driver_nl80211.c revision 2e67f06149ff649fb6f8782bad041d3d9124685e 
1/*
2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009-2010, Atheros Communications
8 *
9 * This software may be distributed under the terms of the BSD license.
10 * See README for more details.
11 */
12
13#include "includes.h"
14#include <sys/ioctl.h>
15#include <sys/types.h>
16#include <sys/stat.h>
17#include <fcntl.h>
18#include <net/if.h>
19#include <netlink/genl/genl.h>
20#include <netlink/genl/family.h>
21#include <netlink/genl/ctrl.h>
22#include <linux/rtnetlink.h>
23#include <netpacket/packet.h>
24#include <linux/filter.h>
25#include <linux/errqueue.h>
26#include "nl80211_copy.h"
27
28#include "common.h"
29#include "eloop.h"
30#include "utils/list.h"
31#include "common/qca-vendor.h"
32#include "common/qca-vendor-attr.h"
33#include "common/ieee802_11_defs.h"
34#include "common/ieee802_11_common.h"
35#include "l2_packet/l2_packet.h"
36#include "netlink.h"
37#include "linux_ioctl.h"
38#include "radiotap.h"
39#include "radiotap_iter.h"
40#include "rfkill.h"
41#include "driver.h"
42
43#ifndef SO_WIFI_STATUS
44# if defined(__sparc__)
45#  define SO_WIFI_STATUS	0x0025
46# elif defined(__parisc__)
47#  define SO_WIFI_STATUS	0x4022
48# else
49#  define SO_WIFI_STATUS	41
50# endif
51
52# define SCM_WIFI_STATUS	SO_WIFI_STATUS
53#endif
54
55#ifndef SO_EE_ORIGIN_TXSTATUS
56#define SO_EE_ORIGIN_TXSTATUS	4
57#endif
58
59#ifndef PACKET_TX_TIMESTAMP
60#define PACKET_TX_TIMESTAMP	16
61#endif
62
63#ifdef ANDROID
64#include "android_drv.h"
65#endif /* ANDROID */
66#ifdef CONFIG_LIBNL20
67/* libnl 2.0 compatibility code */
68#define nl_handle nl_sock
69#define nl80211_handle_alloc nl_socket_alloc_cb
70#define nl80211_handle_destroy nl_socket_free
71#else
72/*
73 * libnl 1.1 has a bug, it tries to allocate socket numbers densely
74 * but when you free a socket again it will mess up its bitmap and
75 * and use the wrong number the next time it needs a socket ID.
76 * Therefore, we wrap the handle alloc/destroy and add our own pid
77 * accounting.
78 */
79static uint32_t port_bitmap[32] = { 0 };
80
81static struct nl_handle *nl80211_handle_alloc(void *cb)
82{
83	struct nl_handle *handle;
84	uint32_t pid = getpid() & 0x3FFFFF;
85	int i;
86
87	handle = nl_handle_alloc_cb(cb);
88
89	for (i = 0; i < 1024; i++) {
90		if (port_bitmap[i / 32] & (1 << (i % 32)))
91			continue;
92		port_bitmap[i / 32] |= 1 << (i % 32);
93		pid += i << 22;
94		break;
95	}
96
97	nl_socket_set_local_port(handle, pid);
98
99	return handle;
100}
101
102static void nl80211_handle_destroy(struct nl_handle *handle)
103{
104	uint32_t port = nl_socket_get_local_port(handle);
105
106	port >>= 22;
107	port_bitmap[port / 32] &= ~(1 << (port % 32));
108
109	nl_handle_destroy(handle);
110}
111#endif /* CONFIG_LIBNL20 */
112
113
114#ifdef ANDROID
115/* system/core/libnl_2 does not include nl_socket_set_nonblocking() */
116static int android_nl_socket_set_nonblocking(struct nl_handle *handle)
117{
118	return fcntl(nl_socket_get_fd(handle), F_SETFL, O_NONBLOCK);
119}
120#undef nl_socket_set_nonblocking
121#define nl_socket_set_nonblocking(h) android_nl_socket_set_nonblocking(h)
122#endif /* ANDROID */
123
124
125static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg)
126{
127	struct nl_handle *handle;
128
129	handle = nl80211_handle_alloc(cb);
130	if (handle == NULL) {
131		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
132			   "callbacks (%s)", dbg);
133		return NULL;
134	}
135
136	if (genl_connect(handle)) {
137		wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
138			   "netlink (%s)", dbg);
139		nl80211_handle_destroy(handle);
140		return NULL;
141	}
142
143	return handle;
144}
145
146
147static void nl_destroy_handles(struct nl_handle **handle)
148{
149	if (*handle == NULL)
150		return;
151	nl80211_handle_destroy(*handle);
152	*handle = NULL;
153}
154
155
156#if __WORDSIZE == 64
157#define ELOOP_SOCKET_INVALID	(intptr_t) 0x8888888888888889ULL
158#else
159#define ELOOP_SOCKET_INVALID	(intptr_t) 0x88888889ULL
160#endif
161
162static void nl80211_register_eloop_read(struct nl_handle **handle,
163					eloop_sock_handler handler,
164					void *eloop_data)
165{
166	nl_socket_set_nonblocking(*handle);
167	eloop_register_read_sock(nl_socket_get_fd(*handle), handler,
168				 eloop_data, *handle);
169	*handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID);
170}
171
172
173static void nl80211_destroy_eloop_handle(struct nl_handle **handle)
174{
175	*handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID);
176	eloop_unregister_read_sock(nl_socket_get_fd(*handle));
177	nl_destroy_handles(handle);
178}
179
180
181#ifndef IFF_LOWER_UP
182#define IFF_LOWER_UP   0x10000         /* driver signals L1 up         */
183#endif
184#ifndef IFF_DORMANT
185#define IFF_DORMANT    0x20000         /* driver signals dormant       */
186#endif
187
188#ifndef IF_OPER_DORMANT
189#define IF_OPER_DORMANT 5
190#endif
191#ifndef IF_OPER_UP
192#define IF_OPER_UP 6
193#endif
194
195struct nl80211_global {
196	struct dl_list interfaces;
197	int if_add_ifindex;
198	u64 if_add_wdevid;
199	int if_add_wdevid_set;
200	struct netlink_data *netlink;
201	struct nl_cb *nl_cb;
202	struct nl_handle *nl;
203	int nl80211_id;
204	int ioctl_sock; /* socket for ioctl() use */
205
206	struct nl_handle *nl_event;
207};
208
209struct nl80211_wiphy_data {
210	struct dl_list list;
211	struct dl_list bsss;
212	struct dl_list drvs;
213
214	struct nl_handle *nl_beacons;
215	struct nl_cb *nl_cb;
216
217	int wiphy_idx;
218};
219
220static void nl80211_global_deinit(void *priv);
221
222struct i802_bss {
223	struct wpa_driver_nl80211_data *drv;
224	struct i802_bss *next;
225	int ifindex;
226	u64 wdev_id;
227	char ifname[IFNAMSIZ + 1];
228	char brname[IFNAMSIZ];
229	unsigned int beacon_set:1;
230	unsigned int added_if_into_bridge:1;
231	unsigned int added_bridge:1;
232	unsigned int in_deinit:1;
233	unsigned int wdev_id_set:1;
234	unsigned int added_if:1;
235
236	u8 addr[ETH_ALEN];
237
238	int freq;
239	int bandwidth;
240	int if_dynamic;
241
242	void *ctx;
243	struct nl_handle *nl_preq, *nl_mgmt;
244	struct nl_cb *nl_cb;
245
246	struct nl80211_wiphy_data *wiphy_data;
247	struct dl_list wiphy_list;
248};
249
250struct wpa_driver_nl80211_data {
251	struct nl80211_global *global;
252	struct dl_list list;
253	struct dl_list wiphy_list;
254	char phyname[32];
255	void *ctx;
256	int ifindex;
257	int if_removed;
258	int if_disabled;
259	int ignore_if_down_event;
260	struct rfkill_data *rfkill;
261	struct wpa_driver_capa capa;
262	u8 *extended_capa, *extended_capa_mask;
263	unsigned int extended_capa_len;
264	int has_capability;
265
266	int operstate;
267
268	int scan_complete_events;
269	enum scan_states {
270		NO_SCAN, SCAN_REQUESTED, SCAN_STARTED, SCAN_COMPLETED,
271		SCAN_ABORTED, SCHED_SCAN_STARTED, SCHED_SCAN_STOPPED,
272		SCHED_SCAN_RESULTS
273	} scan_state;
274
275	struct nl_cb *nl_cb;
276
277	u8 auth_bssid[ETH_ALEN];
278	u8 auth_attempt_bssid[ETH_ALEN];
279	u8 bssid[ETH_ALEN];
280	u8 prev_bssid[ETH_ALEN];
281	int associated;
282	u8 ssid[32];
283	size_t ssid_len;
284	enum nl80211_iftype nlmode;
285	enum nl80211_iftype ap_scan_as_station;
286	unsigned int assoc_freq;
287
288	int monitor_sock;
289	int monitor_ifidx;
290	int monitor_refcount;
291
292	unsigned int disabled_11b_rates:1;
293	unsigned int pending_remain_on_chan:1;
294	unsigned int in_interface_list:1;
295	unsigned int device_ap_sme:1;
296	unsigned int poll_command_supported:1;
297	unsigned int data_tx_status:1;
298	unsigned int scan_for_auth:1;
299	unsigned int retry_auth:1;
300	unsigned int use_monitor:1;
301	unsigned int ignore_next_local_disconnect:1;
302	unsigned int ignore_next_local_deauth:1;
303	unsigned int allow_p2p_device:1;
304	unsigned int hostapd:1;
305	unsigned int start_mode_ap:1;
306	unsigned int start_iface_up:1;
307	unsigned int test_use_roc_tx:1;
308	unsigned int ignore_deauth_event:1;
309	unsigned int dfs_vendor_cmd_avail:1;
310	unsigned int have_low_prio_scan:1;
311
312	u64 remain_on_chan_cookie;
313	u64 send_action_cookie;
314
315	unsigned int last_mgmt_freq;
316
317	struct wpa_driver_scan_filter *filter_ssids;
318	size_t num_filter_ssids;
319
320	struct i802_bss *first_bss;
321
322	int eapol_tx_sock;
323
324	int eapol_sock; /* socket for EAPOL frames */
325
326	int default_if_indices[16];
327	int *if_indices;
328	int num_if_indices;
329
330	/* From failed authentication command */
331	int auth_freq;
332	u8 auth_bssid_[ETH_ALEN];
333	u8 auth_ssid[32];
334	size_t auth_ssid_len;
335	int auth_alg;
336	u8 *auth_ie;
337	size_t auth_ie_len;
338	u8 auth_wep_key[4][16];
339	size_t auth_wep_key_len[4];
340	int auth_wep_tx_keyidx;
341	int auth_local_state_change;
342	int auth_p2p;
343};
344
345
346static void wpa_driver_nl80211_deinit(struct i802_bss *bss);
347static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
348					    void *timeout_ctx);
349static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
350				       enum nl80211_iftype nlmode);
351static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss, int freq);
352
353static int
354wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
355				   const u8 *set_addr, int first);
356static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
357				   const u8 *addr, int cmd, u16 reason_code,
358				   int local_state_change);
359static void nl80211_remove_monitor_interface(
360	struct wpa_driver_nl80211_data *drv);
361static int nl80211_send_frame_cmd(struct i802_bss *bss,
362				  unsigned int freq, unsigned int wait,
363				  const u8 *buf, size_t buf_len, u64 *cookie,
364				  int no_cck, int no_ack, int offchanok);
365static int nl80211_register_frame(struct i802_bss *bss,
366				  struct nl_handle *hl_handle,
367				  u16 type, const u8 *match, size_t match_len);
368static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss,
369					       int report);
370#ifdef ANDROID
371static int android_pno_start(struct i802_bss *bss,
372			     struct wpa_driver_scan_params *params);
373static int android_pno_stop(struct i802_bss *bss);
374extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf,
375					 size_t buf_len);
376#endif /* ANDROID */
377#ifdef ANDROID_P2P
