	freq_params.freq = freq;
9206	return wpa_driver_nl80211_set_mode_impl(bss, NL80211_IFTYPE_ADHOC,
9207						&freq_params);
9208}
9209
9210
9211static int wpa_driver_nl80211_get_capa(void *priv,
9212				       struct wpa_driver_capa *capa)
9213{
9214	struct i802_bss *bss = priv;
9215	struct wpa_driver_nl80211_data *drv = bss->drv;
9216	struct nl_msg *msg;
9217	int dfs_capability = 0;
9218	int ret = 0;
9219
9220	if (!drv->has_capability)
9221		return -1;
9222	os_memcpy(capa, &drv->capa, sizeof(*capa));
9223	if (drv->extended_capa && drv->extended_capa_mask) {
9224		capa->extended_capa = drv->extended_capa;
9225		capa->extended_capa_mask = drv->extended_capa_mask;
9226		capa->extended_capa_len = drv->extended_capa_len;
9227	}
9228
9229	if ((capa->flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
9230	    !drv->allow_p2p_device) {
9231		wpa_printf(MSG_DEBUG, "nl80211: Do not indicate P2P_DEVICE support (p2p_device=1 driver param not specified)");
9232		capa->flags &= ~WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE;
9233	}
9234
9235	if (drv->dfs_vendor_cmd_avail == 1) {
9236		msg = nlmsg_alloc();
9237		if (!msg)
9238			return -ENOMEM;
9239
9240		nl80211_cmd(drv, msg, 0, NL80211_CMD_VENDOR);
9241
9242		NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
9243		NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA);
9244		NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_SUBCMD,
9245			    QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY);
9246
9247		ret = send_and_recv_msgs(drv, msg, dfs_info_handler,
9248					 &dfs_capability);
9249		if (!ret) {
9250			if (dfs_capability)
9251				capa->flags |= WPA_DRIVER_FLAGS_DFS_OFFLOAD;
9252		}
9253	}
9254
9255	return ret;
9256
9257 nla_put_failure:
9258	nlmsg_free(msg);
9259	return -ENOBUFS;
9260}
9261
9262
9263static int wpa_driver_nl80211_set_operstate(void *priv, int state)
9264{
9265	struct i802_bss *bss = priv;
9266	struct wpa_driver_nl80211_data *drv = bss->drv;
9267
9268	wpa_printf(MSG_DEBUG, "nl80211: Set %s operstate %d->%d (%s)",
9269		   bss->ifname, drv->operstate, state,
9270		   state ? "UP" : "DORMANT");
9271	drv->operstate = state;
9272	return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1,
9273				      state ? IF_OPER_UP : IF_OPER_DORMANT);
9274}
9275
9276
9277static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
9278{
9279	struct i802_bss *bss = priv;
9280	struct wpa_driver_nl80211_data *drv = bss->drv;
9281	struct nl_msg *msg;
9282	struct nl80211_sta_flag_update upd;
9283	int ret = -ENOBUFS;
9284
9285	if (!drv->associated && is_zero_ether_addr(drv->bssid) && !authorized) {
9286		wpa_printf(MSG_DEBUG, "nl80211: Skip set_supp_port(unauthorized) while not associated");
9287		return 0;
9288	}
9289
9290	wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for "
9291		   MACSTR, authorized ? "" : "un", MAC2STR(drv->bssid));
9292
9293	msg = nlmsg_alloc();
9294	if (!msg)
9295		return -ENOMEM;
9296
9297	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
9298
9299	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
9300		    if_nametoindex(bss->ifname));
9301	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
9302
9303	os_memset(&upd, 0, sizeof(upd));
9304	upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
9305	if (authorized)
9306		upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
9307	NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
9308
9309	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9310	msg = NULL;
9311	if (!ret)
9312		return 0;
9313 nla_put_failure:
9314	nlmsg_free(msg);
9315	wpa_printf(MSG_DEBUG, "nl80211: Failed to set STA flag: %d (%s)",
9316		   ret, strerror(-ret));
9317	return ret;
9318}
9319
9320
9321/* Set kernel driver on given frequency (MHz) */
9322static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
9323{
9324	struct i802_bss *bss = priv;
9325	return nl80211_set_channel(bss, freq, 0);
9326}
9327
9328
9329static inline int min_int(int a, int b)
9330{
9331	if (a < b)
9332		return a;
9333	return b;
9334}
9335
9336
9337static int get_key_handler(struct nl_msg *msg, void *arg)
9338{
9339	struct nlattr *tb[NL80211_ATTR_MAX + 1];
9340	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9341
9342	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
9343		  genlmsg_attrlen(gnlh, 0), NULL);
9344
9345	/*
9346	 * TODO: validate the key index and mac address!
9347	 * Otherwise, there's a race condition as soon as
9348	 * the kernel starts sending key notifications.
9349	 */
9350
9351	if (tb[NL80211_ATTR_KEY_SEQ])
9352		memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
9353		       min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
9354	return NL_SKIP;
9355}
9356
9357
9358static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
9359			   int idx, u8 *seq)
9360{
9361	struct i802_bss *bss = priv;
9362	struct wpa_driver_nl80211_data *drv = bss->drv;
9363	struct nl_msg *msg;
9364
9365	msg = nlmsg_alloc();
9366	if (!msg)
9367		return -ENOMEM;
9368
9369	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY);
9370
9371	if (addr)
9372		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
9373	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
9374	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
9375
9376	memset(seq, 0, 6);
9377
9378	return send_and_recv_msgs(drv, msg, get_key_handler, seq);
9379 nla_put_failure:
9380	nlmsg_free(msg);
9381	return -ENOBUFS;
9382}
9383
9384
9385static int i802_set_rts(void *priv, int rts)
9386{
9387	struct i802_bss *bss = priv;
9388	struct wpa_driver_nl80211_data *drv = bss->drv;
9389	struct nl_msg *msg;
9390	int ret = -ENOBUFS;
9391	u32 val;
9392
9393	msg = nlmsg_alloc();
9394	if (!msg)
9395		return -ENOMEM;
9396
9397	if (rts >= 2347)
9398		val = (u32) -1;
9399	else
9400		val = rts;
9401
9402	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
9403	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
9404	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val);
9405
9406	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9407	msg = NULL;
9408	if (!ret)
9409		return 0;
9410nla_put_failure:
9411	nlmsg_free(msg);
9412	wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
9413		   "%d (%s)", rts, ret, strerror(-ret));
9414	return ret;
9415}
9416
9417
9418static int i802_set_frag(void *priv, int frag)
9419{
9420	struct i802_bss *bss = priv;
9421	struct wpa_driver_nl80211_data *drv = bss->drv;
9422	struct nl_msg *msg;
9423	int ret = -ENOBUFS;
9424	u32 val;
9425
9426	msg = nlmsg_alloc();
9427	if (!msg)
9428		return -ENOMEM;
9429
9430	if (frag >= 2346)
9431		val = (u32) -1;
9432	else
9433		val = frag;
9434
9435	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
9436	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
9437	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val);
9438
9439	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9440	msg = NULL;
9441	if (!ret)
9442		return 0;
9443nla_put_failure:
9444	nlmsg_free(msg);
9445	wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
9446		   "%d: %d (%s)", frag, ret, strerror(-ret));
9447	return ret;
9448}
9449
9450
9451static int i802_flush(void *priv)
9452{
9453	struct i802_bss *bss = priv;
9454	struct wpa_driver_nl80211_data *drv = bss->drv;
9455	struct nl_msg *msg;
9456	int res;
9457
9458	msg = nlmsg_alloc();
9459	if (!msg)
9460		return -1;
9461
9462	wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)",
9463		   bss->ifname);
9464	nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION);
9465
9466	/*
9467	 * XXX: FIX! this needs to flush all VLANs too
9468	 */
9469	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
9470		    if_nametoindex(bss->ifname));
9471
9472	res = send_and_recv_msgs(drv, msg, NULL, NULL);
9473	if (res) {
9474		wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d "
9475			   "(%s)", res, strerror(-res));
9476	}
9477	return res;
9478 nla_put_failure:
9479	nlmsg_free(msg);
9480	return -ENOBUFS;
9481}
9482
9483
9484static int get_sta_handler(struct nl_msg *msg, void *arg)
9485{
9486	struct nlattr *tb[NL80211_ATTR_MAX + 1];
9487	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9488	struct hostap_sta_driver_data *data = arg;
9489	struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
9490	static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
9491		[NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
9492		[NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
9493		[NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
9494		[NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
9495		[NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
9496		[NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 },
9497	};
9498
9499	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
9500		  genlmsg_attrlen(gnlh, 0), NULL);
9501
9502	/*
9503	 * TODO: validate the interface and mac address!
9504	 * Otherwise, there's a race condition as soon as
9505	 * the kernel starts sending station notifications.
9506	 */
9507
9508	if (!tb[NL80211_ATTR_STA_INFO]) {
9509		wpa_printf(MSG_DEBUG, "sta stats missing!");
9510		return NL_SKIP;
9511	}
9512	if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
9513			     tb[NL80211_ATTR_STA_INFO],
9514			     stats_policy)) {
9515		wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
9516		return NL_SKIP;
9517	}
9518
9519	if (stats[NL80211_STA_INFO_INACTIVE_TIME])
9520		data->inactive_msec =
9521			nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
9522	if (stats[NL80211_STA_INFO_RX_BYTES])
9523		data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
9524	if (stats[NL80211_STA_INFO_TX_BYTES])
9525		data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
9526	if (stats[NL80211_STA_INFO_RX_PACKETS])
9527		data->rx_packets =
9528			nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
9529	if (stats[NL80211_STA_INFO_TX_PACKETS])
9530		data->tx_packets =
9531			nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
9532	if (stats[NL80211_STA_INFO_TX_FAILED])
9533		data->tx_retry_failed =
9534			nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]);
9535
9536	return NL_SKIP;
9537}
9538
9539static int i802_read_sta_data(struct i802_bss *bss,
9540			      struct hostap_sta_driver_data *data,
9541			      const u8 *addr)
9542{
9543	struct wpa_driver_nl80211_data *drv = bss->drv;
9544	struct nl_msg *msg;
9545
9546	os_memset(data, 0, sizeof(*data));
9547	msg = nlmsg_alloc();
9548	if (!msg)
9549		return -ENOMEM;
9550
9551	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
9552
9553	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
9554	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
9555
9556	return send_and_recv_msgs(drv, msg, get_sta_handler, data);
9557 nla_put_failure:
9558	nlmsg_free(msg);
9559	return -ENOBUFS;
9560}
9561
9562
9563static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
9564				    int cw_min, int cw_max, int burst_time)
9565{
9566	struct i802_bss *bss = priv;
9567	struct wpa_driver_nl80211_data *drv = bss->drv;
9568	struct nl_msg *msg;
9569	struct nlattr *txq, *params;
9570
9571	msg = nlmsg_alloc();
9572	if (!msg)
9573		return -1;
9574
9575	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
9576
9577	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
9578
9579	txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
9580	if (!txq)
9581		goto nla_put_failure;
9582
9583	/* We are only sending parameters for a single TXQ at a time */
9584	params = nla_nest_start(msg, 1);
9585	if (!params)
9586		goto nla_put_failure;
9587
9588	switch (queue) {
9589	case 0:
9590		NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO);
9591		break;
9592	case 1:
9593		NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI);
9594		break;
9595	case 2:
9596		NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE);
9597		break;
9598	case 3:
9599		NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK);
9600		break;
9601	}
9602	/* Burst time is configured in units of 0.1 msec and TXOP parameter in
9603	 * 32 usec, so need to convert the value here. */
9604	NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
9605	NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
9606	NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
9607	NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
9608
9609	nla_nest_end(msg, params);
9610
9611	nla_nest_end(msg, txq);
9612
9613	if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
9614		return 0;
9615	msg = NULL;
9616 nla_put_failure:
9617	nlmsg_free(msg);
9618	return -1;
9619}
9620
9621
9622static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr,
9623			     const char *ifname, int vlan_id)
9624{
9625	struct wpa_driver_nl80211_data *drv = bss->drv;
9626	struct nl_msg *msg;
9627	int ret = -ENOBUFS;
9628
9629	msg = nlmsg_alloc();
9630	if (!msg)
9631		return -ENOMEM;
9632
9633	wpa_printf(MSG_DEBUG, "nl80211: %s[%d]: set_sta_vlan(" MACSTR
9634		   ", ifname=%s[%d], vlan_id=%d)",
9635		   bss->ifname, if_nametoindex(bss->ifname),
9636		   MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id);
9637	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
9638
9639	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
9640		    if_nametoindex(bss->ifname));
9641	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
9642	NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN,
9643		    if_nametoindex(ifname));
9644
9645	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9646	msg = NULL;
9647	if (ret < 0) {
9648		wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
9649			   MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
9650			   MAC2STR(addr), ifname, vlan_id, ret,
9651			   strerror(-ret));
9652	}
9653 nla_put_failure:
9654	nlmsg_free(msg);
9655	return ret;
9656}
9657
9658
9659static int i802_get_inact_sec(void *priv, const u8 *addr)
9660{