378#ifdef ANDROID_P2P_STUB
379int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration) {
380	return 0;
381}
382int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len) {
383	return 0;
384}
385int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow) {
386	return -1;
387}
388int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon,
389				 const struct wpabuf *proberesp,
390				 const struct wpabuf *assocresp) {
391	return 0;
392}
393#else /* ANDROID_P2P_STUB */
394int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration);
395int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len);
396int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow);
397int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon,
398				 const struct wpabuf *proberesp,
399				 const struct wpabuf *assocresp);
400#endif /* ANDROID_P2P_STUB */
401#endif /* ANDROID_P2P */
402
403static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
404static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
405static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
406static int wpa_driver_nl80211_if_remove(struct i802_bss *bss,
407					enum wpa_driver_if_type type,
408					const char *ifname);
409
410static int nl80211_set_channel(struct i802_bss *bss,
411			       struct hostapd_freq_params *freq, int set_chan);
412static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
413				     int ifindex, int disabled);
414
415static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv);
416static int wpa_driver_nl80211_authenticate_retry(
417	struct wpa_driver_nl80211_data *drv);
418
419static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
420static int i802_set_iface_flags(struct i802_bss *bss, int up);
421
422
423static const char * nl80211_command_to_string(enum nl80211_commands cmd)
424{
425#define C2S(x) case x: return #x;
426	switch (cmd) {
427	C2S(NL80211_CMD_UNSPEC)
428	C2S(NL80211_CMD_GET_WIPHY)
429	C2S(NL80211_CMD_SET_WIPHY)
430	C2S(NL80211_CMD_NEW_WIPHY)
431	C2S(NL80211_CMD_DEL_WIPHY)
432	C2S(NL80211_CMD_GET_INTERFACE)
433	C2S(NL80211_CMD_SET_INTERFACE)
434	C2S(NL80211_CMD_NEW_INTERFACE)
435	C2S(NL80211_CMD_DEL_INTERFACE)
436	C2S(NL80211_CMD_GET_KEY)
437	C2S(NL80211_CMD_SET_KEY)
438	C2S(NL80211_CMD_NEW_KEY)
439	C2S(NL80211_CMD_DEL_KEY)
440	C2S(NL80211_CMD_GET_BEACON)
441	C2S(NL80211_CMD_SET_BEACON)
442	C2S(NL80211_CMD_START_AP)
443	C2S(NL80211_CMD_STOP_AP)
444	C2S(NL80211_CMD_GET_STATION)
445	C2S(NL80211_CMD_SET_STATION)
446	C2S(NL80211_CMD_NEW_STATION)
447	C2S(NL80211_CMD_DEL_STATION)
448	C2S(NL80211_CMD_GET_MPATH)
449	C2S(NL80211_CMD_SET_MPATH)
450	C2S(NL80211_CMD_NEW_MPATH)
451	C2S(NL80211_CMD_DEL_MPATH)
452	C2S(NL80211_CMD_SET_BSS)
453	C2S(NL80211_CMD_SET_REG)
454	C2S(NL80211_CMD_REQ_SET_REG)
455	C2S(NL80211_CMD_GET_MESH_CONFIG)
456	C2S(NL80211_CMD_SET_MESH_CONFIG)
457	C2S(NL80211_CMD_SET_MGMT_EXTRA_IE)
458	C2S(NL80211_CMD_GET_REG)
459	C2S(NL80211_CMD_GET_SCAN)
460	C2S(NL80211_CMD_TRIGGER_SCAN)
461	C2S(NL80211_CMD_NEW_SCAN_RESULTS)
462	C2S(NL80211_CMD_SCAN_ABORTED)
463	C2S(NL80211_CMD_REG_CHANGE)
464	C2S(NL80211_CMD_AUTHENTICATE)
465	C2S(NL80211_CMD_ASSOCIATE)
466	C2S(NL80211_CMD_DEAUTHENTICATE)
467	C2S(NL80211_CMD_DISASSOCIATE)
468	C2S(NL80211_CMD_MICHAEL_MIC_FAILURE)
469	C2S(NL80211_CMD_REG_BEACON_HINT)
470	C2S(NL80211_CMD_JOIN_IBSS)
471	C2S(NL80211_CMD_LEAVE_IBSS)
472	C2S(NL80211_CMD_TESTMODE)
473	C2S(NL80211_CMD_CONNECT)
474	C2S(NL80211_CMD_ROAM)
475	C2S(NL80211_CMD_DISCONNECT)
476	C2S(NL80211_CMD_SET_WIPHY_NETNS)
477	C2S(NL80211_CMD_GET_SURVEY)
478	C2S(NL80211_CMD_NEW_SURVEY_RESULTS)
479	C2S(NL80211_CMD_SET_PMKSA)
480	C2S(NL80211_CMD_DEL_PMKSA)
481	C2S(NL80211_CMD_FLUSH_PMKSA)
482	C2S(NL80211_CMD_REMAIN_ON_CHANNEL)
483	C2S(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL)
484	C2S(NL80211_CMD_SET_TX_BITRATE_MASK)
485	C2S(NL80211_CMD_REGISTER_FRAME)
486	C2S(NL80211_CMD_FRAME)
487	C2S(NL80211_CMD_FRAME_TX_STATUS)
488	C2S(NL80211_CMD_SET_POWER_SAVE)
489	C2S(NL80211_CMD_GET_POWER_SAVE)
490	C2S(NL80211_CMD_SET_CQM)
491	C2S(NL80211_CMD_NOTIFY_CQM)
492	C2S(NL80211_CMD_SET_CHANNEL)
493	C2S(NL80211_CMD_SET_WDS_PEER)
494	C2S(NL80211_CMD_FRAME_WAIT_CANCEL)
495	C2S(NL80211_CMD_JOIN_MESH)
496	C2S(NL80211_CMD_LEAVE_MESH)
497	C2S(NL80211_CMD_UNPROT_DEAUTHENTICATE)
498	C2S(NL80211_CMD_UNPROT_DISASSOCIATE)
499	C2S(NL80211_CMD_NEW_PEER_CANDIDATE)
500	C2S(NL80211_CMD_GET_WOWLAN)
501	C2S(NL80211_CMD_SET_WOWLAN)
502	C2S(NL80211_CMD_START_SCHED_SCAN)
503	C2S(NL80211_CMD_STOP_SCHED_SCAN)
504	C2S(NL80211_CMD_SCHED_SCAN_RESULTS)
505	C2S(NL80211_CMD_SCHED_SCAN_STOPPED)
506	C2S(NL80211_CMD_SET_REKEY_OFFLOAD)
507	C2S(NL80211_CMD_PMKSA_CANDIDATE)
508	C2S(NL80211_CMD_TDLS_OPER)
509	C2S(NL80211_CMD_TDLS_MGMT)
510	C2S(NL80211_CMD_UNEXPECTED_FRAME)
511	C2S(NL80211_CMD_PROBE_CLIENT)
512	C2S(NL80211_CMD_REGISTER_BEACONS)
513	C2S(NL80211_CMD_UNEXPECTED_4ADDR_FRAME)
514	C2S(NL80211_CMD_SET_NOACK_MAP)
515	C2S(NL80211_CMD_CH_SWITCH_NOTIFY)
516	C2S(NL80211_CMD_START_P2P_DEVICE)
517	C2S(NL80211_CMD_STOP_P2P_DEVICE)
518	C2S(NL80211_CMD_CONN_FAILED)
519	C2S(NL80211_CMD_SET_MCAST_RATE)
520	C2S(NL80211_CMD_SET_MAC_ACL)
521	C2S(NL80211_CMD_RADAR_DETECT)
522	C2S(NL80211_CMD_GET_PROTOCOL_FEATURES)
523	C2S(NL80211_CMD_UPDATE_FT_IES)
524	C2S(NL80211_CMD_FT_EVENT)
525	C2S(NL80211_CMD_CRIT_PROTOCOL_START)
526	C2S(NL80211_CMD_CRIT_PROTOCOL_STOP)
527	C2S(NL80211_CMD_GET_COALESCE)
528	C2S(NL80211_CMD_SET_COALESCE)
529	C2S(NL80211_CMD_CHANNEL_SWITCH)
530	C2S(NL80211_CMD_VENDOR)
531	C2S(NL80211_CMD_SET_QOS_MAP)
532	default:
533		return "NL80211_CMD_UNKNOWN";
534	}
535#undef C2S
536}
537
538
539/* Converts nl80211_chan_width to a common format */
540static enum chan_width convert2width(int width)
541{
542	switch (width) {
543	case NL80211_CHAN_WIDTH_20_NOHT:
544		return CHAN_WIDTH_20_NOHT;
545	case NL80211_CHAN_WIDTH_20:
546		return CHAN_WIDTH_20;
547	case NL80211_CHAN_WIDTH_40:
548		return CHAN_WIDTH_40;
549	case NL80211_CHAN_WIDTH_80:
550		return CHAN_WIDTH_80;
551	case NL80211_CHAN_WIDTH_80P80:
552		return CHAN_WIDTH_80P80;
553	case NL80211_CHAN_WIDTH_160:
554		return CHAN_WIDTH_160;
555	}
556	return CHAN_WIDTH_UNKNOWN;
557}
558
559
560static int is_ap_interface(enum nl80211_iftype nlmode)
561{
562	return nlmode == NL80211_IFTYPE_AP ||
563		nlmode == NL80211_IFTYPE_P2P_GO;
564}
565
566
567static int is_sta_interface(enum nl80211_iftype nlmode)
568{
569	return nlmode == NL80211_IFTYPE_STATION ||
570		nlmode == NL80211_IFTYPE_P2P_CLIENT;
571}
572
573
574static int is_p2p_net_interface(enum nl80211_iftype nlmode)
575{
576	return nlmode == NL80211_IFTYPE_P2P_CLIENT ||
577		nlmode == NL80211_IFTYPE_P2P_GO;
578}
579
580
581static void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv)
582{
583	if (drv->associated)
584		os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN);
585	drv->associated = 0;
586	os_memset(drv->bssid, 0, ETH_ALEN);
587}
588
589
590struct nl80211_bss_info_arg {
591	struct wpa_driver_nl80211_data *drv;
592	struct wpa_scan_results *res;
593	unsigned int assoc_freq;
594	unsigned int ibss_freq;
595	u8 assoc_bssid[ETH_ALEN];
596};
597
598static int bss_info_handler(struct nl_msg *msg, void *arg);
599
600
601/* nl80211 code */
602static int ack_handler(struct nl_msg *msg, void *arg)
603{
604	int *err = arg;
605	*err = 0;
606	return NL_STOP;
607}
608
609static int finish_handler(struct nl_msg *msg, void *arg)
610{
611	int *ret = arg;
612	*ret = 0;
613	return NL_SKIP;
614}
615
616static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
617			 void *arg)
618{
619	int *ret = arg;
620	*ret = err->error;
621	return NL_SKIP;
622}
623
624
625static int no_seq_check(struct nl_msg *msg, void *arg)
626{
627	return NL_OK;
628}
629
630
631static int send_and_recv(struct nl80211_global *global,
632			 struct nl_handle *nl_handle, struct nl_msg *msg,
633			 int (*valid_handler)(struct nl_msg *, void *),
634			 void *valid_data)
635{
636	struct nl_cb *cb;
637	int err = -ENOMEM;
638
639	cb = nl_cb_clone(global->nl_cb);
640	if (!cb)
641		goto out;
642
643	err = nl_send_auto_complete(nl_handle, msg);
644	if (err < 0)
645		goto out;
646
647	err = 1;
648
649	nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
650	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
651	nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
652
653	if (valid_handler)
654		nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
655			  valid_handler, valid_data);
656
657	while (err > 0) {
658		int res = nl_recvmsgs(nl_handle, cb);
659		if (res < 0) {
660			wpa_printf(MSG_INFO,
661				   "nl80211: %s->nl_recvmsgs failed: %d",
662				   __func__, res);
663		}
664	}
665 out:
666	nl_cb_put(cb);
667	nlmsg_free(msg);
668	return err;
669}
670
671
672static int send_and_recv_msgs_global(struct nl80211_global *global,
673				     struct nl_msg *msg,
674				     int (*valid_handler)(struct nl_msg *, void *),
675				     void *valid_data)
676{
677	return send_and_recv(global, global->nl, msg, valid_handler,
678			     valid_data);
679}
680
681
682static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
683			      struct nl_msg *msg,
684			      int (*valid_handler)(struct nl_msg *, void *),
685			      void *valid_data)
686{
687	return send_and_recv(drv->global, drv->global->nl, msg,
688			     valid_handler, valid_data);
689}
690
691
692struct family_data {
693	const char *group;
694	int id;
695};
696
697
698static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss)
699{
700	if (bss->wdev_id_set)
701		NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
702	else
703		NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
704	return 0;
705
706nla_put_failure:
707	return -1;
708}
709
710
711static int family_handler(struct nl_msg *msg, void *arg)
712{
713	struct family_data *res = arg;
714	struct nlattr *tb[CTRL_ATTR_MAX + 1];
715	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
716	struct nlattr *mcgrp;
717	int i;
718
719	nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
720		  genlmsg_attrlen(gnlh, 0), NULL);
721	if (!tb[CTRL_ATTR_MCAST_GROUPS])
722		return NL_SKIP;
723
724	nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
725		struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