9661	struct hostap_sta_driver_data data;
9662	int ret;
9663
9664	data.inactive_msec = (unsigned long) -1;
9665	ret = i802_read_sta_data(priv, &data, addr);
9666	if (ret || data.inactive_msec == (unsigned long) -1)
9667		return -1;
9668	return data.inactive_msec / 1000;
9669}
9670
9671
9672static int i802_sta_clear_stats(void *priv, const u8 *addr)
9673{
9674#if 0
9675	/* TODO */
9676#endif
9677	return 0;
9678}
9679
9680
9681static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
9682			   int reason)
9683{
9684	struct i802_bss *bss = priv;
9685	struct wpa_driver_nl80211_data *drv = bss->drv;
9686	struct ieee80211_mgmt mgmt;
9687
9688	if (drv->device_ap_sme)
9689		return wpa_driver_nl80211_sta_remove(bss, addr);
9690
9691	memset(&mgmt, 0, sizeof(mgmt));
9692	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
9693					  WLAN_FC_STYPE_DEAUTH);
9694	memcpy(mgmt.da, addr, ETH_ALEN);
9695	memcpy(mgmt.sa, own_addr, ETH_ALEN);
9696	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
9697	mgmt.u.deauth.reason_code = host_to_le16(reason);
9698	return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
9699					    IEEE80211_HDRLEN +
9700					    sizeof(mgmt.u.deauth), 0, 0, 0, 0,
9701					    0);
9702}
9703
9704
9705static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
9706			     int reason)
9707{
9708	struct i802_bss *bss = priv;
9709	struct wpa_driver_nl80211_data *drv = bss->drv;
9710	struct ieee80211_mgmt mgmt;
9711
9712	if (drv->device_ap_sme)
9713		return wpa_driver_nl80211_sta_remove(bss, addr);
9714
9715	memset(&mgmt, 0, sizeof(mgmt));
9716	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
9717					  WLAN_FC_STYPE_DISASSOC);
9718	memcpy(mgmt.da, addr, ETH_ALEN);
9719	memcpy(mgmt.sa, own_addr, ETH_ALEN);
9720	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
9721	mgmt.u.disassoc.reason_code = host_to_le16(reason);
9722	return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
9723					    IEEE80211_HDRLEN +
9724					    sizeof(mgmt.u.disassoc), 0, 0, 0, 0,
9725					    0);
9726}
9727
9728
9729static void dump_ifidx(struct wpa_driver_nl80211_data *drv)
9730{
9731	char buf[200], *pos, *end;
9732	int i, res;
9733
9734	pos = buf;
9735	end = pos + sizeof(buf);
9736
9737	for (i = 0; i < drv->num_if_indices; i++) {
9738		if (!drv->if_indices[i])
9739			continue;
9740		res = os_snprintf(pos, end - pos, " %d", drv->if_indices[i]);
9741		if (res < 0 || res >= end - pos)
9742			break;
9743		pos += res;
9744	}
9745	*pos = '\0';
9746
9747	wpa_printf(MSG_DEBUG, "nl80211: if_indices[%d]:%s",
9748		   drv->num_if_indices, buf);
9749}
9750
9751
9752static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
9753{
9754	int i;
9755	int *old;
9756
9757	wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
9758		   ifidx);
9759	if (have_ifidx(drv, ifidx)) {
9760		wpa_printf(MSG_DEBUG, "nl80211: ifindex %d already in the list",
9761			   ifidx);
9762		return;
9763	}
9764	for (i = 0; i < drv->num_if_indices; i++) {
9765		if (drv->if_indices[i] == 0) {
9766			drv->if_indices[i] = ifidx;
9767			dump_ifidx(drv);
9768			return;
9769		}
9770	}
9771
9772	if (drv->if_indices != drv->default_if_indices)
9773		old = drv->if_indices;
9774	else
9775		old = NULL;
9776
9777	drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1,
9778					   sizeof(int));
9779	if (!drv->if_indices) {
9780		if (!old)
9781			drv->if_indices = drv->default_if_indices;
9782		else
9783			drv->if_indices = old;
9784		wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
9785			   "interfaces");
9786		wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
9787		return;
9788	} else if (!old)
9789		os_memcpy(drv->if_indices, drv->default_if_indices,
9790			  sizeof(drv->default_if_indices));
9791	drv->if_indices[drv->num_if_indices] = ifidx;
9792	drv->num_if_indices++;
9793	dump_ifidx(drv);
9794}
9795
9796
9797static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
9798{
9799	int i;
9800
9801	for (i = 0; i < drv->num_if_indices; i++) {
9802		if (drv->if_indices[i] == ifidx) {
9803			drv->if_indices[i] = 0;
9804			break;
9805		}
9806	}
9807	dump_ifidx(drv);
9808}
9809
9810
9811static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
9812{
9813	int i;
9814
9815	for (i = 0; i < drv->num_if_indices; i++)
9816		if (drv->if_indices[i] == ifidx)
9817			return 1;
9818
9819	return 0;
9820}
9821
9822
9823static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val,
9824			    const char *bridge_ifname, char *ifname_wds)
9825{
9826	struct i802_bss *bss = priv;
9827	struct wpa_driver_nl80211_data *drv = bss->drv;
9828	char name[IFNAMSIZ + 1];
9829
9830	os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
9831	if (ifname_wds)
9832		os_strlcpy(ifname_wds, name, IFNAMSIZ + 1);
9833
9834	wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
9835		   " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
9836	if (val) {
9837		if (!if_nametoindex(name)) {
9838			if (nl80211_create_iface(drv, name,
9839						 NL80211_IFTYPE_AP_VLAN,
9840						 bss->addr, 1, NULL, NULL, 0) <
9841			    0)
9842				return -1;
9843			if (bridge_ifname &&
9844			    linux_br_add_if(drv->global->ioctl_sock,
9845					    bridge_ifname, name) < 0)
9846				return -1;
9847		}
9848		if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) {
9849			wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA "
9850				   "interface %s up", name);
9851		}
9852		return i802_set_sta_vlan(priv, addr, name, 0);
9853	} else {
9854		if (bridge_ifname)
9855			linux_br_del_if(drv->global->ioctl_sock, bridge_ifname,
9856					name);
9857
9858		i802_set_sta_vlan(priv, addr, bss->ifname, 0);
9859		nl80211_remove_iface(drv, if_nametoindex(name));
9860		return 0;
9861	}
9862}
9863
9864
9865static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
9866{
9867	struct wpa_driver_nl80211_data *drv = eloop_ctx;
9868	struct sockaddr_ll lladdr;
9869	unsigned char buf[3000];
9870	int len;
9871	socklen_t fromlen = sizeof(lladdr);
9872
9873	len = recvfrom(sock, buf, sizeof(buf), 0,
9874		       (struct sockaddr *)&lladdr, &fromlen);
9875	if (len < 0) {
9876		wpa_printf(MSG_ERROR, "nl80211: EAPOL recv failed: %s",
9877			   strerror(errno));
9878		return;
9879	}
9880
9881	if (have_ifidx(drv, lladdr.sll_ifindex))
9882		drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
9883}
9884
9885
9886static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
9887			     struct i802_bss *bss,
9888			     const char *brname, const char *ifname)
9889{
9890	int ifindex;
9891	char in_br[IFNAMSIZ];
9892
9893	os_strlcpy(bss->brname, brname, IFNAMSIZ);
9894	ifindex = if_nametoindex(brname);
9895	if (ifindex == 0) {
9896		/*
9897		 * Bridge was configured, but the bridge device does
9898		 * not exist. Try to add it now.
9899		 */
9900		if (linux_br_add(drv->global->ioctl_sock, brname) < 0) {
9901			wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
9902				   "bridge interface %s: %s",
9903				   brname, strerror(errno));
9904			return -1;
9905		}
9906		bss->added_bridge = 1;
9907		add_ifidx(drv, if_nametoindex(brname));
9908	}
9909
9910	if (linux_br_get(in_br, ifname) == 0) {
9911		if (os_strcmp(in_br, brname) == 0)
9912			return 0; /* already in the bridge */
9913
9914		wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
9915			   "bridge %s", ifname, in_br);
9916		if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) <
9917		    0) {
9918			wpa_printf(MSG_ERROR, "nl80211: Failed to "
9919				   "remove interface %s from bridge "
9920				   "%s: %s",
9921				   ifname, brname, strerror(errno));
9922			return -1;
9923		}
9924	}
9925
9926	wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
9927		   ifname, brname);
9928	if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) {
9929		wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s "
9930			   "into bridge %s: %s",
9931			   ifname, brname, strerror(errno));
9932		return -1;
9933	}
9934	bss->added_if_into_bridge = 1;
9935
9936	return 0;
9937}
9938
9939
9940static void *i802_init(struct hostapd_data *hapd,
9941		       struct wpa_init_params *params)
9942{
9943	struct wpa_driver_nl80211_data *drv;
9944	struct i802_bss *bss;
9945	size_t i;
9946	char brname[IFNAMSIZ];
9947	int ifindex, br_ifindex;
9948	int br_added = 0;
9949
9950	bss = wpa_driver_nl80211_drv_init(hapd, params->ifname,
9951					  params->global_priv, 1,
9952					  params->bssid);
9953	if (bss == NULL)
9954		return NULL;
9955
9956	drv = bss->drv;
9957
9958	if (linux_br_get(brname, params->ifname) == 0) {
9959		wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
9960			   params->ifname, brname);
9961		br_ifindex = if_nametoindex(brname);
9962	} else {
9963		brname[0] = '\0';
9964		br_ifindex = 0;
9965	}
9966
9967	for (i = 0; i < params->num_bridge; i++) {
9968		if (params->bridge[i]) {
9969			ifindex = if_nametoindex(params->bridge[i]);
9970			if (ifindex)
9971				add_ifidx(drv, ifindex);
9972			if (ifindex == br_ifindex)
9973				br_added = 1;
9974		}
9975	}
9976	if (!br_added && br_ifindex &&
9977	    (params->num_bridge == 0 || !params->bridge[0]))
9978		add_ifidx(drv, br_ifindex);
9979
9980	/* start listening for EAPOL on the default AP interface */
9981	add_ifidx(drv, drv->ifindex);
9982
9983	if (params->num_bridge && params->bridge[0] &&
9984	    i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0)
9985		goto failed;
9986
9987	drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
9988	if (drv->eapol_sock < 0) {
9989		wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s",
9990			   strerror(errno));
9991		goto failed;
9992	}
9993
9994	if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
9995	{
9996		wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol");
9997		goto failed;
9998	}
9999
10000	if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
10001			       params->own_addr))
10002		goto failed;
10003
10004	memcpy(bss->addr, params->own_addr, ETH_ALEN);
10005
10006	return bss;
10007
10008failed:
10009	wpa_driver_nl80211_deinit(bss);
10010	return NULL;
10011}
10012
10013
10014static void i802_deinit(void *priv)
10015{
10016	struct i802_bss *bss = priv;
10017	wpa_driver_nl80211_deinit(bss);
10018}
10019
10020
10021static enum nl80211_iftype wpa_driver_nl80211_if_type(
10022	enum wpa_driver_if_type type)
10023{
10024	switch (type) {
10025	case WPA_IF_STATION:
10026		return NL80211_IFTYPE_STATION;
10027	case WPA_IF_P2P_CLIENT:
10028	case WPA_IF_P2P_GROUP:
10029		return NL80211_IFTYPE_P2P_CLIENT;
10030	case WPA_IF_AP_VLAN:
10031		return NL80211_IFTYPE_AP_VLAN;
10032	case WPA_IF_AP_BSS:
10033		return NL80211_IFTYPE_AP;
10034	case WPA_IF_P2P_GO:
10035		return NL80211_IFTYPE_P2P_GO;
10036	case WPA_IF_P2P_DEVICE:
10037		return NL80211_IFTYPE_P2P_DEVICE;
10038	}
10039	return -1;
10040}
10041
10042
10043#ifdef CONFIG_P2P
10044
10045static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
10046{
10047	struct wpa_driver_nl80211_data *drv;
10048	dl_list_for_each(drv, &global->interfaces,
10049			 struct wpa_driver_nl80211_data, list) {
10050		if (os_memcmp(addr, drv->first_bss->addr, ETH_ALEN) == 0)
10051			return 1;
10052	}
10053	return 0;
10054}
10055
10056
10057static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv,
10058				      u8 *new_addr)
10059{
10060	unsigned int idx;
10061
10062	if (!drv->global)
10063		return -1;
10064
10065	os_memcpy(new_addr, drv->first_bss->addr, ETH_ALEN);
10066	for (idx = 0; idx < 64; idx++) {
10067		new_addr[0] = drv->first_bss->addr[0] | 0x02;
10068		new_addr[0] ^= idx << 2;
10069		if (!nl80211_addr_in_use(drv->global, new_addr))
10070			break;
10071	}
10072	if (idx == 64)
10073		return -1;
10074
10075	wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address "
10076		   MACSTR, MAC2STR(new_addr));
10077
10078	return 0;
10079}
10080
10081#endif /* CONFIG_P2P */
10082
10083
10084struct wdev_info {
10085	u64 wdev_id;
10086	int wdev_id_set;
10087	u8 macaddr[ETH_ALEN];
10088};
10089
10090static int nl80211_wdev_handler(struct nl_msg *msg, void *arg)
10091{
10092	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
10093	struct nlattr *tb[NL80211_ATTR_MAX + 1];
10094	struct wdev_info *wi = arg;
10095
10096	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
10097		  genlmsg_attrlen(gnlh, 0), NULL);
10098	if (tb[NL80211_ATTR_WDEV]) {
10099		wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
10100		wi->wdev_id_set = 1;
10101	}
10102
10103	if (tb[NL80211_ATTR_MAC])
10104		os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
10105			  ETH_ALEN);
10106
10107	return NL_SKIP;
10108}
10109
10110
10111static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
10112				     const char *ifname, const u8 *addr,
10113				     void *bss_ctx, void **drv_priv,
10114				     char *force_ifname, u8 *if_addr,
10115				     const char *bridge, int use_existing)
10116{
10117	enum nl80211_iftype nlmode;
10118	struct i802_bss *bss = priv;
10119	struct wpa_driver_nl80211_data *drv = bss->drv;
10120	int ifidx;
10121	int added = 1;
10122
10123	if (addr)
10124		os_memcpy(if_addr, addr, ETH_ALEN);
10125	nlmode = wpa_driver_nl80211_if_type(type);
10126	if (nlmode == NL80211_IFTYPE_P2P_DEVICE) {
10127		struct wdev_info p2pdev_info;
10128
10129		os_memset(&p2pdev_info, 0, sizeof(p2pdev_info));
10130		ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
10131					     0, nl80211_wdev_handler,
10132					     &p2pdev_info, use_existing);
10133		if (!p2pdev_info.wdev_id_set || ifidx != 0) {
10134			wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s",
10135				   ifname);
10136			return -1;
10137		}
10138
10139		drv->global->if_add_wdevid = p2pdev_info.wdev_id;
10140		drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set;
10141		if (!is_zero_ether_addr(p2pdev_info.macaddr))
10142			os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN);
10143		wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created",