726		nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
727			  nla_len(mcgrp), NULL);
728		if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
729		    !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
730		    os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
731			       res->group,
732			       nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
733			continue;
734		res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
735		break;
736	};
737
738	return NL_SKIP;
739}
740
741
742static int nl_get_multicast_id(struct nl80211_global *global,
743			       const char *family, const char *group)
744{
745	struct nl_msg *msg;
746	int ret = -1;
747	struct family_data res = { group, -ENOENT };
748
749	msg = nlmsg_alloc();
750	if (!msg)
751		return -ENOMEM;
752	genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"),
753		    0, 0, CTRL_CMD_GETFAMILY, 0);
754	NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
755
756	ret = send_and_recv_msgs_global(global, msg, family_handler, &res);
757	msg = NULL;
758	if (ret == 0)
759		ret = res.id;
760
761nla_put_failure:
762	nlmsg_free(msg);
763	return ret;
764}
765
766
767static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv,
768			  struct nl_msg *msg, int flags, uint8_t cmd)
769{
770	return genlmsg_put(msg, 0, 0, drv->global->nl80211_id,
771			   0, flags, cmd, 0);
772}
773
774
775struct wiphy_idx_data {
776	int wiphy_idx;
777	enum nl80211_iftype nlmode;
778	u8 *macaddr;
779};
780
781
782static int netdev_info_handler(struct nl_msg *msg, void *arg)
783{
784	struct nlattr *tb[NL80211_ATTR_MAX + 1];
785	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
786	struct wiphy_idx_data *info = arg;
787
788	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
789		  genlmsg_attrlen(gnlh, 0), NULL);
790
791	if (tb[NL80211_ATTR_WIPHY])
792		info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
793
794	if (tb[NL80211_ATTR_IFTYPE])
795		info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]);
796
797	if (tb[NL80211_ATTR_MAC] && info->macaddr)
798		os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
799			  ETH_ALEN);
800
801	return NL_SKIP;
802}
803
804
805static int nl80211_get_wiphy_index(struct i802_bss *bss)
806{
807	struct nl_msg *msg;
808	struct wiphy_idx_data data = {
809		.wiphy_idx = -1,
810		.macaddr = NULL,
811	};
812
813	msg = nlmsg_alloc();
814	if (!msg)
815		return NL80211_IFTYPE_UNSPECIFIED;
816
817	nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
818
819	if (nl80211_set_iface_id(msg, bss) < 0)
820		goto nla_put_failure;
821
822	if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0)
823		return data.wiphy_idx;
824	msg = NULL;
825nla_put_failure:
826	nlmsg_free(msg);
827	return -1;
828}
829
830
831static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss)
832{
833	struct nl_msg *msg;
834	struct wiphy_idx_data data = {
835		.nlmode = NL80211_IFTYPE_UNSPECIFIED,
836		.macaddr = NULL,
837	};
838
839	msg = nlmsg_alloc();
840	if (!msg)
841		return -1;
842
843	nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
844
845	if (nl80211_set_iface_id(msg, bss) < 0)
846		goto nla_put_failure;
847
848	if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0)
849		return data.nlmode;
850	msg = NULL;
851nla_put_failure:
852	nlmsg_free(msg);
853	return NL80211_IFTYPE_UNSPECIFIED;
854}
855
856
857static int nl80211_get_macaddr(struct i802_bss *bss)
858{
859	struct nl_msg *msg;
860	struct wiphy_idx_data data = {
861		.macaddr = bss->addr,
862	};
863
864	msg = nlmsg_alloc();
865	if (!msg)
866		return NL80211_IFTYPE_UNSPECIFIED;
867
868	nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
869	if (nl80211_set_iface_id(msg, bss) < 0)
870		goto nla_put_failure;
871
872	return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data);
873
874nla_put_failure:
875	nlmsg_free(msg);
876	return NL80211_IFTYPE_UNSPECIFIED;
877}
878
879
880static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv,
881				    struct nl80211_wiphy_data *w)
882{
883	struct nl_msg *msg;
884	int ret = -1;
885
886	msg = nlmsg_alloc();
887	if (!msg)
888		return -1;
889
890	nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS);
891
892	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx);
893
894	ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL);
895	msg = NULL;
896	if (ret) {
897		wpa_printf(MSG_DEBUG, "nl80211: Register beacons command "
898			   "failed: ret=%d (%s)",
899			   ret, strerror(-ret));
900		goto nla_put_failure;
901	}
902	ret = 0;
903nla_put_failure:
904	nlmsg_free(msg);
905	return ret;
906}
907
908
909static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle)
910{
911	struct nl80211_wiphy_data *w = eloop_ctx;
912	int res;
913
914	wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available");
915
916	res = nl_recvmsgs(handle, w->nl_cb);
917	if (res < 0) {
918		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
919			   __func__, res);
920	}
921}
922
923
924static int process_beacon_event(struct nl_msg *msg, void *arg)
925{
926	struct nl80211_wiphy_data *w = arg;
927	struct wpa_driver_nl80211_data *drv;
928	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
929	struct nlattr *tb[NL80211_ATTR_MAX + 1];
930	union wpa_event_data event;
931
932	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
933		  genlmsg_attrlen(gnlh, 0), NULL);
934
935	if (gnlh->cmd != NL80211_CMD_FRAME) {
936		wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)",
937			   gnlh->cmd);
938		return NL_SKIP;
939	}
940
941	if (!tb[NL80211_ATTR_FRAME])
942		return NL_SKIP;
943
944	dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data,
945			 wiphy_list) {
946		os_memset(&event, 0, sizeof(event));
947		event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]);
948		event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]);
949		wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
950	}
951
952	return NL_SKIP;
953}
954
955
956static struct nl80211_wiphy_data *
957nl80211_get_wiphy_data_ap(struct i802_bss *bss)
958{
959	static DEFINE_DL_LIST(nl80211_wiphys);
960	struct nl80211_wiphy_data *w;
961	int wiphy_idx, found = 0;
962	struct i802_bss *tmp_bss;
963
964	if (bss->wiphy_data != NULL)
965		return bss->wiphy_data;
966
967	wiphy_idx = nl80211_get_wiphy_index(bss);
968
969	dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) {
970		if (w->wiphy_idx == wiphy_idx)
971			goto add;
972	}
973
974	/* alloc new one */
975	w = os_zalloc(sizeof(*w));
976	if (w == NULL)
977		return NULL;
978	w->wiphy_idx = wiphy_idx;
979	dl_list_init(&w->bsss);
980	dl_list_init(&w->drvs);
981
982	w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
983	if (!w->nl_cb) {
984		os_free(w);
985		return NULL;
986	}
987	nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
988	nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event,
989		  w);
990
991	w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb,
992					 "wiphy beacons");
993	if (w->nl_beacons == NULL) {
994		os_free(w);
995		return NULL;
996	}
997
998	if (nl80211_register_beacons(bss->drv, w)) {
999		nl_destroy_handles(&w->nl_beacons);
1000		os_free(w);
1001		return NULL;
1002	}
1003
1004	nl80211_register_eloop_read(&w->nl_beacons, nl80211_recv_beacons, w);
1005
1006	dl_list_add(&nl80211_wiphys, &w->list);
1007
1008add:
1009	/* drv entry for this bss already there? */
1010	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
1011		if (tmp_bss->drv == bss->drv) {
1012			found = 1;
1013			break;
1014		}
1015	}
1016	/* if not add it */
1017	if (!found)
1018		dl_list_add(&w->drvs, &bss->drv->wiphy_list);
1019
1020	dl_list_add(&w->bsss, &bss->wiphy_list);
1021	bss->wiphy_data = w;
1022	return w;
1023}
1024
1025
1026static void nl80211_put_wiphy_data_ap(struct i802_bss *bss)
1027{
1028	struct nl80211_wiphy_data *w = bss->wiphy_data;
1029	struct i802_bss *tmp_bss;
1030	int found = 0;
1031
1032	if (w == NULL)
1033		return;
1034	bss->wiphy_data = NULL;
1035	dl_list_del(&bss->wiphy_list);
1036
1037	/* still any for this drv present? */
1038	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
1039		if (tmp_bss->drv == bss->drv) {
1040			found = 1;
1041			break;
1042		}
1043	}
1044	/* if not remove it */
1045	if (!found)
1046		dl_list_del(&bss->drv->wiphy_list);
1047
1048	if (!dl_list_empty(&w->bsss))
1049		return;
1050
1051	nl80211_destroy_eloop_handle(&w->nl_beacons);
1052
1053	nl_cb_put(w->nl_cb);
1054	dl_list_del(&w->list);
1055	os_free(w);
1056}
1057
1058
1059static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
1060{
1061	struct i802_bss *bss = priv;
1062	struct wpa_driver_nl80211_data *drv = bss->drv;
1063	if (!drv->associated)
1064		return -1;
1065	os_memcpy(bssid, drv->bssid, ETH_ALEN);
1066	return 0;
1067}
1068
1069
1070static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
1071{
1072	struct i802_bss *bss = priv;
1073	struct wpa_driver_nl80211_data *drv = bss->drv;
1074	if (!drv->associated)
1075		return -1;
1076	os_memcpy(ssid, drv->ssid, drv->ssid_len);
1077	return drv->ssid_len;
1078}
1079
1080
1081static void wpa_driver_nl80211_event_newlink(
1082	struct wpa_driver_nl80211_data *drv, char *ifname)
1083{
1084	union wpa_event_data event;
1085
1086	if (os_strcmp(drv->first_bss->ifname, ifname) == 0) {
1087		if (if_nametoindex(drv->first_bss->ifname) == 0) {
1088			wpa_printf(MSG_DEBUG, "nl80211: Interface %s does not exist - ignore RTM_NEWLINK",
1089				   drv->first_bss->ifname);
1090			return;
1091		}
1092		if (!drv->if_removed)
1093			return;
1094		wpa_printf(MSG_DEBUG, "nl80211: Mark if_removed=0 for %s based on RTM_NEWLINK event",
1095			   drv->first_bss->ifname);
1096		drv->if_removed = 0;
1097	}
1098
1099	os_memset(&event, 0, sizeof(event));
1100	os_strlcpy(event.interface_status.ifname, ifname,
1101		   sizeof(event.interface_status.ifname));
1102	event.interface_status.ievent = EVENT_INTERFACE_ADDED;
1103	wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
1104}
1105
1106
1107static void wpa_driver_nl80211_event_dellink(
1108	struct wpa_driver_nl80211_data *drv, char *ifname)
1109{
1110	union wpa_event_data event;
1111
1112	if (os_strcmp(drv->first_bss->ifname, ifname) == 0) {
1113		if (drv->if_removed) {
1114			wpa_printf(MSG_DEBUG, "nl80211: if_removed already set - ignore RTM_DELLINK event for %s",