10144			   ifname,
10145			   (long long unsigned int) p2pdev_info.wdev_id);
10146	} else {
10147		ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
10148					     0, NULL, NULL, use_existing);
10149		if (use_existing && ifidx == -ENFILE) {
10150			added = 0;
10151			ifidx = if_nametoindex(ifname);
10152		} else if (ifidx < 0) {
10153			return -1;
10154		}
10155	}
10156
10157	if (!addr) {
10158		if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
10159			os_memcpy(if_addr, bss->addr, ETH_ALEN);
10160		else if (linux_get_ifhwaddr(drv->global->ioctl_sock,
10161					    bss->ifname, if_addr) < 0) {
10162			if (added)
10163				nl80211_remove_iface(drv, ifidx);
10164			return -1;
10165		}
10166	}
10167
10168#ifdef CONFIG_P2P
10169	if (!addr &&
10170	    (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
10171	     type == WPA_IF_P2P_GO)) {
10172		/* Enforce unique P2P Interface Address */
10173		u8 new_addr[ETH_ALEN];
10174
10175		if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname,
10176				       new_addr) < 0) {
10177			if (added)
10178				nl80211_remove_iface(drv, ifidx);
10179			return -1;
10180		}
10181		if (nl80211_addr_in_use(drv->global, new_addr)) {
10182			wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
10183				   "for P2P group interface");
10184			if (nl80211_p2p_interface_addr(drv, new_addr) < 0) {
10185				if (added)
10186					nl80211_remove_iface(drv, ifidx);
10187				return -1;
10188			}
10189			if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
10190					       new_addr) < 0) {
10191				if (added)
10192					nl80211_remove_iface(drv, ifidx);
10193				return -1;
10194			}
10195		}
10196		os_memcpy(if_addr, new_addr, ETH_ALEN);
10197	}
10198#endif /* CONFIG_P2P */
10199
10200	if (type == WPA_IF_AP_BSS) {
10201		struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss));
10202		if (new_bss == NULL) {
10203			if (added)
10204				nl80211_remove_iface(drv, ifidx);
10205			return -1;
10206		}
10207
10208		if (bridge &&
10209		    i802_check_bridge(drv, new_bss, bridge, ifname) < 0) {
10210			wpa_printf(MSG_ERROR, "nl80211: Failed to add the new "
10211				   "interface %s to a bridge %s",
10212				   ifname, bridge);
10213			if (added)
10214				nl80211_remove_iface(drv, ifidx);
10215			os_free(new_bss);
10216			return -1;
10217		}
10218
10219		if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1))
10220		{
10221			if (added)
10222				nl80211_remove_iface(drv, ifidx);
10223			os_free(new_bss);
10224			return -1;
10225		}
10226		os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
10227		os_memcpy(new_bss->addr, if_addr, ETH_ALEN);
10228		new_bss->ifindex = ifidx;
10229		new_bss->drv = drv;
10230		new_bss->next = drv->first_bss->next;
10231		new_bss->freq = drv->first_bss->freq;
10232		new_bss->ctx = bss_ctx;
10233		new_bss->added_if = added;
10234		drv->first_bss->next = new_bss;
10235		if (drv_priv)
10236			*drv_priv = new_bss;
10237		nl80211_init_bss(new_bss);
10238
10239		/* Subscribe management frames for this WPA_IF_AP_BSS */
10240		if (nl80211_setup_ap(new_bss))
10241			return -1;
10242	}
10243
10244	if (drv->global)
10245		drv->global->if_add_ifindex = ifidx;
10246
10247	/*
10248	 * Some virtual interfaces need to process EAPOL packets and events on
10249	 * the parent interface. This is used mainly with hostapd.
10250	 */
10251	if (ifidx > 0 &&
10252	    (drv->hostapd ||
10253	     nlmode == NL80211_IFTYPE_AP_VLAN ||
10254	     nlmode == NL80211_IFTYPE_WDS ||
10255	     nlmode == NL80211_IFTYPE_MONITOR))
10256		add_ifidx(drv, ifidx);
10257
10258	return 0;
10259}
10260
10261
10262static int wpa_driver_nl80211_if_remove(struct i802_bss *bss,
10263					enum wpa_driver_if_type type,
10264					const char *ifname)
10265{
10266	struct wpa_driver_nl80211_data *drv = bss->drv;
10267	int ifindex = if_nametoindex(ifname);
10268
10269	wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d added_if=%d",
10270		   __func__, type, ifname, ifindex, bss->added_if);
10271	if (ifindex > 0 && (bss->added_if || bss->ifindex != ifindex))
10272		nl80211_remove_iface(drv, ifindex);
10273	else if (ifindex > 0 && !bss->added_if) {
10274		struct wpa_driver_nl80211_data *drv2;
10275		dl_list_for_each(drv2, &drv->global->interfaces,
10276				 struct wpa_driver_nl80211_data, list)
10277			del_ifidx(drv2, ifindex);
10278	}
10279
10280	if (type != WPA_IF_AP_BSS)
10281		return 0;
10282
10283	if (bss->added_if_into_bridge) {
10284		if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
10285				    bss->ifname) < 0)
10286			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
10287				   "interface %s from bridge %s: %s",
10288				   bss->ifname, bss->brname, strerror(errno));
10289	}
10290	if (bss->added_bridge) {
10291		if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
10292			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
10293				   "bridge %s: %s",
10294				   bss->brname, strerror(errno));
10295	}
10296
10297	if (bss != drv->first_bss) {
10298		struct i802_bss *tbss;
10299
10300		wpa_printf(MSG_DEBUG, "nl80211: Not the first BSS - remove it");
10301		for (tbss = drv->first_bss; tbss; tbss = tbss->next) {
10302			if (tbss->next == bss) {
10303				tbss->next = bss->next;
10304				/* Unsubscribe management frames */
10305				nl80211_teardown_ap(bss);
10306				nl80211_destroy_bss(bss);
10307				if (!bss->added_if)
10308					i802_set_iface_flags(bss, 0);
10309				os_free(bss);
10310				bss = NULL;
10311				break;
10312			}
10313		}
10314		if (bss)
10315			wpa_printf(MSG_INFO, "nl80211: %s - could not find "
10316				   "BSS %p in the list", __func__, bss);
10317	} else {
10318		wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
10319		nl80211_teardown_ap(bss);
10320		if (!bss->added_if && !drv->first_bss->next)
10321			wpa_driver_nl80211_del_beacon(drv);
10322		nl80211_destroy_bss(bss);
10323		if (!bss->added_if)
10324			i802_set_iface_flags(bss, 0);
10325		if (drv->first_bss->next) {
10326			drv->first_bss = drv->first_bss->next;
10327			drv->ctx = drv->first_bss->ctx;
10328			os_free(bss);
10329		} else {
10330			wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to");
10331		}
10332	}
10333
10334	return 0;
10335}
10336
10337
10338static int cookie_handler(struct nl_msg *msg, void *arg)
10339{
10340	struct nlattr *tb[NL80211_ATTR_MAX + 1];
10341	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
10342	u64 *cookie = arg;
10343	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
10344		  genlmsg_attrlen(gnlh, 0), NULL);
10345	if (tb[NL80211_ATTR_COOKIE])
10346		*cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
10347	return NL_SKIP;
10348}
10349
10350
10351static int nl80211_send_frame_cmd(struct i802_bss *bss,
10352				  unsigned int freq, unsigned int wait,
10353				  const u8 *buf, size_t buf_len,
10354				  u64 *cookie_out, int no_cck, int no_ack,
10355				  int offchanok)
10356{
10357	struct wpa_driver_nl80211_data *drv = bss->drv;
10358	struct nl_msg *msg;
10359	u64 cookie;
10360	int ret = -1;
10361
10362	msg = nlmsg_alloc();
10363	if (!msg)
10364		return -1;
10365
10366	wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d "
10367		   "no_ack=%d offchanok=%d",
10368		   freq, wait, no_cck, no_ack, offchanok);
10369	wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len);
10370	nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME);
10371
10372	if (nl80211_set_iface_id(msg, bss) < 0)
10373		goto nla_put_failure;
10374	if (freq)
10375		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
10376	if (wait)
10377		NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait);
10378	if (offchanok && ((drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
10379			  drv->test_use_roc_tx))
10380		NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
10381	if (no_cck)
10382		NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
10383	if (no_ack)
10384		NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK);
10385
10386	NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf);
10387
10388	cookie = 0;
10389	ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
10390	msg = NULL;
10391	if (ret) {
10392		wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d "
10393			   "(%s) (freq=%u wait=%u)", ret, strerror(-ret),
10394			   freq, wait);
10395		goto nla_put_failure;
10396	}
10397	wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; "
10398		   "cookie 0x%llx", no_ack ? " (no ACK)" : "",
10399		   (long long unsigned int) cookie);
10400
10401	if (cookie_out)
10402		*cookie_out = no_ack ? (u64) -1 : cookie;
10403
10404nla_put_failure:
10405	nlmsg_free(msg);
10406	return ret;
10407}
10408
10409
10410static int wpa_driver_nl80211_send_action(struct i802_bss *bss,
10411					  unsigned int freq,
10412					  unsigned int wait_time,
10413					  const u8 *dst, const u8 *src,
10414					  const u8 *bssid,
10415					  const u8 *data, size_t data_len,
10416					  int no_cck)
10417{
10418	struct wpa_driver_nl80211_data *drv = bss->drv;
10419	int ret = -1;
10420	u8 *buf;
10421	struct ieee80211_hdr *hdr;
10422
10423	wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
10424		   "freq=%u MHz wait=%d ms no_cck=%d)",
10425		   drv->ifindex, freq, wait_time, no_cck);
10426
10427	buf = os_zalloc(24 + data_len);
10428	if (buf == NULL)
10429		return ret;
10430	os_memcpy(buf + 24, data, data_len);
10431	hdr = (struct ieee80211_hdr *) buf;
10432	hdr->frame_control =
10433		IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
10434	os_memcpy(hdr->addr1, dst, ETH_ALEN);
10435	os_memcpy(hdr->addr2, src, ETH_ALEN);
10436	os_memcpy(hdr->addr3, bssid, ETH_ALEN);
10437
10438	if (is_ap_interface(drv->nlmode) &&
10439	    (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
10440	     (int) freq == bss->freq || drv->device_ap_sme ||
10441	     !drv->use_monitor))
10442		ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len,
10443						   0, freq, no_cck, 1,
10444						   wait_time);
10445	else
10446		ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
10447					     24 + data_len,
10448					     &drv->send_action_cookie,
10449					     no_cck, 0, 1);
10450
10451	os_free(buf);
10452	return ret;
10453}
10454
10455
10456static void wpa_driver_nl80211_send_action_cancel_wait(void *priv)
10457{
10458	struct i802_bss *bss = priv;
10459	struct wpa_driver_nl80211_data *drv = bss->drv;
10460	struct nl_msg *msg;
10461	int ret;
10462
10463	msg = nlmsg_alloc();
10464	if (!msg)
10465		return;
10466
10467	wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx",
10468		   (long long unsigned int) drv->send_action_cookie);
10469	nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL);
10470
10471	if (nl80211_set_iface_id(msg, bss) < 0)
10472		goto nla_put_failure;
10473	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie);
10474
10475	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
10476	msg = NULL;
10477	if (ret)
10478		wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d "
10479			   "(%s)", ret, strerror(-ret));
10480
10481 nla_put_failure:
10482	nlmsg_free(msg);
10483}
10484
10485
10486static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
10487						unsigned int duration)
10488{
10489	struct i802_bss *bss = priv;
10490	struct wpa_driver_nl80211_data *drv = bss->drv;
10491	struct nl_msg *msg;
10492	int ret;
10493	u64 cookie;
10494
10495	msg = nlmsg_alloc();
10496	if (!msg)
10497		return -1;
10498
10499	nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL);
10500
10501	if (nl80211_set_iface_id(msg, bss) < 0)
10502		goto nla_put_failure;
10503
10504	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
10505	NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
10506
10507	cookie = 0;
10508	ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
10509	msg = NULL;
10510	if (ret == 0) {
10511		wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
10512			   "0x%llx for freq=%u MHz duration=%u",
10513			   (long long unsigned int) cookie, freq, duration);
10514		drv->remain_on_chan_cookie = cookie;
10515		drv->pending_remain_on_chan = 1;
10516		return 0;
10517	}
10518	wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
10519		   "(freq=%d duration=%u): %d (%s)",
10520		   freq, duration, ret, strerror(-ret));
10521nla_put_failure:
10522	nlmsg_free(msg);
10523	return -1;
10524}
10525
10526
10527static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
10528{
10529	struct i802_bss *bss = priv;
10530	struct wpa_driver_nl80211_data *drv = bss->drv;
10531	struct nl_msg *msg;
10532	int ret;
10533
10534	if (!drv->pending_remain_on_chan) {
10535		wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
10536			   "to cancel");
10537		return -1;
10538	}
10539
10540	wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
10541		   "0x%llx",
10542		   (long long unsigned int) drv->remain_on_chan_cookie);
10543
10544	msg = nlmsg_alloc();
10545	if (!msg)
10546		return -1;
10547
10548	nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL);
10549
10550	if (nl80211_set_iface_id(msg, bss) < 0)
10551		goto nla_put_failure;
10552
10553	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie);
10554
10555	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
10556	msg = NULL;
10557	if (ret == 0)
10558		return 0;
10559	wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
10560		   "%d (%s)", ret, strerror(-ret));
10561nla_put_failure:
10562	nlmsg_free(msg);
10563	return -1;
10564}
10565
10566
10567static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report)
10568{
10569	struct wpa_driver_nl80211_data *drv = bss->drv;
10570
10571	if (!report) {
10572		if (bss->nl_preq && drv->device_ap_sme &&
10573		    is_ap_interface(drv->nlmode) && !bss->in_deinit &&
10574		    !bss->static_ap) {
10575			/*
10576			 * Do not disable Probe Request reporting that was
10577			 * enabled in nl80211_setup_ap().
10578			 */
10579			wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of "
10580				   "Probe Request reporting nl_preq=%p while "
10581				   "in AP mode", bss->nl_preq);
10582		} else if (bss->nl_preq) {
10583			wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request "
10584				   "reporting nl_preq=%p", bss->nl_preq);
10585			nl80211_destroy_eloop_handle(&bss->nl_preq);
10586		}
10587		return 0;
10588	}
10589
10590	if (bss->nl_preq) {
10591		wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting "
10592			   "already on! nl_preq=%p", bss->nl_preq);
10593		return 0;
10594	}
10595
10596	bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq");
10597	if (bss->nl_preq == NULL)
10598		return -1;
10599	wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request "
10600		   "reporting nl_preq=%p", bss->nl_preq);
10601
10602	if (nl80211_register_frame(bss, bss->nl_preq,
10603				   (WLAN_FC_TYPE_MGMT << 2) |
10604				   (WLAN_FC_STYPE_PROBE_REQ << 4),
10605				   NULL, 0) < 0)
10606		goto out_err;
10607
10608	nl80211_register_eloop_read(&bss->nl_preq,
10609				    wpa_driver_nl80211_event_receive,
10610				    bss->nl_cb);
10611
10612	return 0;
10613
10614 out_err:
10615	nl_destroy_handles(&bss->nl_preq);
10616	return -1;
10617}
10618
10619
10620static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
10621				     int ifindex, int disabled)
10622{
10623	struct nl_msg *msg;
10624	struct nlattr *bands, *band;
10625	int ret;
10626
10627	msg = nlmsg_alloc();
10628	if (!msg)
10629		return -1;
10630
10631	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK);
10632	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
10633
10634	bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
10635	if (!bands)
10636		goto nla_put_failure;
10637
10638	/*
10639	 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
10640	 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
10641	 * rates. All 5 GHz rates are left enabled.
10642	 */
10643	band = nla_nest_start(msg, NL80211_BAND_2GHZ);
10644	if (!band)
10645		goto nla_put_failure;
10646	if (disabled) {
10647		NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8,
10648			"\x0c\x12\x18\x24\x30\x48\x60\x6c");
10649	}
10650	nla_nest_end(msg, band);
10651
10652	nla_nest_end(msg, bands);
10653
10654	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
10655	msg = NULL;
10656	if (ret) {
10657		wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
10658			   "(%s)", ret, strerror(-ret));
10659	} else
10660		drv->disabled_11b_rates = disabled;
10661
10662	return ret;
10663
10664nla_put_failure:
10665	nlmsg_free(msg);
10666	return -1;
10667}
10668
10669
10670static int wpa_driver_nl80211_deinit_ap(void *priv)
10671{
10672	struct i802_bss *bss = priv;
10673	struct wpa_driver_nl80211_data *drv = bss->drv;
10674	if (!is_ap_interface(drv->nlmode))
10675		return -1;
10676	wpa_driver_nl80211_del_beacon(drv);
10677
10678	/*
10679	 * If the P2P GO interface was dynamically added, then it is
10680	 * possible that the interface change to station is not possible.
10681	 */
10682	if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic)
10683		return 0;
10684
10685	return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
10686}
10687
10688
10689static int wpa_driver_nl80211_stop_ap(void *priv)
10690{
10691	struct i802_bss *bss = priv;
10692	struct wpa_driver_nl80211_data *drv = bss->drv;
10693	if (!is_ap_interface(drv->nlmode))
10694		return -1;
10695	wpa_driver_nl80211_del_beacon(drv);
10696	bss->beacon_set = 0;
10697	return 0;
10698}
10699
10700
10701static int wpa_driver_nl80211_deinit_p2p_cli(void *priv)
10702{
10703	struct i802_bss *bss = priv;
10704	struct wpa_driver_nl80211_data *drv = bss->drv;
10705	if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT)
10706		return -1;
10707
10708	/*
10709	 * If the P2P Client interface was dynamically added, then it is
10710	 * possible that the interface change to station is not possible.
10711	 */
10712	if (bss->if_dynamic)
10713		return 0;
10714
10715	return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
10716}
10717
10718
10719static void wpa_driver_nl80211_resume(void *priv)
10720{
10721	struct i802_bss *bss = priv;
10722
10723	if (i802_set_iface_flags(bss, 1))
10724		wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event");
10725}
10726
10727
10728static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap,
10729				  const u8 *ies, size_t ies_len)
10730{
10731	struct i802_bss *bss = priv;
10732	struct wpa_driver_nl80211_data *drv = bss->drv;
10733	int ret;
10734	u8 *data, *pos;
10735	size_t data_len;
10736	const u8 *own_addr = bss->addr;
10737
10738	if (action != 1) {
10739		wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action "
10740			   "action %d", action);
10741		return -1;
10742	}
10743
10744	/*
10745	 * Action frame payload:
10746	 * Category[1] = 6 (Fast BSS Transition)
10747	 * Action[1] = 1 (Fast BSS Transition Request)
10748	 * STA Address
10749	 * Target AP Address
10750	 * FT IEs
10751	 */
10752
10753	data_len = 2 + 2 * ETH_ALEN + ies_len;
10754	data = os_malloc(data_len);
10755	if (data == NULL)
10756		return -1;
10757	pos = data;
10758	*pos++ = 0x06; /* FT Action category */
10759	*pos++ = action;
10760	os_memcpy(pos, own_addr, ETH_ALEN);
10761	pos += ETH_ALEN;
10762	os_memcpy(pos, target_ap, ETH_ALEN);
10763	pos += ETH_ALEN;
10764	os_memcpy(pos, ies, ies_len);
10765
10766	ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0,
10767					     drv->bssid, own_addr, drv->bssid,
10768					     data, data_len, 0);
10769	os_free(data);
10770
10771	return ret;
10772}
10773
10774
10775static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
10776{
10777	struct i802_bss *bss = priv;
10778	struct wpa_driver_nl80211_data *drv = bss->drv;
10779	struct nl_msg *msg;
10780	struct nlattr *cqm;
10781	int ret = -1;
10782
10783	wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
10784		   "hysteresis=%d", threshold, hysteresis);
10785
10786	msg = nlmsg_alloc();
10787	if (!msg)
10788		return -1;
10789
10790	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM);
10791
10792	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
10793
10794	cqm = nla_nest_start(msg, NL80211_ATTR_CQM);
10795	if (cqm == NULL)
10796		goto nla_put_failure;
10797
10798	NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold);
10799	NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis);
10800	nla_nest_end(msg, cqm);
10801
10802	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
10803	msg = NULL;
10804
10805nla_put_failure:
10806	nlmsg_free(msg);
10807	return ret;
10808}
10809
10810
10811static int get_channel_width(struct nl_msg *msg, void *arg)
10812{
10813	struct nlattr *tb[NL80211_ATTR_MAX + 1];
10814	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
10815	struct wpa_signal_info *sig_change = arg;
10816
10817	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
10818		  genlmsg_attrlen(gnlh, 0), NULL);
10819
10820	sig_change->center_frq1 = -1;
10821	sig_change->center_frq2 = -1;
10822	sig_change->chanwidth = CHAN_WIDTH_UNKNOWN;
10823
10824	if (tb[NL80211_ATTR_CHANNEL_WIDTH]) {
10825		sig_change->chanwidth = convert2width(
10826			nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH]));
10827		if (tb[NL80211_ATTR_CENTER_FREQ1])
10828			sig_change->center_frq1 =
10829				nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
10830		if (tb[NL80211_ATTR_CENTER_FREQ2])
10831			sig_change->center_frq2 =
10832				nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
10833	}
10834
10835	return NL_SKIP;
10836}
10837
10838
10839static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv,
10840				     struct wpa_signal_info *sig)
10841{
10842	struct nl_msg *msg;
10843
10844	msg = nlmsg_alloc();
10845	if (!msg)
10846		return -ENOMEM;
10847
10848	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_INTERFACE);
10849	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
10850
10851	return send_and_recv_msgs(drv, msg, get_channel_width, sig);
10852
10853nla_put_failure:
10854	nlmsg_free(msg);
10855	return -ENOBUFS;
10856}
10857
10858
10859static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si)
10860{
10861	struct i802_bss *bss = priv;
10862	struct wpa_driver_nl80211_data *drv = bss->drv;
10863	int res;
10864
10865	os_memset(si, 0, sizeof(*si));
10866	res = nl80211_get_link_signal(drv, si);
10867	if (res != 0)
10868		return res;
10869
10870	res = nl80211_get_channel_width(drv, si);
10871	if (res != 0)
10872		return res;
10873
10874	return nl80211_get_link_noise(drv, si);
10875}
10876
10877
10878static int wpa_driver_nl80211_shared_freq(void *priv)
10879{
10880	struct i802_bss *bss = priv;
10881	struct wpa_driver_nl80211_data *drv = bss->drv;
10882	struct wpa_driver_nl80211_data *driver;
10883	int freq = 0;
10884
10885	/*
10886	 * If the same PHY is in connected state with some other interface,
10887	 * then retrieve the assoc freq.