1115				   ifname);
1116			return;
1117		}
1118		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed - mark if_removed=1",
1119			   ifname);
1120		drv->if_removed = 1;
1121	} else {
1122		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed",
1123			   ifname);
1124	}
1125
1126	os_memset(&event, 0, sizeof(event));
1127	os_strlcpy(event.interface_status.ifname, ifname,
1128		   sizeof(event.interface_status.ifname));
1129	event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
1130	wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
1131}
1132
1133
1134static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
1135					 u8 *buf, size_t len)
1136{
1137	int attrlen, rta_len;
1138	struct rtattr *attr;
1139
1140	attrlen = len;
1141	attr = (struct rtattr *) buf;
1142
1143	rta_len = RTA_ALIGN(sizeof(struct rtattr));
1144	while (RTA_OK(attr, attrlen)) {
1145		if (attr->rta_type == IFLA_IFNAME) {
1146			if (os_strcmp(((char *) attr) + rta_len,
1147				      drv->first_bss->ifname) == 0)
1148				return 1;
1149			else
1150				break;
1151		}
1152		attr = RTA_NEXT(attr, attrlen);
1153	}
1154
1155	return 0;
1156}
1157
1158
1159static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
1160					  int ifindex, u8 *buf, size_t len)
1161{
1162	if (drv->ifindex == ifindex)
1163		return 1;
1164
1165	if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
1166		wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
1167			   "interface");
1168		wpa_driver_nl80211_finish_drv_init(drv, NULL, 0);
1169		return 1;
1170	}
1171
1172	return 0;
1173}
1174
1175
1176static struct wpa_driver_nl80211_data *
1177nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len)
1178{
1179	struct wpa_driver_nl80211_data *drv;
1180	dl_list_for_each(drv, &global->interfaces,
1181			 struct wpa_driver_nl80211_data, list) {
1182		if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) ||
1183		    have_ifidx(drv, idx))
1184			return drv;
1185	}
1186	return NULL;
1187}
1188
1189
1190static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
1191						 struct ifinfomsg *ifi,
1192						 u8 *buf, size_t len)
1193{
1194	struct nl80211_global *global = ctx;
1195	struct wpa_driver_nl80211_data *drv;
1196	int attrlen;
1197	struct rtattr *attr;
1198	u32 brid = 0;
1199	char namebuf[IFNAMSIZ];
1200	char ifname[IFNAMSIZ + 1];
1201	char extra[100], *pos, *end;
1202
1203	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
1204	if (!drv) {
1205		wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_NEWLINK event for foreign ifindex %d",
1206			   ifi->ifi_index);
1207		return;
1208	}
1209
1210	extra[0] = '\0';
1211	pos = extra;
1212	end = pos + sizeof(extra);
1213	ifname[0] = '\0';
1214
1215	attrlen = len;
1216	attr = (struct rtattr *) buf;
1217	while (RTA_OK(attr, attrlen)) {
1218		switch (attr->rta_type) {
1219		case IFLA_IFNAME:
1220			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
1221				break;
1222			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
1223			ifname[RTA_PAYLOAD(attr)] = '\0';
1224			break;
1225		case IFLA_MASTER:
1226			brid = nla_get_u32((struct nlattr *) attr);
1227			pos += os_snprintf(pos, end - pos, " master=%u", brid);
1228			break;
1229		case IFLA_WIRELESS:
1230			pos += os_snprintf(pos, end - pos, " wext");
1231			break;
1232		case IFLA_OPERSTATE:
1233			pos += os_snprintf(pos, end - pos, " operstate=%u",
1234					   nla_get_u32((struct nlattr *) attr));
1235			break;
1236		case IFLA_LINKMODE:
1237			pos += os_snprintf(pos, end - pos, " linkmode=%u",
1238					   nla_get_u32((struct nlattr *) attr));
1239			break;
1240		}
1241		attr = RTA_NEXT(attr, attrlen);
1242	}
1243	extra[sizeof(extra) - 1] = '\0';
1244
1245	wpa_printf(MSG_DEBUG, "RTM_NEWLINK: ifi_index=%d ifname=%s%s ifi_flags=0x%x (%s%s%s%s)",
1246		   ifi->ifi_index, ifname, extra, ifi->ifi_flags,
1247		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
1248		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
1249		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
1250		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
1251
1252	if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
1253		if (if_indextoname(ifi->ifi_index, namebuf) &&
1254		    linux_iface_up(drv->global->ioctl_sock,
1255				   drv->first_bss->ifname) > 0) {
1256			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1257				   "event since interface %s is up", namebuf);
1258			return;
1259		}
1260		wpa_printf(MSG_DEBUG, "nl80211: Interface down");
1261		if (drv->ignore_if_down_event) {
1262			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1263				   "event generated by mode change");
1264			drv->ignore_if_down_event = 0;
1265		} else {
1266			drv->if_disabled = 1;
1267			wpa_supplicant_event(drv->ctx,
1268					     EVENT_INTERFACE_DISABLED, NULL);
1269
1270			/*
1271			 * Try to get drv again, since it may be removed as
1272			 * part of the EVENT_INTERFACE_DISABLED handling for
1273			 * dynamic interfaces
1274			 */
1275			drv = nl80211_find_drv(global, ifi->ifi_index,
1276					       buf, len);
1277			if (!drv)
1278				return;
1279		}
1280	}
1281
1282	if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
1283		if (if_indextoname(ifi->ifi_index, namebuf) &&
1284		    linux_iface_up(drv->global->ioctl_sock,
1285				   drv->first_bss->ifname) == 0) {
1286			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1287				   "event since interface %s is down",
1288				   namebuf);
1289		} else if (if_nametoindex(drv->first_bss->ifname) == 0) {
1290			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1291				   "event since interface %s does not exist",
1292				   drv->first_bss->ifname);
1293		} else if (drv->if_removed) {
1294			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1295				   "event since interface %s is marked "
1296				   "removed", drv->first_bss->ifname);
1297		} else {
1298			wpa_printf(MSG_DEBUG, "nl80211: Interface up");
1299			drv->if_disabled = 0;
1300			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
1301					     NULL);
1302		}
1303	}
1304
1305	/*
1306	 * Some drivers send the association event before the operup event--in
1307	 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
1308	 * fails. This will hit us when wpa_supplicant does not need to do
1309	 * IEEE 802.1X authentication
1310	 */
1311	if (drv->operstate == 1 &&
1312	    (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
1313	    !(ifi->ifi_flags & IFF_RUNNING)) {
1314		wpa_printf(MSG_DEBUG, "nl80211: Set IF_OPER_UP again based on ifi_flags and expected operstate");
1315		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
1316				       -1, IF_OPER_UP);
1317	}
1318
1319	if (ifname[0])
1320		wpa_driver_nl80211_event_newlink(drv, ifname);
1321
1322	if (ifi->ifi_family == AF_BRIDGE && brid) {
1323		/* device has been added to bridge */
1324		if_indextoname(brid, namebuf);
1325		wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
1326			   brid, namebuf);
1327		add_ifidx(drv, brid);
1328	}
1329}
1330
1331
1332static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
1333						 struct ifinfomsg *ifi,
1334						 u8 *buf, size_t len)
1335{
1336	struct nl80211_global *global = ctx;
1337	struct wpa_driver_nl80211_data *drv;
1338	int attrlen;
1339	struct rtattr *attr;
1340	u32 brid = 0;
1341	char ifname[IFNAMSIZ + 1];
1342
1343	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
1344	if (!drv) {
1345		wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_DELLINK event for foreign ifindex %d",
1346			   ifi->ifi_index);
1347		return;
1348	}
1349
1350	ifname[0] = '\0';
1351
1352	attrlen = len;
1353	attr = (struct rtattr *) buf;
1354	while (RTA_OK(attr, attrlen)) {
1355		switch (attr->rta_type) {
1356		case IFLA_IFNAME:
1357			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
1358				break;
1359			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
1360			ifname[RTA_PAYLOAD(attr)] = '\0';
1361			break;
1362		case IFLA_MASTER:
1363			brid = nla_get_u32((struct nlattr *) attr);
1364			break;
1365		}
1366		attr = RTA_NEXT(attr, attrlen);
1367	}
1368
1369	if (ifname[0])
1370		wpa_driver_nl80211_event_dellink(drv, ifname);
1371
1372	if (ifi->ifi_family == AF_BRIDGE && brid) {
1373		/* device has been removed from bridge */
1374		char namebuf[IFNAMSIZ];
1375		if_indextoname(brid, namebuf);
1376		wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
1377			   "%s", brid, namebuf);
1378		del_ifidx(drv, brid);
1379	}
1380}
1381
1382
1383static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
1384			    const u8 *frame, size_t len)
1385{
1386	const struct ieee80211_mgmt *mgmt;
1387	union wpa_event_data event;
1388
1389	wpa_printf(MSG_DEBUG, "nl80211: Authenticate event");
1390	mgmt = (const struct ieee80211_mgmt *) frame;
1391	if (len < 24 + sizeof(mgmt->u.auth)) {
1392		wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1393			   "frame");
1394		return;
1395	}
1396
1397	os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
1398	os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
1399	os_memset(&event, 0, sizeof(event));
1400	os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
1401	event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
1402	event.auth.auth_transaction =
1403		le_to_host16(mgmt->u.auth.auth_transaction);
1404	event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
1405	if (len > 24 + sizeof(mgmt->u.auth)) {
1406		event.auth.ies = mgmt->u.auth.variable;
1407		event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
1408	}
1409
1410	wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
1411}
1412
1413
1414static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
1415{
1416	struct nl_msg *msg;
1417	int ret;
1418	struct nl80211_bss_info_arg arg;
1419
1420	os_memset(&arg, 0, sizeof(arg));
1421	msg = nlmsg_alloc();
1422	if (!msg)
1423		goto nla_put_failure;
1424
1425	nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1426	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1427
1428	arg.drv = drv;
1429	ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
1430	msg = NULL;
1431	if (ret == 0) {
1432		unsigned int freq = drv->nlmode == NL80211_IFTYPE_ADHOC ?