10888	 */
10889	wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s",
10890		   drv->phyname);
10891
10892	dl_list_for_each(driver, &drv->global->interfaces,
10893			 struct wpa_driver_nl80211_data, list) {
10894		if (drv == driver ||
10895		    os_strcmp(drv->phyname, driver->phyname) != 0 ||
10896		    !driver->associated)
10897			continue;
10898
10899		wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s "
10900			   MACSTR,
10901			   driver->phyname, driver->first_bss->ifname,
10902			   MAC2STR(driver->first_bss->addr));
10903		if (is_ap_interface(driver->nlmode))
10904			freq = driver->first_bss->freq;
10905		else
10906			freq = nl80211_get_assoc_freq(driver);
10907		wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d",
10908			   drv->phyname, freq);
10909	}
10910
10911	if (!freq)
10912		wpa_printf(MSG_DEBUG, "nl80211: No shared interface for "
10913			   "PHY (%s) in associated state", drv->phyname);
10914
10915	return freq;
10916}
10917
10918
10919static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len,
10920			      int encrypt)
10921{
10922	struct i802_bss *bss = priv;
10923	return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0,
10924					     0, 0, 0, 0);
10925}
10926
10927
10928static int nl80211_set_param(void *priv, const char *param)
10929{
10930	wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param);
10931	if (param == NULL)
10932		return 0;
10933
10934#ifdef CONFIG_P2P
10935	if (os_strstr(param, "use_p2p_group_interface=1")) {
10936		struct i802_bss *bss = priv;
10937		struct wpa_driver_nl80211_data *drv = bss->drv;
10938
10939		wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
10940			   "interface");
10941		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
10942		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
10943	}
10944
10945	if (os_strstr(param, "p2p_device=1")) {
10946		struct i802_bss *bss = priv;
10947		struct wpa_driver_nl80211_data *drv = bss->drv;
10948		drv->allow_p2p_device = 1;
10949	}
10950#endif /* CONFIG_P2P */
10951
10952	if (os_strstr(param, "use_monitor=1")) {
10953		struct i802_bss *bss = priv;
10954		struct wpa_driver_nl80211_data *drv = bss->drv;
10955		drv->use_monitor = 1;
10956	}
10957
10958	if (os_strstr(param, "force_connect_cmd=1")) {
10959		struct i802_bss *bss = priv;
10960		struct wpa_driver_nl80211_data *drv = bss->drv;
10961		drv->capa.flags &= ~WPA_DRIVER_FLAGS_SME;
10962	}
10963
10964	if (os_strstr(param, "no_offchannel_tx=1")) {
10965		struct i802_bss *bss = priv;
10966		struct wpa_driver_nl80211_data *drv = bss->drv;
10967		drv->capa.flags &= ~WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
10968		drv->test_use_roc_tx = 1;
10969	}
10970
10971	return 0;
10972}
10973
10974
10975static void * nl80211_global_init(void)
10976{
10977	struct nl80211_global *global;
10978	struct netlink_config *cfg;
10979
10980	global = os_zalloc(sizeof(*global));
10981	if (global == NULL)
10982		return NULL;
10983	global->ioctl_sock = -1;
10984	dl_list_init(&global->interfaces);
10985	global->if_add_ifindex = -1;
10986
10987	cfg = os_zalloc(sizeof(*cfg));
10988	if (cfg == NULL)
10989		goto err;
10990
10991	cfg->ctx = global;
10992	cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
10993	cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
10994	global->netlink = netlink_init(cfg);
10995	if (global->netlink == NULL) {
10996		os_free(cfg);
10997		goto err;
10998	}
10999
11000	if (wpa_driver_nl80211_init_nl_global(global) < 0)
11001		goto err;
11002
11003	global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
11004	if (global->ioctl_sock < 0) {
11005		wpa_printf(MSG_ERROR, "nl80211: socket(PF_INET,SOCK_DGRAM) failed: %s",
11006			   strerror(errno));
11007		goto err;
11008	}
11009
11010	return global;
11011
11012err:
11013	nl80211_global_deinit(global);
11014	return NULL;
11015}
11016
11017
11018static void nl80211_global_deinit(void *priv)
11019{
11020	struct nl80211_global *global = priv;
11021	if (global == NULL)
11022		return;
11023	if (!dl_list_empty(&global->interfaces)) {
11024		wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at "
11025			   "nl80211_global_deinit",
11026			   dl_list_len(&global->interfaces));
11027	}
11028
11029	if (global->netlink)
11030		netlink_deinit(global->netlink);
11031
11032	nl_destroy_handles(&global->nl);
11033
11034	if (global->nl_event)
11035		nl80211_destroy_eloop_handle(&global->nl_event);
11036
11037	nl_cb_put(global->nl_cb);
11038
11039	if (global->ioctl_sock >= 0)
11040		close(global->ioctl_sock);
11041
11042	os_free(global);
11043}
11044
11045
11046static const char * nl80211_get_radio_name(void *priv)
11047{
11048	struct i802_bss *bss = priv;
11049	struct wpa_driver_nl80211_data *drv = bss->drv;
11050	return drv->phyname;
11051}
11052
11053
11054static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid,
11055			 const u8 *pmkid)
11056{
11057	struct nl_msg *msg;
11058
11059	msg = nlmsg_alloc();
11060	if (!msg)
11061		return -ENOMEM;
11062
11063	nl80211_cmd(bss->drv, msg, 0, cmd);
11064
11065	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
11066	if (pmkid)
11067		NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid);
11068	if (bssid)
11069		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
11070
11071	return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
11072 nla_put_failure:
11073	nlmsg_free(msg);
11074	return -ENOBUFS;
11075}
11076
11077
11078static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
11079{
11080	struct i802_bss *bss = priv;
11081	wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid));
11082	return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid);
11083}
11084
11085
11086static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
11087{
11088	struct i802_bss *bss = priv;
11089	wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR,
11090		   MAC2STR(bssid));
11091	return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid);
11092}
11093
11094
11095static int nl80211_flush_pmkid(void *priv)
11096{
11097	struct i802_bss *bss = priv;
11098	wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs");
11099	return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL);
11100}
11101
11102
11103static void clean_survey_results(struct survey_results *survey_results)
11104{
11105	struct freq_survey *survey, *tmp;
11106
11107	if (dl_list_empty(&survey_results->survey_list))
11108		return;
11109
11110	dl_list_for_each_safe(survey, tmp, &survey_results->survey_list,
11111			      struct freq_survey, list) {
11112		dl_list_del(&survey->list);
11113		os_free(survey);
11114	}
11115}
11116
11117
11118static void add_survey(struct nlattr **sinfo, u32 ifidx,
11119		       struct dl_list *survey_list)
11120{
11121	struct freq_survey *survey;
11122
11123	survey = os_zalloc(sizeof(struct freq_survey));
11124	if  (!survey)
11125		return;
11126
11127	survey->ifidx = ifidx;
11128	survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
11129	survey->filled = 0;
11130
11131	if (sinfo[NL80211_SURVEY_INFO_NOISE]) {
11132		survey->nf = (int8_t)
11133			nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
11134		survey->filled |= SURVEY_HAS_NF;
11135	}
11136
11137	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) {
11138		survey->channel_time =
11139			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]);
11140		survey->filled |= SURVEY_HAS_CHAN_TIME;
11141	}
11142
11143	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) {
11144		survey->channel_time_busy =
11145			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]);
11146		survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY;
11147	}
11148
11149	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) {
11150		survey->channel_time_rx =
11151			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]);
11152		survey->filled |= SURVEY_HAS_CHAN_TIME_RX;
11153	}
11154
11155	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) {
11156		survey->channel_time_tx =
11157			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]);
11158		survey->filled |= SURVEY_HAS_CHAN_TIME_TX;
11159	}
11160
11161	wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)",
11162		   survey->freq,
11163		   survey->nf,
11164		   (unsigned long int) survey->channel_time,
11165		   (unsigned long int) survey->channel_time_busy,
11166		   (unsigned long int) survey->channel_time_tx,
11167		   (unsigned long int) survey->channel_time_rx,
11168		   survey->filled);
11169
11170	dl_list_add_tail(survey_list, &survey->list);
11171}
11172
11173
11174static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq,
11175			   unsigned int freq_filter)
11176{
11177	if (!freq_filter)
11178		return 1;
11179
11180	return freq_filter == surveyed_freq;
11181}
11182
11183
11184static int survey_handler(struct nl_msg *msg, void *arg)
11185{
11186	struct nlattr *tb[NL80211_ATTR_MAX + 1];
11187	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
11188	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
11189	struct survey_results *survey_results;
11190	u32 surveyed_freq = 0;
11191	u32 ifidx;
11192
11193	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
11194		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
11195		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
11196	};
11197
11198	survey_results = (struct survey_results *) arg;
11199
11200	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
11201		  genlmsg_attrlen(gnlh, 0), NULL);
11202
11203	if (!tb[NL80211_ATTR_IFINDEX])
11204		return NL_SKIP;
11205
11206	ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
11207
11208	if (!tb[NL80211_ATTR_SURVEY_INFO])
11209		return NL_SKIP;
11210
11211	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
11212			     tb[NL80211_ATTR_SURVEY_INFO],
11213			     survey_policy))
11214		return NL_SKIP;
11215
11216	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) {
11217		wpa_printf(MSG_ERROR, "nl80211: Invalid survey data");
11218		return NL_SKIP;
11219	}
11220
11221	surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
11222
11223	if (!check_survey_ok(sinfo, surveyed_freq,
11224			     survey_results->freq_filter))
11225		return NL_SKIP;
11226
11227	if (survey_results->freq_filter &&
11228	    survey_results->freq_filter != surveyed_freq) {
11229		wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz",
11230			   surveyed_freq);
11231		return NL_SKIP;
11232	}
11233
11234	add_survey(sinfo, ifidx, &survey_results->survey_list);
11235
11236	return NL_SKIP;
11237}
11238
11239
11240static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq)
11241{
11242	struct i802_bss *bss = priv;
11243	struct wpa_driver_nl80211_data *drv = bss->drv;
11244	struct nl_msg *msg;
11245	int err = -ENOBUFS;
11246	union wpa_event_data data;
11247	struct survey_results *survey_results;
11248
11249	os_memset(&data, 0, sizeof(data));
11250	survey_results = &data.survey_results;
11251
11252	dl_list_init(&survey_results->survey_list);
11253
11254	msg = nlmsg_alloc();
11255	if (!msg)
11256		goto nla_put_failure;
11257
11258	nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
11259
11260	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
11261
11262	if (freq)
11263		data.survey_results.freq_filter = freq;
11264
11265	do {
11266		wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data");
11267		err = send_and_recv_msgs(drv, msg, survey_handler,
11268					 survey_results);
11269	} while (err > 0);
11270
11271	if (err) {
11272		wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data");
11273		goto out_clean;
11274	}
11275
11276	wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data);
11277
11278out_clean:
11279	clean_survey_results(survey_results);
11280nla_put_failure:
11281	return err;
11282}
11283
11284
11285static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck,
11286				   const u8 *replay_ctr)
11287{
11288	struct i802_bss *bss = priv;
11289	struct wpa_driver_nl80211_data *drv = bss->drv;
11290	struct nlattr *replay_nested;
11291	struct nl_msg *msg;
11292
11293	msg = nlmsg_alloc();
11294	if (!msg)
11295		return;
11296
11297	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
11298
11299	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
11300
11301	replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
11302	if (!replay_nested)