1433			arg.ibss_freq : arg.assoc_freq;
1434		wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
1435			   "associated BSS from scan results: %u MHz", freq);
1436		if (freq)
1437			drv->assoc_freq = freq;
1438		return drv->assoc_freq;
1439	}
1440	wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1441		   "(%s)", ret, strerror(-ret));
1442nla_put_failure:
1443	nlmsg_free(msg);
1444	return drv->assoc_freq;
1445}
1446
1447
1448static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
1449			    const u8 *frame, size_t len)
1450{
1451	const struct ieee80211_mgmt *mgmt;
1452	union wpa_event_data event;
1453	u16 status;
1454
1455	wpa_printf(MSG_DEBUG, "nl80211: Associate event");
1456	mgmt = (const struct ieee80211_mgmt *) frame;
1457	if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
1458		wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1459			   "frame");
1460		return;
1461	}
1462
1463	status = le_to_host16(mgmt->u.assoc_resp.status_code);
1464	if (status != WLAN_STATUS_SUCCESS) {
1465		os_memset(&event, 0, sizeof(event));
1466		event.assoc_reject.bssid = mgmt->bssid;
1467		if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1468			event.assoc_reject.resp_ies =
1469				(u8 *) mgmt->u.assoc_resp.variable;
1470			event.assoc_reject.resp_ies_len =
1471				len - 24 - sizeof(mgmt->u.assoc_resp);
1472		}
1473		event.assoc_reject.status_code = status;
1474
1475		wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1476		return;
1477	}
1478
1479	drv->associated = 1;
1480	os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
1481	os_memcpy(drv->prev_bssid, mgmt->sa, ETH_ALEN);
1482
1483	os_memset(&event, 0, sizeof(event));
1484	if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1485		event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
1486		event.assoc_info.resp_ies_len =
1487			len - 24 - sizeof(mgmt->u.assoc_resp);
1488	}
1489
1490	event.assoc_info.freq = drv->assoc_freq;
1491
1492	wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1493}
1494
1495
1496static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
1497			       enum nl80211_commands cmd, struct nlattr *status,
1498			       struct nlattr *addr, struct nlattr *req_ie,
1499			       struct nlattr *resp_ie)
1500{
1501	union wpa_event_data event;
1502
1503	if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1504		/*
1505		 * Avoid reporting two association events that would confuse
1506		 * the core code.
1507		 */
1508		wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
1509			   "when using userspace SME", cmd);
1510		return;
1511	}
1512
1513	if (cmd == NL80211_CMD_CONNECT)
1514		wpa_printf(MSG_DEBUG, "nl80211: Connect event");
1515	else if (cmd == NL80211_CMD_ROAM)
1516		wpa_printf(MSG_DEBUG, "nl80211: Roam event");
1517
1518	os_memset(&event, 0, sizeof(event));
1519	if (cmd == NL80211_CMD_CONNECT &&
1520	    nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
1521		if (addr)
1522			event.assoc_reject.bssid = nla_data(addr);
1523		if (resp_ie) {
1524			event.assoc_reject.resp_ies = nla_data(resp_ie);
1525			event.assoc_reject.resp_ies_len = nla_len(resp_ie);
1526		}
1527		event.assoc_reject.status_code = nla_get_u16(status);
1528		wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1529		return;
1530	}
1531
1532	drv->associated = 1;
1533	if (addr) {
1534		os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
1535		os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN);
1536	}
1537
1538	if (req_ie) {
1539		event.assoc_info.req_ies = nla_data(req_ie);
1540		event.assoc_info.req_ies_len = nla_len(req_ie);
1541	}
1542	if (resp_ie) {
1543		event.assoc_info.resp_ies = nla_data(resp_ie);
1544		event.assoc_info.resp_ies_len = nla_len(resp_ie);
1545	}
1546
1547	event.assoc_info.freq = nl80211_get_assoc_freq(drv);
1548
1549	wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1550}
1551
1552
1553static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv,
1554				  struct nlattr *reason, struct nlattr *addr,
1555				  struct nlattr *by_ap)
1556{
1557	union wpa_event_data data;
1558	unsigned int locally_generated = by_ap == NULL;
1559
1560	if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1561		/*
1562		 * Avoid reporting two disassociation events that could
1563		 * confuse the core code.
1564		 */
1565		wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1566			   "event when using userspace SME");
1567		return;
1568	}
1569
1570	if (drv->ignore_next_local_disconnect) {
1571		drv->ignore_next_local_disconnect = 0;
1572		if (locally_generated) {
1573			wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1574				   "event triggered during reassociation");
1575			return;
1576		}
1577		wpa_printf(MSG_WARNING, "nl80211: Was expecting local "
1578			   "disconnect but got another disconnect "
1579			   "event first");
1580	}
1581
1582	wpa_printf(MSG_DEBUG, "nl80211: Disconnect event");
1583	nl80211_mark_disconnected(drv);
1584	os_memset(&data, 0, sizeof(data));
1585	if (reason)
1586		data.deauth_info.reason_code = nla_get_u16(reason);
1587	data.deauth_info.locally_generated = by_ap == NULL;
1588	wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, &data);
1589}
1590
1591
1592static int calculate_chan_offset(int width, int freq, int cf1, int cf2)
1593{
1594	int freq1 = 0;
1595
1596	switch (convert2width(width)) {
1597	case CHAN_WIDTH_20_NOHT:
1598	case CHAN_WIDTH_20:
1599		return 0;
1600	case CHAN_WIDTH_40:
1601		freq1 = cf1 - 10;
1602		break;
1603	case CHAN_WIDTH_80:
1604		freq1 = cf1 - 30;
1605		break;
1606	case CHAN_WIDTH_160:
1607		freq1 = cf1 - 70;
1608		break;
1609	case CHAN_WIDTH_UNKNOWN:
1610	case CHAN_WIDTH_80P80:
1611		/* FIXME: implement this */
1612		return 0;
1613	}
1614
1615	return (abs(freq - freq1) / 20) % 2 == 0 ? 1 : -1;
1616}
1617
1618
1619static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv,
1620				 struct nlattr *ifindex, struct nlattr *freq,
1621				 struct nlattr *type, struct nlattr *bw,
1622				 struct nlattr *cf1, struct nlattr *cf2)
1623{
1624	struct i802_bss *bss;
1625	union wpa_event_data data;
1626	int ht_enabled = 1;
1627	int chan_offset = 0;
1628	int ifidx;
1629
1630	wpa_printf(MSG_DEBUG, "nl80211: Channel switch event");
1631
1632	if (!freq)
1633		return;
1634
1635	ifidx = nla_get_u32(ifindex);
1636	for (bss = drv->first_bss; bss; bss = bss->next)
1637		if (bss->ifindex == ifidx)
1638			break;
1639
1640	if (bss == NULL) {
1641		wpa_printf(MSG_WARNING, "nl80211: Unknown ifindex (%d) for channel switch, ignoring",
1642			   ifidx);
1643		return;
1644	}
1645
1646	if (type) {
1647		switch (nla_get_u32(type)) {
1648		case NL80211_CHAN_NO_HT:
1649			ht_enabled = 0;
1650			break;
1651		case NL80211_CHAN_HT20:
1652			break;
1653		case NL80211_CHAN_HT40PLUS:
1654			chan_offset = 1;
1655			break;
1656		case NL80211_CHAN_HT40MINUS:
1657			chan_offset = -1;
1658			break;
1659		}
1660	} else if (bw && cf1) {
1661		/* This can happen for example with VHT80 ch switch */
1662		chan_offset = calculate_chan_offset(nla_get_u32(bw),
1663						    nla_get_u32(freq),
1664						    nla_get_u32(cf1),
1665						    cf2 ? nla_get_u32(cf2) : 0);
1666	} else {
1667		wpa_printf(MSG_WARNING, "nl80211: Unknown secondary channel information - following channel definition calculations may fail");
1668	}
1669
1670	os_memset(&data, 0, sizeof(data));
1671	data.ch_switch.freq = nla_get_u32(freq);
1672	data.ch_switch.ht_enabled = ht_enabled;
1673	data.ch_switch.ch_offset = chan_offset;
1674	if (bw)
1675		data.ch_switch.ch_width = convert2width(nla_get_u32(bw));
1676	if (cf1)
1677		data.ch_switch.cf1 = nla_get_u32(cf1);
1678	if (cf2)
1679		data.ch_switch.cf2 = nla_get_u32(cf2);
1680
1681	bss->freq = data.ch_switch.freq;
1682
1683	wpa_supplicant_event(bss->ctx, EVENT_CH_SWITCH, &data);
1684}
1685
1686
1687static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
1688			       enum nl80211_commands cmd, struct nlattr *addr)
1689{
1690	union wpa_event_data event;
1691	enum wpa_event_type ev;
1692
1693	if (nla_len(addr) != ETH_ALEN)
1694		return;
1695
1696	wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
1697		   cmd, MAC2STR((u8 *) nla_data(addr)));
1698
1699	if (cmd == NL80211_CMD_AUTHENTICATE)
1700		ev = EVENT_AUTH_TIMED_OUT;
1701	else if (cmd == NL80211_CMD_ASSOCIATE)
1702		ev = EVENT_ASSOC_TIMED_OUT;
1703	else
1704		return;
1705
1706	os_memset(&event, 0, sizeof(event));
1707	os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
1708	wpa_supplicant_event(drv->ctx, ev, &event);
1709}
1710
1711
1712static void mlme_event_mgmt(struct i802_bss *bss,
1713			    struct nlattr *freq, struct nlattr *sig,
1714			    const u8 *frame, size_t len)
1715{
1716	struct wpa_driver_nl80211_data *drv = bss->drv;
1717	const struct ieee80211_mgmt *mgmt;
1718	union wpa_event_data event;
1719	u16 fc, stype;
1720	int ssi_signal = 0;
1721	int rx_freq = 0;
1722
1723	wpa_printf(MSG_MSGDUMP, "nl80211: Frame event");
1724	mgmt = (const struct ieee80211_mgmt *) frame;
1725	if (len < 24) {
1726		wpa_printf(MSG_DEBUG, "nl80211: Too short management frame");
1727		return;
1728	}
1729
1730	fc = le_to_host16(mgmt->frame_control);
1731	stype = WLAN_FC_GET_STYPE(fc);
1732
1733	if (sig)
1734		ssi_signal = (s32) nla_get_u32(sig);
1735
1736	os_memset(&event, 0, sizeof(event));
1737	if (freq) {
1738		event.rx_mgmt.freq = nla_get_u32(freq);
1739		rx_freq = drv->last_mgmt_freq = event.rx_mgmt.freq;
1740	}
1741	wpa_printf(MSG_DEBUG,
1742		   "nl80211: RX frame sa=" MACSTR
1743		   " freq=%d ssi_signal=%d stype=%u (%s) len=%u",
1744		   MAC2STR(mgmt->sa), rx_freq, ssi_signal, stype, fc2str(fc),
1745		   (unsigned int) len);
1746	event.rx_mgmt.frame = frame;
1747	event.rx_mgmt.frame_len = len;
1748	event.rx_mgmt.ssi_signal = ssi_signal;
1749	event.rx_mgmt.drv_priv = bss;
1750	wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
1751}
1752
1753
1754static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv,
1755				      struct nlattr *cookie, const u8 *frame,
1756				      size_t len, struct nlattr *ack)
1757{
1758	union wpa_event_data event;
1759	const struct ieee80211_hdr *hdr;
1760	u16 fc;
1761
1762	wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event");
1763	if (!is_ap_interface(drv->nlmode)) {
1764		u64 cookie_val;
1765
1766		if (!cookie)
1767			return;
1768
1769		cookie_val = nla_get_u64(cookie);
1770		wpa_printf(MSG_DEBUG, "nl80211: Action TX status:"
1771			   " cookie=0%llx%s (ack=%d)",
1772			   (long long unsigned int) cookie_val,
1773			   cookie_val == drv->send_action_cookie ?
1774			   " (match)" : " (unknown)", ack != NULL);
1775		if (cookie_val != drv->send_action_cookie)
1776			return;
1777	}
1778
1779	hdr = (const struct ieee80211_hdr *) frame;
1780	fc = le_to_host16(hdr->frame_control);
1781
1782	os_memset(&event, 0, sizeof(event));
1783	event.tx_status.type = WLAN_FC_GET_TYPE(fc);
1784	event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
1785	event.tx_status.dst = hdr->addr1;
1786	event.tx_status.data = frame;
1787	event.tx_status.data_len = len;
1788	event.tx_status.ack = ack != NULL;
1789	wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
1790}
1791
1792
1793static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
1794				       enum wpa_event_type type,
1795				       const u8 *frame, size_t len)
1796{
1797	const struct ieee80211_mgmt *mgmt;
1798	union wpa_event_data event;
1799	const u8 *bssid = NULL;
1800	u16 reason_code = 0;
1801
1802	if (type == EVENT_DEAUTH)
1803		wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event");
1804	else
1805		wpa_printf(MSG_DEBUG, "nl80211: Disassociate event");
1806
1807	mgmt = (const struct ieee80211_mgmt *) frame;
1808	if (len >= 24) {
1809		bssid = mgmt->bssid;
1810
1811		if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) &&
1812		    !drv->associated &&
1813		    os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0 &&
1814		    os_memcmp(bssid, drv->auth_attempt_bssid, ETH_ALEN) != 0 &&
1815		    os_memcmp(bssid, drv->prev_bssid, ETH_ALEN) == 0) {
1816			/*
1817			 * Avoid issues with some roaming cases where
1818			 * disconnection event for the old AP may show up after
1819			 * we have started connection with the new AP.
1820			 */
1821			wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth/disassoc event from old AP " MACSTR " when already authenticating with " MACSTR,
1822				   MAC2STR(bssid),
1823				   MAC2STR(drv->auth_attempt_bssid));
1824			return;
1825		}
1826
1827		if (drv->associated != 0 &&
1828		    os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
1829		    os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
1830			/*
1831			 * We have presumably received this deauth as a
1832			 * response to a clear_state_mismatch() outgoing
1833			 * deauth.  Don't let it take us offline!
1834			 */
1835			wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
1836				   "from Unknown BSSID " MACSTR " -- ignoring",
1837				   MAC2STR(bssid));
1838			return;
1839		}
1840	}
1841
1842	nl80211_mark_disconnected(drv);
1843	os_memset(&event, 0, sizeof(event));
1844
1845	/* Note: Same offset for Reason Code in both frame subtypes */
1846	if (len >= 24 + sizeof(mgmt->u.deauth))
1847		reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1848
1849	if (type == EVENT_DISASSOC) {
1850		event.disassoc_info.locally_generated =
1851			!os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN);
1852		event.disassoc_info.addr = bssid;
1853		event.disassoc_info.reason_code = reason_code;
1854		if (frame + len > mgmt->u.disassoc.variable) {
1855			event.disassoc_info.ie = mgmt->u.disassoc.variable;
1856			event.disassoc_info.ie_len = frame + len -
1857				mgmt->u.disassoc.variable;
1858		}
1859	} else {
1860		if (drv->ignore_deauth_event) {
1861			wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event due to previous forced deauth-during-auth");
1862			drv->ignore_deauth_event = 0;
1863			return;
1864		}
1865		event.deauth_info.locally_generated =
1866			!os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN);
1867		if (drv->ignore_next_local_deauth) {
1868			drv->ignore_next_local_deauth = 0;
1869			if (event.deauth_info.locally_generated) {
1870				wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event triggered due to own deauth request");
1871				return;
1872			}
1873			wpa_printf(MSG_WARNING, "nl80211: Was expecting local deauth but got another disconnect event first");
1874		}
1875		event.deauth_info.addr = bssid;
1876		event.deauth_info.reason_code = reason_code;
1877		if (frame + len > mgmt->u.deauth.variable) {
1878			event.deauth_info.ie = mgmt->u.deauth.variable;
1879			event.deauth_info.ie_len = frame + len -
1880				mgmt->u.deauth.variable;
1881		}
1882	}
1883
1884	wpa_supplicant_event(drv->ctx, type, &event);
1885}
1886
1887
1888static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv,
1889					 enum wpa_event_type type,
1890					 const u8 *frame, size_t len)
1891{
1892	const struct ieee80211_mgmt *mgmt;
1893	union wpa_event_data event;
1894	u16 reason_code = 0;
1895
1896	if (type == EVENT_UNPROT_DEAUTH)
1897		wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event");
1898	else
1899		wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event");
1900
1901	if (len < 24)
1902		return;
1903
1904	mgmt = (const struct ieee80211_mgmt *) frame;
1905
1906	os_memset(&event, 0, sizeof(event));
1907	/* Note: Same offset for Reason Code in both frame subtypes */
1908	if (len >= 24 + sizeof(mgmt->u.deauth))
1909		reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1910
1911	if (type == EVENT_UNPROT_DISASSOC) {
1912		event.unprot_disassoc.sa = mgmt->sa;
1913		event.unprot_disassoc.da = mgmt->da;
1914		event.unprot_disassoc.reason_code = reason_code;
1915	} else {
1916		event.unprot_deauth.sa = mgmt->sa;
1917		event.unprot_deauth.da = mgmt->da;
1918		event.unprot_deauth.reason_code = reason_code;
1919	}
1920
1921	wpa_supplicant_event(drv->ctx, type, &event);
1922}
1923
1924
1925static void mlme_event(struct i802_bss *bss,
1926		       enum nl80211_commands cmd, struct nlattr *frame,
1927		       struct nlattr *addr, struct nlattr *timed_out,
1928		       struct nlattr *freq, struct nlattr *ack,
1929		       struct nlattr *cookie, struct nlattr *sig)
1930{
1931	struct wpa_driver_nl80211_data *drv = bss->drv;
1932	const u8 *data;
1933	size_t len;
1934
1935	if (timed_out && addr) {
1936		mlme_timeout_event(drv, cmd, addr);
1937		return;
1938	}
1939
1940	if (frame == NULL) {
1941		wpa_printf(MSG_DEBUG,
1942			   "nl80211: MLME event %d (%s) without frame data",
1943			   cmd, nl80211_command_to_string(cmd));
1944		return;
1945	}
1946
1947	data = nla_data(frame);
1948	len = nla_len(frame);
1949	if (len < 4 + 2 * ETH_ALEN) {
1950		wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s("
1951			   MACSTR ") - too short",
1952			   cmd, nl80211_command_to_string(cmd), bss->ifname,
1953			   MAC2STR(bss->addr));
1954		return;
1955	}
1956	wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" MACSTR
1957		   ") A1=" MACSTR " A2=" MACSTR, cmd,
1958		   nl80211_command_to_string(cmd), bss->ifname,
1959		   MAC2STR(bss->addr), MAC2STR(data + 4),
1960		   MAC2STR(data + 4 + ETH_ALEN));
1961	if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) &&
1962	    os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 &&
1963	    os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) {
1964		wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event "
1965			   "for foreign address", bss->ifname);
1966		return;
1967	}
1968	wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
1969		    nla_data(frame), nla_len(frame));
1970
1971	switch (cmd) {
1972	case NL80211_CMD_AUTHENTICATE:
1973		mlme_event_auth(drv, nla_data(frame), nla_len(frame));
1974		break;
1975	case NL80211_CMD_ASSOCIATE:
1976		mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
1977		break;
1978	case NL80211_CMD_DEAUTHENTICATE:
1979		mlme_event_deauth_disassoc(drv, EVENT_DEAUTH,
1980					   nla_data(frame), nla_len(frame));
1981		break;
1982	case NL80211_CMD_DISASSOCIATE:
1983		mlme_event_deauth_disassoc(drv, EVENT_DISASSOC,
1984					   nla_data(frame), nla_len(frame));
1985		break;
1986	case NL80211_CMD_FRAME:
1987		mlme_event_mgmt(bss, freq, sig, nla_data(frame),
1988				nla_len(frame));
1989		break;
1990	case NL80211_CMD_FRAME_TX_STATUS:
1991		mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame),
1992					  nla_len(frame), ack);
1993		break;
1994	case NL80211_CMD_UNPROT_DEAUTHENTICATE:
1995		mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH,
1996					     nla_data(frame), nla_len(frame));
1997		break;
1998	case NL80211_CMD_UNPROT_DISASSOCIATE:
1999		mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC,
2000					     nla_data(frame), nla_len(frame));
2001		break;
2002	default:
2003		break;
2004	}
2005}
2006
2007
2008static void mlme_event_michael_mic_failure(struct i802_bss *bss,
2009					   struct nlattr *tb[])
2010{
2011	union wpa_event_data data;
2012
2013	wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
2014	os_memset(&data, 0, sizeof(data));
2015	if (tb[NL80211_ATTR_MAC]) {
2016		wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
2017			    nla_data(tb[NL80211_ATTR_MAC]),
2018			    nla_len(tb[NL80211_ATTR_MAC]));
2019		data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
2020	}
2021	if (tb[NL80211_ATTR_KEY_SEQ]) {
2022		wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
2023			    nla_data(tb[NL80211_ATTR_KEY_SEQ]),
2024			    nla_len(tb[NL80211_ATTR_KEY_SEQ]));
2025	}
2026	if (tb[NL80211_ATTR_KEY_TYPE]) {
2027		enum nl80211_key_type key_type =
2028			nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
2029		wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
2030		if (key_type == NL80211_KEYTYPE_PAIRWISE)
2031			data.michael_mic_failure.unicast = 1;
2032	} else
2033		data.michael_mic_failure.unicast = 1;
2034
2035	if (tb[NL80211_ATTR_KEY_IDX]) {
2036		u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
2037		wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
2038	}
2039
2040	wpa_supplicant_event(bss->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
2041}
2042
2043
2044static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
2045				 struct nlattr *tb[])
2046{
2047	unsigned int freq;
2048
2049	if (tb[NL80211_ATTR_MAC] == NULL) {
2050		wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
2051			   "event");
2052		return;
2053	}
2054	os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2055
2056	drv->associated = 1;
2057	wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
2058		   MAC2STR(drv->bssid));
2059
2060	freq = nl80211_get_assoc_freq(drv);
2061	if (freq) {
2062		wpa_printf(MSG_DEBUG, "nl80211: IBSS on frequency %u MHz",
2063			   freq);
2064		drv->first_bss->freq = freq;
2065	}