11303		goto nla_put_failure;
11304
11305	NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek);
11306	NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck);
11307	NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN,
11308		replay_ctr);
11309
11310	nla_nest_end(msg, replay_nested);
11311
11312	send_and_recv_msgs(drv, msg, NULL, NULL);
11313	return;
11314 nla_put_failure:
11315	nlmsg_free(msg);
11316}
11317
11318
11319static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr,
11320				    const u8 *addr, int qos)
11321{
11322	/* send data frame to poll STA and check whether
11323	 * this frame is ACKed */
11324	struct {
11325		struct ieee80211_hdr hdr;
11326		u16 qos_ctl;
11327	} STRUCT_PACKED nulldata;
11328	size_t size;
11329
11330	/* Send data frame to poll STA and check whether this frame is ACKed */
11331
11332	os_memset(&nulldata, 0, sizeof(nulldata));
11333
11334	if (qos) {
11335		nulldata.hdr.frame_control =
11336			IEEE80211_FC(WLAN_FC_TYPE_DATA,
11337				     WLAN_FC_STYPE_QOS_NULL);
11338		size = sizeof(nulldata);
11339	} else {
11340		nulldata.hdr.frame_control =
11341			IEEE80211_FC(WLAN_FC_TYPE_DATA,
11342				     WLAN_FC_STYPE_NULLFUNC);
11343		size = sizeof(struct ieee80211_hdr);
11344	}
11345
11346	nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS);
11347	os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN);
11348	os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
11349	os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
11350
11351	if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0,
11352					 0, 0) < 0)
11353		wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to "
11354			   "send poll frame");
11355}
11356
11357static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr,
11358				int qos)
11359{
11360	struct i802_bss *bss = priv;
11361	struct wpa_driver_nl80211_data *drv = bss->drv;
11362	struct nl_msg *msg;
11363
11364	if (!drv->poll_command_supported) {
11365		nl80211_send_null_frame(bss, own_addr, addr, qos);
11366		return;
11367	}
11368
11369	msg = nlmsg_alloc();
11370	if (!msg)
11371		return;
11372
11373	nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT);
11374
11375	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
11376	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
11377
11378	send_and_recv_msgs(drv, msg, NULL, NULL);
11379	return;
11380 nla_put_failure:
11381	nlmsg_free(msg);
11382}
11383
11384
11385static int nl80211_set_power_save(struct i802_bss *bss, int enabled)
11386{
11387	struct nl_msg *msg;
11388
11389	msg = nlmsg_alloc();
11390	if (!msg)
11391		return -ENOMEM;
11392
11393	nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE);
11394	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
11395	NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE,
11396		    enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED);
11397	return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
11398nla_put_failure:
11399	nlmsg_free(msg);
11400	return -ENOBUFS;
11401}
11402
11403
11404static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps,
11405				     int ctwindow)
11406{
11407	struct i802_bss *bss = priv;
11408
11409	wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d "
11410		   "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow);
11411
11412	if (opp_ps != -1 || ctwindow != -1) {
11413#ifdef ANDROID_P2P
11414		wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow);
11415#else /* ANDROID_P2P */
11416		return -1; /* Not yet supported */
11417#endif /* ANDROID_P2P */
11418	}
11419
11420	if (legacy_ps == -1)
11421		return 0;
11422	if (legacy_ps != 0 && legacy_ps != 1)
11423		return -1; /* Not yet supported */
11424
11425	return nl80211_set_power_save(bss, legacy_ps);
11426}
11427
11428
11429static int nl80211_start_radar_detection(void *priv,
11430					 struct hostapd_freq_params *freq)
11431{
11432	struct i802_bss *bss = priv;
11433	struct wpa_driver_nl80211_data *drv = bss->drv;
11434	struct nl_msg *msg;
11435	int ret;
11436
11437	wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
11438		   freq->freq, freq->ht_enabled, freq->vht_enabled,
11439		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
11440
11441	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) {
11442		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar "
11443			   "detection");
11444		return -1;
11445	}
11446
11447	msg = nlmsg_alloc();
11448	if (!msg)
11449		return -1;
11450
11451	nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_RADAR_DETECT);
11452	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
11453	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq);
11454
11455	if (freq->vht_enabled) {
11456		switch (freq->bandwidth) {
11457		case 20:
11458			NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
11459				    NL80211_CHAN_WIDTH_20);
11460			break;
11461		case 40:
11462			NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
11463				    NL80211_CHAN_WIDTH_40);
11464			break;
11465		case 80:
11466			if (freq->center_freq2)
11467				NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
11468					    NL80211_CHAN_WIDTH_80P80);
11469			else
11470				NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
11471					    NL80211_CHAN_WIDTH_80);
11472			break;
11473		case 160:
11474			NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
11475				    NL80211_CHAN_WIDTH_160);
11476			break;
11477		default:
11478			return -1;
11479		}
11480		NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1);
11481		if (freq->center_freq2)
11482			NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2,
11483				    freq->center_freq2);
11484	} else if (freq->ht_enabled) {
11485		switch (freq->sec_channel_offset) {
11486		case -1:
11487			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
11488				    NL80211_CHAN_HT40MINUS);
11489			break;
11490		case 1:
11491			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
11492				    NL80211_CHAN_HT40PLUS);
11493			break;
11494		default:
11495			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
11496				    NL80211_CHAN_HT20);
11497			break;
11498		}
11499	}
11500
11501	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
11502	if (ret == 0)
11503		return 0;
11504	wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: "
11505		   "%d (%s)", ret, strerror(-ret));
11506nla_put_failure:
11507	return -1;
11508}
11509
11510#ifdef CONFIG_TDLS
11511
11512static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code,
11513				  u8 dialog_token, u16 status_code,
11514				  u32 peer_capab, const u8 *buf, size_t len)
11515{
11516	struct i802_bss *bss = priv;
11517	struct wpa_driver_nl80211_data *drv = bss->drv;
11518	struct nl_msg *msg;
11519
11520	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
11521		return -EOPNOTSUPP;
11522
11523	if (!dst)
11524		return -EINVAL;
11525
11526	msg = nlmsg_alloc();
11527	if (!msg)
11528		return -ENOMEM;
11529
11530	nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT);
11531	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
11532	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
11533	NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code);
11534	NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token);
11535	NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code);
11536	if (peer_capab) {
11537		/*
11538		 * The internal enum tdls_peer_capability definition is
11539		 * currently identical with the nl80211 enum
11540		 * nl80211_tdls_peer_capability, so no conversion is needed
11541		 * here.
11542		 */
11543		NLA_PUT_U32(msg, NL80211_ATTR_TDLS_PEER_CAPABILITY, peer_capab);
11544	}
11545	NLA_PUT(msg, NL80211_ATTR_IE, len, buf);
11546
11547	return send_and_recv_msgs(drv, msg, NULL, NULL);
11548
11549nla_put_failure:
11550	nlmsg_free(msg);
11551	return -ENOBUFS;
11552}
11553
11554
11555static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer)
11556{
11557	struct i802_bss *bss = priv;
11558	struct wpa_driver_nl80211_data *drv = bss->drv;
11559	struct nl_msg *msg;
11560	enum nl80211_tdls_operation nl80211_oper;
11561
11562	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
11563		return -EOPNOTSUPP;
11564
11565	switch (oper) {
11566	case TDLS_DISCOVERY_REQ:
11567		nl80211_oper = NL80211_TDLS_DISCOVERY_REQ;
11568		break;
11569	case TDLS_SETUP:
11570		nl80211_oper = NL80211_TDLS_SETUP;
11571		break;
11572	case TDLS_TEARDOWN:
11573		nl80211_oper = NL80211_TDLS_TEARDOWN;
11574		break;
11575	case TDLS_ENABLE_LINK:
11576		nl80211_oper = NL80211_TDLS_ENABLE_LINK;
11577		break;
11578	case TDLS_DISABLE_LINK:
11579		nl80211_oper = NL80211_TDLS_DISABLE_LINK;
11580		break;
11581	case TDLS_ENABLE:
11582		return 0;
11583	case TDLS_DISABLE:
11584		return 0;
11585	default:
11586		return -EINVAL;
11587	}
11588
11589	msg = nlmsg_alloc();
11590	if (!msg)
11591		return -ENOMEM;
11592
11593	nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER);
11594	NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper);
11595	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
11596	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer);
11597
11598	return send_and_recv_msgs(drv, msg, NULL, NULL);
11599
11600nla_put_failure:
11601	nlmsg_free(msg);
11602	return -ENOBUFS;
11603}
11604
11605#endif /* CONFIG TDLS */
11606
11607
11608#ifdef ANDROID
11609
11610typedef struct android_wifi_priv_cmd {
11611	char *buf;
11612	int used_len;
11613	int total_len;
11614} android_wifi_priv_cmd;
11615
11616static int drv_errors = 0;
11617
11618static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv)
11619{
11620	drv_errors++;
11621	if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) {
11622		drv_errors = 0;
11623		wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED");
11624	}
11625}
11626
11627
11628static int android_priv_cmd(struct i802_bss *bss, const char *cmd)
11629{
11630	struct wpa_driver_nl80211_data *drv = bss->drv;
11631	struct ifreq ifr;
11632	android_wifi_priv_cmd priv_cmd;
11633	char buf[MAX_DRV_CMD_SIZE];
11634	int ret;
11635
11636	os_memset(&ifr, 0, sizeof(ifr));
11637	os_memset(&priv_cmd, 0, sizeof(priv_cmd));
11638	os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ);
11639
11640	os_memset(buf, 0, sizeof(buf));
11641	os_strlcpy(buf, cmd, sizeof(buf));
11642
11643	priv_cmd.buf = buf;
11644	priv_cmd.used_len = sizeof(buf);
11645	priv_cmd.total_len = sizeof(buf);
11646	ifr.ifr_data = &priv_cmd;
11647
11648	ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr);
11649	if (ret < 0) {
11650		wpa_printf(MSG_ERROR, "%s: failed to issue private commands",
11651			   __func__);
11652		wpa_driver_send_hang_msg(drv);
11653		return ret;
11654	}
11655
11656	drv_errors = 0;
11657	return 0;
11658}
11659
11660
11661static int android_pno_start(struct i802_bss *bss,
11662			     struct wpa_driver_scan_params *params)
11663{
11664	struct wpa_driver_nl80211_data *drv = bss->drv;
11665	struct ifreq ifr;
11666	android_wifi_priv_cmd priv_cmd;
11667	int ret = 0, i = 0, bp;
11668	char buf[WEXT_PNO_MAX_COMMAND_SIZE];
11669
11670	bp = WEXT_PNOSETUP_HEADER_SIZE;
11671	os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp);
11672	buf[bp++] = WEXT_PNO_TLV_PREFIX;
11673	buf[bp++] = WEXT_PNO_TLV_VERSION;
11674	buf[bp++] = WEXT_PNO_TLV_SUBVERSION;
11675	buf[bp++] = WEXT_PNO_TLV_RESERVED;
11676
11677	while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) {
11678		/* Check that there is enough space needed for 1 more SSID, the
11679		 * other sections and null termination */
11680		if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN +
11681		     WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf))
11682			break;
11683		wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan",
11684				  params->ssids[i].ssid,
11685				  params->ssids[i].ssid_len);
11686		buf[bp++] = WEXT_PNO_SSID_SECTION;
11687		buf[bp++] = params->ssids[i].ssid_len;
11688		os_memcpy(&buf[bp], params->ssids[i].ssid,
11689			  params->ssids[i].ssid_len);
11690		bp += params->ssids[i].ssid_len;
11691		i++;
11692	}
11693
11694	buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION;
11695	os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x",
11696		    WEXT_PNO_SCAN_INTERVAL);
11697	bp += WEXT_PNO_SCAN_INTERVAL_LENGTH;
11698
11699	buf[bp++] = WEXT_PNO_REPEAT_SECTION;