2066
2067	wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
2068}
2069
2070
2071static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
2072					 int cancel_event, struct nlattr *tb[])
2073{
2074	unsigned int freq, chan_type, duration;
2075	union wpa_event_data data;
2076	u64 cookie;
2077
2078	if (tb[NL80211_ATTR_WIPHY_FREQ])
2079		freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
2080	else
2081		freq = 0;
2082
2083	if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
2084		chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2085	else
2086		chan_type = 0;
2087
2088	if (tb[NL80211_ATTR_DURATION])
2089		duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
2090	else
2091		duration = 0;
2092
2093	if (tb[NL80211_ATTR_COOKIE])
2094		cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
2095	else
2096		cookie = 0;
2097
2098	wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
2099		   "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
2100		   cancel_event, freq, chan_type, duration,
2101		   (long long unsigned int) cookie,
2102		   cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
2103
2104	if (cookie != drv->remain_on_chan_cookie)
2105		return; /* not for us */
2106
2107	if (cancel_event)
2108		drv->pending_remain_on_chan = 0;
2109
2110	os_memset(&data, 0, sizeof(data));
2111	data.remain_on_channel.freq = freq;
2112	data.remain_on_channel.duration = duration;
2113	wpa_supplicant_event(drv->ctx, cancel_event ?
2114			     EVENT_CANCEL_REMAIN_ON_CHANNEL :
2115			     EVENT_REMAIN_ON_CHANNEL, &data);
2116}
2117
2118
2119static void mlme_event_ft_event(struct wpa_driver_nl80211_data *drv,
2120				struct nlattr *tb[])
2121{
2122	union wpa_event_data data;
2123
2124	os_memset(&data, 0, sizeof(data));
2125
2126	if (tb[NL80211_ATTR_IE]) {
2127		data.ft_ies.ies = nla_data(tb[NL80211_ATTR_IE]);
2128		data.ft_ies.ies_len = nla_len(tb[NL80211_ATTR_IE]);
2129	}
2130
2131	if (tb[NL80211_ATTR_IE_RIC]) {
2132		data.ft_ies.ric_ies = nla_data(tb[NL80211_ATTR_IE_RIC]);
2133		data.ft_ies.ric_ies_len = nla_len(tb[NL80211_ATTR_IE_RIC]);
2134	}
2135
2136	if (tb[NL80211_ATTR_MAC])
2137		os_memcpy(data.ft_ies.target_ap,
2138			  nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2139
2140	wpa_printf(MSG_DEBUG, "nl80211: FT event target_ap " MACSTR,
2141		   MAC2STR(data.ft_ies.target_ap));
2142
2143	wpa_supplicant_event(drv->ctx, EVENT_FT_RESPONSE, &data);
2144}
2145
2146
2147static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
2148			    struct nlattr *tb[])
2149{
2150	union wpa_event_data event;
2151	struct nlattr *nl;
2152	int rem;
2153	struct scan_info *info;
2154#define MAX_REPORT_FREQS 50
2155	int freqs[MAX_REPORT_FREQS];
2156	int num_freqs = 0;
2157
2158	if (drv->scan_for_auth) {
2159		drv->scan_for_auth = 0;
2160		wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing "
2161			   "cfg80211 BSS entry");
2162		wpa_driver_nl80211_authenticate_retry(drv);
2163		return;
2164	}
2165
2166	os_memset(&event, 0, sizeof(event));
2167	info = &event.scan_info;
2168	info->aborted = aborted;
2169
2170	if (tb[NL80211_ATTR_SCAN_SSIDS]) {
2171		nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
2172			struct wpa_driver_scan_ssid *s =
2173				&info->ssids[info->num_ssids];
2174			s->ssid = nla_data(nl);
2175			s->ssid_len = nla_len(nl);
2176			wpa_printf(MSG_DEBUG, "nl80211: Scan probed for SSID '%s'",
2177				   wpa_ssid_txt(s->ssid, s->ssid_len));
2178			info->num_ssids++;
2179			if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
2180				break;
2181		}
2182	}
2183	if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
2184		char msg[200], *pos, *end;
2185		int res;
2186
2187		pos = msg;
2188		end = pos + sizeof(msg);
2189		*pos = '\0';
2190
2191		nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
2192		{
2193			freqs[num_freqs] = nla_get_u32(nl);
2194			res = os_snprintf(pos, end - pos, " %d",
2195					  freqs[num_freqs]);
2196			if (res > 0 && end - pos > res)
2197				pos += res;
2198			num_freqs++;
2199			if (num_freqs == MAX_REPORT_FREQS - 1)
2200				break;
2201		}
2202		info->freqs = freqs;
2203		info->num_freqs = num_freqs;
2204		wpa_printf(MSG_DEBUG, "nl80211: Scan included frequencies:%s",
2205			   msg);
2206	}
2207	wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
2208}
2209
2210
2211static int get_link_signal(struct nl_msg *msg, void *arg)
2212{
2213	struct nlattr *tb[NL80211_ATTR_MAX + 1];
2214	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2215	struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
2216	static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
2217		[NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
2218		[NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 },
2219	};
2220	struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
2221	static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
2222		[NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
2223		[NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
2224		[NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
2225		[NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
2226	};
2227	struct wpa_signal_info *sig_change = arg;
2228
2229	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2230		  genlmsg_attrlen(gnlh, 0), NULL);
2231	if (!tb[NL80211_ATTR_STA_INFO] ||
2232	    nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
2233			     tb[NL80211_ATTR_STA_INFO], policy))
2234		return NL_SKIP;
2235	if (!sinfo[NL80211_STA_INFO_SIGNAL])
2236		return NL_SKIP;
2237
2238	sig_change->current_signal =
2239		(s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
2240
2241	if (sinfo[NL80211_STA_INFO_SIGNAL_AVG])
2242		sig_change->avg_signal =
2243			(s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]);
2244	else
2245		sig_change->avg_signal = 0;
2246
2247	if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
2248		if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
2249				     sinfo[NL80211_STA_INFO_TX_BITRATE],
2250				     rate_policy)) {
2251			sig_change->current_txrate = 0;
2252		} else {
2253			if (rinfo[NL80211_RATE_INFO_BITRATE]) {
2254				sig_change->current_txrate =
2255					nla_get_u16(rinfo[
2256					     NL80211_RATE_INFO_BITRATE]) * 100;
2257			}
2258		}
2259	}
2260
2261	return NL_SKIP;
2262}
2263
2264
2265static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
2266				   struct wpa_signal_info *sig)
2267{
2268	struct nl_msg *msg;
2269
2270	sig->current_signal = -9999;
2271	sig->current_txrate = 0;
2272
2273	msg = nlmsg_alloc();
2274	if (!msg)
2275		return -ENOMEM;
2276
2277	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
2278
2279	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2280	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
2281
2282	return send_and_recv_msgs(drv, msg, get_link_signal, sig);
2283 nla_put_failure:
2284	nlmsg_free(msg);
2285	return -ENOBUFS;
2286}
2287
2288
2289static int get_link_noise(struct nl_msg *msg, void *arg)
2290{
2291	struct nlattr *tb[NL80211_ATTR_MAX + 1];
2292	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2293	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
2294	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
2295		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
2296		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
2297	};
2298	struct wpa_signal_info *sig_change = arg;
2299
2300	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2301		  genlmsg_attrlen(gnlh, 0), NULL);
2302
2303	if (!tb[NL80211_ATTR_SURVEY_INFO]) {
2304		wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
2305		return NL_SKIP;
2306	}
2307
2308	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
2309			     tb[NL80211_ATTR_SURVEY_INFO],
2310			     survey_policy)) {
2311		wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
2312			   "attributes!");
2313		return NL_SKIP;
2314	}
2315
2316	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
2317		return NL_SKIP;
2318
2319	if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
2320	    sig_change->frequency)
2321		return NL_SKIP;
2322
2323	if (!sinfo[NL80211_SURVEY_INFO_NOISE])
2324		return NL_SKIP;
2325
2326	sig_change->current_noise =
2327		(s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
2328
2329	return NL_SKIP;
2330}
2331
2332
2333static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
2334				  struct wpa_signal_info *sig_change)
2335{
2336	struct nl_msg *msg;
2337
2338	sig_change->current_noise = 9999;
2339	sig_change->frequency = drv->assoc_freq;
2340
2341	msg = nlmsg_alloc();
2342	if (!msg)
2343		return -ENOMEM;
2344
2345	nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
2346
2347	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2348
2349	return send_and_recv_msgs(drv, msg, get_link_noise, sig_change);
2350 nla_put_failure:
2351	nlmsg_free(msg);
2352	return -ENOBUFS;
2353}
2354
2355
2356static int get_noise_for_scan_results(struct nl_msg *msg, void *arg)
2357{
2358	struct nlattr *tb[NL80211_ATTR_MAX + 1];
2359	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2360	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
2361	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
2362		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
2363		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
2364	};
2365	struct wpa_scan_results *scan_results = arg;
2366	struct wpa_scan_res *scan_res;
2367	size_t i;
2368
2369	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2370		  genlmsg_attrlen(gnlh, 0), NULL);
2371
2372	if (!tb[NL80211_ATTR_SURVEY_INFO]) {
2373		wpa_printf(MSG_DEBUG, "nl80211: Survey data missing");
2374		return NL_SKIP;
2375	}
2376
2377	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
2378			     tb[NL80211_ATTR_SURVEY_INFO],
2379			     survey_policy)) {
2380		wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested "
2381			   "attributes");
2382		return NL_SKIP;
2383	}
2384
2385	if (!sinfo[NL80211_SURVEY_INFO_NOISE])
2386		return NL_SKIP;
2387
2388	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
2389		return NL_SKIP;
2390
2391	for (i = 0; i < scan_results->num; ++i) {
2392		scan_res = scan_results->res[i];
2393		if (!scan_res)
2394			continue;
2395		if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
2396		    scan_res->freq)
2397			continue;
2398		if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID))