11700	os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x",
11701		    WEXT_PNO_REPEAT);
11702	bp += WEXT_PNO_REPEAT_LENGTH;
11703
11704	buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION;
11705	os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x",
11706		    WEXT_PNO_MAX_REPEAT);
11707	bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1;
11708
11709	memset(&ifr, 0, sizeof(ifr));
11710	memset(&priv_cmd, 0, sizeof(priv_cmd));
11711	os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ);
11712
11713	priv_cmd.buf = buf;
11714	priv_cmd.used_len = bp;
11715	priv_cmd.total_len = bp;
11716	ifr.ifr_data = &priv_cmd;
11717
11718	ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr);
11719
11720	if (ret < 0) {
11721		wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d",
11722			   ret);
11723		wpa_driver_send_hang_msg(drv);
11724		return ret;
11725	}
11726
11727	drv_errors = 0;
11728
11729	return android_priv_cmd(bss, "PNOFORCE 1");
11730}
11731
11732
11733static int android_pno_stop(struct i802_bss *bss)
11734{
11735	return android_priv_cmd(bss, "PNOFORCE 0");
11736}
11737
11738#endif /* ANDROID */
11739
11740
11741static int driver_nl80211_set_key(const char *ifname, void *priv,
11742				  enum wpa_alg alg, const u8 *addr,
11743				  int key_idx, int set_tx,
11744				  const u8 *seq, size_t seq_len,
11745				  const u8 *key, size_t key_len)
11746{
11747	struct i802_bss *bss = priv;
11748	return wpa_driver_nl80211_set_key(ifname, bss, alg, addr, key_idx,
11749					  set_tx, seq, seq_len, key, key_len);
11750}
11751
11752
11753static int driver_nl80211_scan2(void *priv,
11754				struct wpa_driver_scan_params *params)
11755{
11756	struct i802_bss *bss = priv;
11757	return wpa_driver_nl80211_scan(bss, params);
11758}
11759
11760
11761static int driver_nl80211_deauthenticate(void *priv, const u8 *addr,
11762					 int reason_code)
11763{
11764	struct i802_bss *bss = priv;
11765	return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code);
11766}
11767
11768
11769static int driver_nl80211_authenticate(void *priv,
11770				       struct wpa_driver_auth_params *params)
11771{
11772	struct i802_bss *bss = priv;
11773	return wpa_driver_nl80211_authenticate(bss, params);
11774}
11775
11776
11777static void driver_nl80211_deinit(void *priv)
11778{
11779	struct i802_bss *bss = priv;
11780	wpa_driver_nl80211_deinit(bss);
11781}
11782
11783
11784static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type,
11785				    const char *ifname)
11786{
11787	struct i802_bss *bss = priv;
11788	return wpa_driver_nl80211_if_remove(bss, type, ifname);
11789}
11790
11791
11792static int driver_nl80211_send_mlme(void *priv, const u8 *data,
11793				    size_t data_len, int noack)
11794{
11795	struct i802_bss *bss = priv;
11796	return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack,
11797					    0, 0, 0, 0);
11798}
11799
11800
11801static int driver_nl80211_sta_remove(void *priv, const u8 *addr)
11802{
11803	struct i802_bss *bss = priv;
11804	return wpa_driver_nl80211_sta_remove(bss, addr);
11805}
11806
11807
11808static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr,
11809				       const char *ifname, int vlan_id)
11810{
11811	struct i802_bss *bss = priv;
11812	return i802_set_sta_vlan(bss, addr, ifname, vlan_id);
11813}
11814
11815
11816static int driver_nl80211_read_sta_data(void *priv,
11817					struct hostap_sta_driver_data *data,
11818					const u8 *addr)
11819{
11820	struct i802_bss *bss = priv;
11821	return i802_read_sta_data(bss, data, addr);
11822}
11823
11824
11825static int driver_nl80211_send_action(void *priv, unsigned int freq,
11826				      unsigned int wait_time,
11827				      const u8 *dst, const u8 *src,
11828				      const u8 *bssid,
11829				      const u8 *data, size_t data_len,
11830				      int no_cck)
11831{
11832	struct i802_bss *bss = priv;
11833	return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src,
11834					      bssid, data, data_len, no_cck);
11835}
11836
11837
11838static int driver_nl80211_probe_req_report(void *priv, int report)
11839{
11840	struct i802_bss *bss = priv;
11841	return wpa_driver_nl80211_probe_req_report(bss, report);
11842}
11843
11844
11845static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md,
11846					    const u8 *ies, size_t ies_len)
11847{
11848	int ret;
11849	struct nl_msg *msg;
11850	struct i802_bss *bss = priv;
11851	struct wpa_driver_nl80211_data *drv = bss->drv;
11852	u16 mdid = WPA_GET_LE16(md);
11853
11854	msg = nlmsg_alloc();
11855	if (!msg)
11856		return -ENOMEM;
11857
11858	wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs");
11859	nl80211_cmd(drv, msg, 0, NL80211_CMD_UPDATE_FT_IES);
11860	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
11861	NLA_PUT(msg, NL80211_ATTR_IE, ies_len, ies);
11862	NLA_PUT_U16(msg, NL80211_ATTR_MDID, mdid);
11863
11864	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
11865	if (ret) {
11866		wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed "
11867			   "err=%d (%s)", ret, strerror(-ret));
11868	}
11869
11870	return ret;
11871
11872nla_put_failure:
11873	nlmsg_free(msg);
11874	return -ENOBUFS;
11875}
11876
11877
11878const u8 * wpa_driver_nl80211_get_macaddr(void *priv)
11879{
11880	struct i802_bss *bss = priv;
11881	struct wpa_driver_nl80211_data *drv = bss->drv;
11882
11883	if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE)
11884		return NULL;
11885
11886	return bss->addr;
11887}
11888
11889
11890static const char * scan_state_str(enum scan_states scan_state)
11891{
11892	switch (scan_state) {
11893	case NO_SCAN:
11894		return "NO_SCAN";
11895	case SCAN_REQUESTED:
11896		return "SCAN_REQUESTED";
11897	case SCAN_STARTED:
11898		return "SCAN_STARTED";
11899	case SCAN_COMPLETED:
11900		return "SCAN_COMPLETED";
11901	case SCAN_ABORTED:
11902		return "SCAN_ABORTED";
11903	case SCHED_SCAN_STARTED:
11904		return "SCHED_SCAN_STARTED";
11905	case SCHED_SCAN_STOPPED:
11906		return "SCHED_SCAN_STOPPED";
11907	case SCHED_SCAN_RESULTS:
11908		return "SCHED_SCAN_RESULTS";
11909	}
11910
11911	return "??";
11912}
11913
11914
11915static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen)
11916{
11917	struct i802_bss *bss = priv;
11918	struct wpa_driver_nl80211_data *drv = bss->drv;
11919	int res;
11920	char *pos, *end;
11921
11922	pos = buf;
11923	end = buf + buflen;
11924
11925	res = os_snprintf(pos, end - pos,
11926			  "ifindex=%d\n"
11927			  "ifname=%s\n"
11928			  "brname=%s\n"
11929			  "addr=" MACSTR "\n"
11930			  "freq=%d\n"
11931			  "%s%s%s%s%s",
11932			  bss->ifindex,
11933			  bss->ifname,
11934			  bss->brname,
11935			  MAC2STR(bss->addr),
11936			  bss->freq,
11937			  bss->beacon_set ? "beacon_set=1\n" : "",
11938			  bss->added_if_into_bridge ?
11939			  "added_if_into_bridge=1\n" : "",
11940			  bss->added_bridge ? "added_bridge=1\n" : "",
11941			  bss->in_deinit ? "in_deinit=1\n" : "",
11942			  bss->if_dynamic ? "if_dynamic=1\n" : "");
11943	if (res < 0 || res >= end - pos)
11944		return pos - buf;
11945	pos += res;
11946
11947	if (bss->wdev_id_set) {
11948		res = os_snprintf(pos, end - pos, "wdev_id=%llu\n",
11949				  (unsigned long long) bss->wdev_id);
11950		if (res < 0 || res >= end - pos)
11951			return pos - buf;
11952		pos += res;
11953	}
11954
11955	res = os_snprintf(pos, end - pos,
11956			  "phyname=%s\n"
11957			  "drv_ifindex=%d\n"
11958			  "operstate=%d\n"
11959			  "scan_state=%s\n"
11960			  "auth_bssid=" MACSTR "\n"
11961			  "auth_attempt_bssid=" MACSTR "\n"
11962			  "bssid=" MACSTR "\n"
11963			  "prev_bssid=" MACSTR "\n"
11964			  "associated=%d\n"
11965			  "assoc_freq=%u\n"
11966			  "monitor_sock=%d\n"
11967			  "monitor_ifidx=%d\n"
11968			  "monitor_refcount=%d\n"
11969			  "last_mgmt_freq=%u\n"
11970			  "eapol_tx_sock=%d\n"
11971			  "%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
11972			  drv->phyname,
11973			  drv->ifindex,
11974			  drv->operstate,
11975			  scan_state_str(drv->scan_state),
11976			  MAC2STR(drv->auth_bssid),
11977			  MAC2STR(drv->auth_attempt_bssid),
11978			  MAC2STR(drv->bssid),
11979			  MAC2STR(drv->prev_bssid),
11980			  drv->associated,
11981			  drv->assoc_freq,
11982			  drv->monitor_sock,
11983			  drv->monitor_ifidx,
11984			  drv->monitor_refcount,
11985			  drv->last_mgmt_freq,
11986			  drv->eapol_tx_sock,
11987			  drv->ignore_if_down_event ?
11988			  "ignore_if_down_event=1\n" : "",
11989			  drv->scan_complete_events ?
11990			  "scan_complete_events=1\n" : "",
11991			  drv->disabled_11b_rates ?
11992			  "disabled_11b_rates=1\n" : "",
11993			  drv->pending_remain_on_chan ?
11994			  "pending_remain_on_chan=1\n" : "",
11995			  drv->in_interface_list ? "in_interface_list=1\n" : "",
11996			  drv->device_ap_sme ? "device_ap_sme=1\n" : "",
11997			  drv->poll_command_supported ?
11998			  "poll_command_supported=1\n" : "",
11999			  drv->data_tx_status ? "data_tx_status=1\n" : "",
12000			  drv->scan_for_auth ? "scan_for_auth=1\n" : "",
12001			  drv->retry_auth ? "retry_auth=1\n" : "",
12002			  drv->use_monitor ? "use_monitor=1\n" : "",
12003			  drv->ignore_next_local_disconnect ?
12004			  "ignore_next_local_disconnect=1\n" : "",
12005			  drv->ignore_next_local_deauth ?
12006			  "ignore_next_local_deauth=1\n" : "",
12007			  drv->allow_p2p_device ? "allow_p2p_device=1\n" : "");
12008	if (res < 0 || res >= end - pos)
12009		return pos - buf;
12010	pos += res;
12011
12012	if (drv->has_capability) {
12013		res = os_snprintf(pos, end - pos,
12014				  "capa.key_mgmt=0x%x\n"
12015				  "capa.enc=0x%x\n"
12016				  "capa.auth=0x%x\n"
12017				  "capa.flags=0x%x\n"
12018				  "capa.max_scan_ssids=%d\n"
12019				  "capa.max_sched_scan_ssids=%d\n"
12020				  "capa.sched_scan_supported=%d\n"
12021				  "capa.max_match_sets=%d\n"
12022				  "capa.max_remain_on_chan=%u\n"
12023				  "capa.max_stations=%u\n"
12024				  "capa.probe_resp_offloads=0x%x\n"
12025				  "capa.max_acl_mac_addrs=%u\n"
12026				  "capa.num_multichan_concurrent=%u\n",
12027				  drv->capa.key_mgmt,
12028				  drv->capa.enc,
12029				  drv->capa.auth,
12030				  drv->capa.flags,
12031				  drv->capa.max_scan_ssids,
12032				  drv->capa.max_sched_scan_ssids,
12033				  drv->capa.sched_scan_supported,
12034				  drv->capa.max_match_sets,
12035				  drv->capa.max_remain_on_chan,
12036				  drv->capa.max_stations,
12037				  drv->capa.probe_resp_offloads,
12038				  drv->capa.max_acl_mac_addrs,
12039				  drv->capa.num_multichan_concurrent);
12040		if (res < 0 || res >= end - pos)
12041			return pos - buf;
12042		pos += res;
12043	}
12044
12045	return pos - buf;
12046}
12047
12048
12049static int set_beacon_data(struct nl_msg *msg, struct beacon_data *settings)
12050{
12051	if (settings->head)
12052		NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD,
12053			settings->head_len, settings->head);
12054
12055	if (settings->tail)
12056		NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL,
12057			settings->tail_len, settings->tail);
12058
12059	if (settings->beacon_ies)
12060		NLA_PUT(msg, NL80211_ATTR_IE,
12061			settings->beacon_ies_len, settings->beacon_ies);
12062
12063	if (settings->proberesp_ies)
12064		NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP,
12065			settings->proberesp_ies_len, settings->proberesp_ies);
12066
12067	if (settings->assocresp_ies)
12068		NLA_PUT(msg,
12069			NL80211_ATTR_IE_ASSOC_RESP,
12070			settings->assocresp_ies_len, settings->assocresp_ies);
12071
12072	if (settings->probe_resp)
12073		NLA_PUT(msg, NL80211_ATTR_PROBE_RESP,
12074			settings->probe_resp_len, settings->probe_resp);
12075
12076	return 0;
12077
12078nla_put_failure:
12079	return -ENOBUFS;
12080}
12081
12082
12083static int nl80211_switch_channel(void *priv, struct csa_settings *settings)
12084{
12085	struct nl_msg *msg;
12086	struct i802_bss *bss = priv;
12087	struct wpa_driver_nl80211_data *drv = bss->drv;
12088	struct nlattr *beacon_csa;
12089	int ret = -ENOBUFS;
12090
12091	wpa_printf(MSG_DEBUG, "nl80211: Channel switch request (cs_count=%u block_tx=%u freq=%d width=%d cf1=%d cf2=%d)",
12092		   settings->cs_count, settings->block_tx,
12093		   settings->freq_params.freq, settings->freq_params.bandwidth,
12094		   settings->freq_params.center_freq1,
12095		   settings->freq_params.center_freq2);
12096
12097	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_AP_CSA)) {
12098		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support channel switch command");
12099		return -EOPNOTSUPP;
12100	}
12101
12102	if ((drv->nlmode != NL80211_IFTYPE_AP) &&
12103	    (drv->nlmode != NL80211_IFTYPE_P2P_GO))
12104		return -EOPNOTSUPP;
12105
12106	/* check settings validity */
12107	if (!settings->beacon_csa.tail ||
12108	    ((settings->beacon_csa.tail_len <=
12109	      settings->counter_offset_beacon) ||
12110	     (settings->beacon_csa.tail[settings->counter_offset_beacon] !=
12111	      settings->cs_count)))
12112		return -EINVAL;
12113
12114	if (settings->beacon_csa.probe_resp &&
12115	    ((settings->beacon_csa.probe_resp_len <=
12116	      settings->counter_offset_presp) ||
12117	     (settings->beacon_csa.probe_resp[settings->counter_offset_presp] !=
12118	      settings->cs_count)))
12119		return -EINVAL;
12120
12121	msg = nlmsg_alloc();
12122	if (!msg)
12123		return -ENOMEM;
12124
12125	nl80211_cmd(drv, msg, 0, NL80211_CMD_CHANNEL_SWITCH);
12126	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
12127	NLA_PUT_U32(msg, NL80211_ATTR_CH_SWITCH_COUNT, settings->cs_count);
12128	ret = nl80211_put_freq_params(msg, &settings->freq_params);
12129	if (ret)
12130		goto error;
12131
12132	if (settings->block_tx)
12133		NLA_PUT_FLAG(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX);
12134
12135	/* beacon_after params */
12136	ret = set_beacon_data(msg, &settings->beacon_after);
12137	if (ret)
12138		goto error;
12139
12140	/* beacon_csa params */
12141	beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES);
12142	if (!beacon_csa)
12143		goto nla_put_failure;
12144
12145	ret = set_beacon_data(msg, &settings->beacon_csa);
12146	if (ret)
12147		goto error;
12148
12149	NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_BEACON,
12150		    settings->counter_offset_beacon);
12151
12152	if (settings->beacon_csa.probe_resp)
12153		NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_PRESP,
12154			    settings->counter_offset_presp);
12155
12156	nla_nest_end(msg, beacon_csa);
12157	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
12158	if (ret) {
12159		wpa_printf(MSG_DEBUG, "nl80211: switch_channel failed err=%d (%s)",
12160			   ret, strerror(-ret));
12161	}
12162	return ret;
12163
12164nla_put_failure:
12165	ret = -ENOBUFS;
12166error:
12167	nlmsg_free(msg);
12168	wpa_printf(MSG_DEBUG, "nl80211: Could not build channel switch request");
12169	return ret;
12170}
12171
12172
12173#ifdef CONFIG_TESTING_OPTIONS
12174static int cmd_reply_handler(struct nl_msg *msg, void *arg)
12175{
12176	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
12177	struct wpabuf *buf = arg;
12178
12179	if (!buf)
12180		return NL_SKIP;
12181
12182	if ((size_t) genlmsg_attrlen(gnlh, 0) > wpabuf_tailroom(buf)) {
12183		wpa_printf(MSG_INFO, "nl80211: insufficient buffer space for reply");
12184		return NL_SKIP;
12185	}
12186
12187	wpabuf_put_data(buf, genlmsg_attrdata(gnlh, 0),
12188			genlmsg_attrlen(gnlh, 0));
12189
12190	return NL_SKIP;
12191}
12192#endif /* CONFIG_TESTING_OPTIONS */
12193
12194
12195static int vendor_reply_handler(struct nl_msg *msg, void *arg)
12196{
12197	struct nlattr *tb[NL80211_ATTR_MAX + 1];
12198	struct nlattr *nl_vendor_reply, *nl;
12199	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
12200	struct wpabuf *buf = arg;
12201	int rem;
12202
12203	if (!buf)
12204		return NL_SKIP;
12205
12206	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
12207		  genlmsg_attrlen(gnlh, 0), NULL);
12208	nl_vendor_reply = tb[NL80211_ATTR_VENDOR_DATA];
12209
12210	if (!nl_vendor_reply)
12211		return NL_SKIP;
12212
12213	if ((size_t) nla_len(nl_vendor_reply) > wpabuf_tailroom(buf)) {
12214		wpa_printf(MSG_INFO, "nl80211: Vendor command: insufficient buffer space for reply");
12215		return NL_SKIP;
12216	}
12217
12218	nla_for_each_nested(nl, nl_vendor_reply, rem) {
12219		wpabuf_put_data(buf, nla_data(nl), nla_len(nl));
12220	}
12221
12222	return NL_SKIP;
12223}
12224
12225
12226static int nl80211_vendor_cmd(void *priv, unsigned int vendor_id,
12227			      unsigned int subcmd, const u8 *data,
12228			      size_t data_len, struct wpabuf *buf)
12229{
12230	struct i802_bss *bss = priv;
12231	struct wpa_driver_nl80211_data *drv = bss->drv;
12232	struct nl_msg *msg;
12233	int ret;
12234
12235	msg = nlmsg_alloc();
12236	if (!msg)
12237		return -ENOMEM;
12238
12239#ifdef CONFIG_TESTING_OPTIONS
12240	if (vendor_id == 0xffffffff) {
12241		nl80211_cmd(drv, msg, 0, subcmd);
12242		if (nlmsg_append(msg, (void *) data, data_len, NLMSG_ALIGNTO) <
12243		    0)
12244			goto nla_put_failure;
12245		ret = send_and_recv_msgs(drv, msg, cmd_reply_handler, buf);
12246		if (ret)
12247			wpa_printf(MSG_DEBUG, "nl80211: command failed err=%d",
12248				   ret);
12249		return ret;
12250	}
12251#endif /* CONFIG_TESTING_OPTIONS */
12252
12253	nl80211_cmd(drv, msg, 0, NL80211_CMD_VENDOR);
12254	if (nl80211_set_iface_id(msg, bss) < 0)
12255		goto nla_put_failure;
12256	NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_ID, vendor_id);
12257	NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_SUBCMD, subcmd);
12258	if (data)
12259		NLA_PUT(msg, NL80211_ATTR_VENDOR_DATA, data_len, data);
12260
12261	ret = send_and_recv_msgs(drv, msg, vendor_reply_handler, buf);
12262	if (ret)
12263		wpa_printf(MSG_DEBUG, "nl80211: vendor command failed err=%d",
12264			   ret);
12265	return ret;
12266
12267nla_put_failure:
12268	nlmsg_free(msg);
12269	return -ENOBUFS;
12270}
12271
12272
12273static int nl80211_set_qos_map(void *priv, const u8 *qos_map_set,
12274			       u8 qos_map_set_len)
12275{
12276	struct i802_bss *bss = priv;
12277	struct wpa_driver_nl80211_data *drv = bss->drv;
12278	struct nl_msg *msg;
12279	int ret;
12280
12281	msg = nlmsg_alloc();
12282	if (!msg)
12283		return -ENOMEM;
12284
12285	wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map",
12286		    qos_map_set, qos_map_set_len);
12287
12288	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_QOS_MAP);
12289	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
12290	NLA_PUT(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set);
12291
12292	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
12293	if (ret)
12294		wpa_printf(MSG_DEBUG, "nl80211: Setting QoS Map failed");
12295
12296	return ret;
12297
12298nla_put_failure:
12299	nlmsg_free(msg);
12300	return -ENOBUFS;
12301}
12302
12303
12304static int nl80211_set_wowlan(void *priv,
12305			      const struct wowlan_triggers *triggers)
12306{
12307	struct i802_bss *bss = priv;
12308	struct wpa_driver_nl80211_data *drv = bss->drv;
12309	struct nl_msg *msg;
12310	struct nlattr *wowlan_triggers;
12311	int ret;
12312
12313	msg = nlmsg_alloc();
12314	if (!msg)
12315		return -ENOMEM;
12316
12317	wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan");
12318
12319	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WOWLAN);
12320	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
12321
12322	wowlan_triggers = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
12323	if (!wowlan_triggers)
12324		goto nla_put_failure;
12325
12326	if (triggers->any)
12327		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
12328	if (triggers->disconnect)
12329		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
12330	if (triggers->magic_pkt)
12331		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
12332	if (triggers->gtk_rekey_failure)
12333		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE);
12334	if (triggers->eap_identity_req)
12335		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST);
12336	if (triggers->four_way_handshake)
12337		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE);
12338	if (triggers->rfkill_release)
12339		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE);
12340
12341	nla_nest_end(msg, wowlan_triggers);
12342
12343	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
12344	if (ret)
12345		wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan failed");
12346
12347	return ret;
12348
12349nla_put_failure:
12350	nlmsg_free(msg);
12351	return -ENOBUFS;
12352}
12353
12354
12355const struct wpa_driver_ops wpa_driver_nl80211_ops = {
12356	.name = "nl80211",
12357	.desc = "Linux nl80211/cfg80211",
12358	.get_bssid = wpa_driver_nl80211_get_bssid,
12359	.get_ssid = wpa_driver_nl80211_get_ssid,
12360	.set_key = driver_nl80211_set_key,
12361	.scan2 = driver_nl80211_scan2,
12362	.sched_scan = wpa_driver_nl80211_sched_scan,
12363	.stop_sched_scan = wpa_driver_nl80211_stop_sched_scan,
12364	.get_scan_results2 = wpa_driver_nl80211_get_scan_results,
12365	.deauthenticate = driver_nl80211_deauthenticate,
12366	.authenticate = driver_nl80211_authenticate,
12367	.associate = wpa_driver_nl80211_associate,
12368	.global_init = nl80211_global_init,
12369	.global_deinit = nl80211_global_deinit,
12370	.init2 = wpa_driver_nl80211_init,
12371	.deinit = driver_nl80211_deinit,
12372	.get_capa = wpa_driver_nl80211_get_capa,
12373	.set_operstate = wpa_driver_nl80211_set_operstate,
12374	.set_supp_port = wpa_driver_nl80211_set_supp_port,
12375	.set_country = wpa_driver_nl80211_set_country,
12376	.get_country = wpa_driver_nl80211_get_country,
12377	.set_ap = wpa_driver_nl80211_set_ap,
12378	.set_acl = wpa_driver_nl80211_set_acl,
12379	.if_add = wpa_driver_nl80211_if_add,
12380	.if_remove = driver_nl80211_if_remove,
12381	.send_mlme = driver_nl80211_send_mlme,
12382	.get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
12383	.sta_add = wpa_driver_nl80211_sta_add,
12384	.sta_remove = driver_nl80211_sta_remove,
12385	.hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
12386	.sta_set_flags = wpa_driver_nl80211_sta_set_flags,
12387	.hapd_init = i802_init,
12388	.hapd_deinit = i802_deinit,
12389	.set_wds_sta = i802_set_wds_sta,
12390	.get_seqnum = i802_get_seqnum,
12391	.flush = i802_flush,
12392	.get_inact_sec = i802_get_inact_sec,
12393	.sta_clear_stats = i802_sta_clear_stats,
12394	.set_rts = i802_set_rts,
12395	.set_frag = i802_set_frag,
12396	.set_tx_queue_params = i802_set_tx_queue_params,
12397	.set_sta_vlan = driver_nl80211_set_sta_vlan,
12398	.sta_deauth = i802_sta_deauth,
12399	.sta_disassoc = i802_sta_disassoc,
12400	.read_sta_data = driver_nl80211_read_sta_data,
12401	.set_freq = i802_set_freq,
12402	.send_action = driver_nl80211_send_action,
12403	.send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait,
12404	.remain_on_channel = wpa_driver_nl80211_remain_on_channel,
12405	.cancel_remain_on_channel =
12406	wpa_driver_nl80211_cancel_remain_on_channel,
12407	.probe_req_report = driver_nl80211_probe_req_report,
12408	.deinit_ap = wpa_driver_nl80211_deinit_ap,
12409	.deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli,
12410	.resume = wpa_driver_nl80211_resume,
12411	.send_ft_action = nl80211_send_ft_action,
12412	.signal_monitor = nl80211_signal_monitor,
12413	.signal_poll = nl80211_signal_poll,
12414	.send_frame = nl80211_send_frame,
12415	.shared_freq = wpa_driver_nl80211_shared_freq,
12416	.set_param = nl80211_set_param,
12417	.get_radio_name = nl80211_get_radio_name,
12418	.add_pmkid = nl80211_add_pmkid,
12419	.remove_pmkid = nl80211_remove_pmkid,
12420	.flush_pmkid = nl80211_flush_pmkid,
12421	.set_rekey_info = nl80211_set_rekey_info,
12422	.poll_client = nl80211_poll_client,
12423	.set_p2p_powersave = nl80211_set_p2p_powersave,
12424	.start_dfs_cac = nl80211_start_radar_detection,
12425	.stop_ap = wpa_driver_nl80211_stop_ap,
12426#ifdef CONFIG_TDLS
12427	.send_tdls_mgmt = nl80211_send_tdls_mgmt,
12428	.tdls_oper = nl80211_tdls_oper,
12429#endif /* CONFIG_TDLS */
12430	.update_ft_ies = wpa_driver_nl80211_update_ft_ies,
12431	.get_mac_addr = wpa_driver_nl80211_get_macaddr,
12432	.get_survey = wpa_driver_nl80211_get_survey,
12433	.status = wpa_driver_nl80211_status,
12434	.switch_channel = nl80211_switch_channel,
12435#ifdef ANDROID_P2P
12436	.set_noa = wpa_driver_set_p2p_noa,
12437	.get_noa = wpa_driver_get_p2p_noa,
12438	.set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie,
12439#endif /* ANDROID_P2P */
12440#ifdef ANDROID
12441	.driver_cmd = wpa_driver_nl80211_driver_cmd,
12442#endif /* ANDROID */
12443	.vendor_cmd = nl80211_vendor_cmd,
12444	.set_qos_map = nl80211_set_qos_map,
12445	.set_wowlan = nl80211_set_wowlan,
12446};
12447