2399			continue;
2400		scan_res->noise = (s8)
2401			nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
2402		scan_res->flags &= ~WPA_SCAN_NOISE_INVALID;
2403	}
2404
2405	return NL_SKIP;
2406}
2407
2408
2409static int nl80211_get_noise_for_scan_results(
2410	struct wpa_driver_nl80211_data *drv,
2411	struct wpa_scan_results *scan_res)
2412{
2413	struct nl_msg *msg;
2414
2415	msg = nlmsg_alloc();
2416	if (!msg)
2417		return -ENOMEM;
2418
2419	nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
2420
2421	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2422
2423	return send_and_recv_msgs(drv, msg, get_noise_for_scan_results,
2424				  scan_res);
2425 nla_put_failure:
2426	nlmsg_free(msg);
2427	return -ENOBUFS;
2428}
2429
2430
2431static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv,
2432			      struct nlattr *tb[])
2433{
2434	static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
2435		[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
2436		[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 },
2437		[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
2438		[NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 },
2439	};
2440	struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1];
2441	enum nl80211_cqm_rssi_threshold_event event;
2442	union wpa_event_data ed;
2443	struct wpa_signal_info sig;
2444	int res;
2445
2446	if (tb[NL80211_ATTR_CQM] == NULL ||
2447	    nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM],
2448			     cqm_policy)) {
2449		wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event");
2450		return;
2451	}
2452
2453	os_memset(&ed, 0, sizeof(ed));
2454
2455	if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) {
2456		if (!tb[NL80211_ATTR_MAC])
2457			return;
2458		os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]),
2459			  ETH_ALEN);
2460		wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed);
2461		return;
2462	}
2463
2464	if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL)
2465		return;
2466	event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]);
2467
2468	if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) {
2469		wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
2470			   "event: RSSI high");
2471		ed.signal_change.above_threshold = 1;
2472	} else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) {
2473		wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
2474			   "event: RSSI low");
2475		ed.signal_change.above_threshold = 0;
2476	} else
2477		return;
2478
2479	res = nl80211_get_link_signal(drv, &sig);
2480	if (res == 0) {
2481		ed.signal_change.current_signal = sig.current_signal;
2482		ed.signal_change.current_txrate = sig.current_txrate;
2483		wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm  txrate: %d",
2484			   sig.current_signal, sig.current_txrate);
2485	}
2486
2487	res = nl80211_get_link_noise(drv, &sig);
2488	if (res == 0) {
2489		ed.signal_change.current_noise = sig.current_noise;
2490		wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm",
2491			   sig.current_noise);
2492	}
2493
2494	wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed);
2495}
2496
2497
2498static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv,
2499				      struct nlattr **tb)
2500{
2501	u8 *addr;
2502	union wpa_event_data data;
2503
2504	if (tb[NL80211_ATTR_MAC] == NULL)
2505		return;
2506	addr = nla_data(tb[NL80211_ATTR_MAC]);
2507	wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr));
2508
2509	if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
2510		u8 *ies = NULL;
2511		size_t ies_len = 0;
2512		if (tb[NL80211_ATTR_IE]) {
2513			ies = nla_data(tb[NL80211_ATTR_IE]);
2514			ies_len = nla_len(tb[NL80211_ATTR_IE]);
2515		}
2516		wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len);
2517		drv_event_assoc(drv->ctx, addr, ies, ies_len, 0);
2518		return;
2519	}
2520
2521	if (drv->nlmode != NL80211_IFTYPE_ADHOC)
2522		return;
2523
2524	os_memset(&data, 0, sizeof(data));
2525	os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN);
2526	wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data);
2527}
2528
2529
2530static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv,
2531				      struct nlattr **tb)
2532{
2533	u8 *addr;
2534	union wpa_event_data data;
2535
2536	if (tb[NL80211_ATTR_MAC] == NULL)
2537		return;
2538	addr = nla_data(tb[NL80211_ATTR_MAC]);
2539	wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR,
2540		   MAC2STR(addr));
2541
2542	if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
2543		drv_event_disassoc(drv->ctx, addr);
2544		return;
2545	}
2546
2547	if (drv->nlmode != NL80211_IFTYPE_ADHOC)
2548		return;
2549
2550	os_memset(&data, 0, sizeof(data));
2551	os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN);
2552	wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data);
2553}
2554
2555
2556static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv,
2557					struct nlattr **tb)
2558{
2559	struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA];
2560	static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = {
2561		[NL80211_REKEY_DATA_KEK] = {
2562			.minlen = NL80211_KEK_LEN,
2563			.maxlen = NL80211_KEK_LEN,
2564		},
2565		[NL80211_REKEY_DATA_KCK] = {
2566			.minlen = NL80211_KCK_LEN,
2567			.maxlen = NL80211_KCK_LEN,
2568		},
2569		[NL80211_REKEY_DATA_REPLAY_CTR] = {
2570			.minlen = NL80211_REPLAY_CTR_LEN,
2571			.maxlen = NL80211_REPLAY_CTR_LEN,
2572		},
2573	};
2574	union wpa_event_data data;
2575
2576	if (!tb[NL80211_ATTR_MAC])
2577		return;
2578	if (!tb[NL80211_ATTR_REKEY_DATA])
2579		return;
2580	if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA,
2581			     tb[NL80211_ATTR_REKEY_DATA], rekey_policy))
2582		return;
2583	if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR])
2584		return;
2585
2586	os_memset(&data, 0, sizeof(data));
2587	data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]);
2588	wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR,
2589		   MAC2STR(data.driver_gtk_rekey.bssid));
2590	data.driver_gtk_rekey.replay_ctr =
2591		nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]);
2592	wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter",
2593		    data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN);
2594	wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data);
2595}
2596
2597
2598static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv,
2599					  struct nlattr **tb)
2600{
2601	struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE];
2602	static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = {
2603		[NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 },
2604		[NL80211_PMKSA_CANDIDATE_BSSID] = {
2605			.minlen = ETH_ALEN,
2606			.maxlen = ETH_ALEN,
2607		},
2608		[NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG },
2609	};
2610	union wpa_event_data data;
2611
2612	wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event");
2613
2614	if (!tb[NL80211_ATTR_PMKSA_CANDIDATE])
2615		return;
2616	if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE,
2617			     tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy))
2618		return;
2619	if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] ||
2620	    !cand[NL80211_PMKSA_CANDIDATE_BSSID])
2621		return;
2622
2623	os_memset(&data, 0, sizeof(data));
2624	os_memcpy(data.pmkid_candidate.bssid,
2625		  nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN);
2626	data.pmkid_candidate.index =
2627		nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]);
2628	data.pmkid_candidate.preauth =
2629		cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL;
2630	wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
2631}
2632
2633
2634static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv,
2635				       struct nlattr **tb)
2636{
2637	union wpa_event_data data;
2638
2639	wpa_printf(MSG_DEBUG, "nl80211: Probe client event");
2640
2641	if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK])
2642		return;
2643
2644	os_memset(&data, 0, sizeof(data));
2645	os_memcpy(data.client_poll.addr,
2646		  nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2647
2648	wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data);
2649}
2650
2651
2652static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv,
2653				    struct nlattr **tb)
2654{
2655	union wpa_event_data data;
2656
2657	wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event");
2658
2659	if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION])
2660		return;
2661
2662	os_memset(&data, 0, sizeof(data));
2663	os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2664	switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) {
2665	case NL80211_TDLS_SETUP:
2666		wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer "
2667			   MACSTR, MAC2STR(data.tdls.peer));
2668		data.tdls.oper = TDLS_REQUEST_SETUP;
2669		break;
2670	case NL80211_TDLS_TEARDOWN:
2671		wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer "
2672			   MACSTR, MAC2STR(data.tdls.peer));
2673		data.tdls.oper = TDLS_REQUEST_TEARDOWN;
2674		break;
2675	default:
2676		wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione "
2677			   "event");
2678		return;
2679	}
2680	if (tb[NL80211_ATTR_REASON_CODE]) {
2681		data.tdls.reason_code =
2682			nla_get_u16(tb[NL80211_ATTR_REASON_CODE]);
2683	}
2684
2685	wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data);
2686}
2687
2688
2689static void nl80211_stop_ap(struct wpa_driver_nl80211_data *drv,
2690			    struct nlattr **tb)
2691{
2692	wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_UNAVAILABLE, NULL);
2693}
2694
2695
2696static void nl80211_connect_failed_event(struct wpa_driver_nl80211_data *drv,
2697					 struct nlattr **tb)
2698{
2699	union wpa_event_data data;
2700	u32 reason;
2701
2702	wpa_printf(MSG_DEBUG, "nl80211: Connect failed event");
2703
2704	if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_CONN_FAILED_REASON])
2705		return;
2706
2707	os_memset(&data, 0, sizeof(data));
2708	os_memcpy(data.connect_failed_reason.addr,
2709		  nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2710
2711	reason = nla_get_u32(tb[NL80211_ATTR_CONN_FAILED_REASON]);
2712	switch (reason) {
2713	case NL80211_CONN_FAIL_MAX_CLIENTS:
2714		wpa_printf(MSG_DEBUG, "nl80211: Max client reached");
2715		data.connect_failed_reason.code = MAX_CLIENT_REACHED;
2716		break;
2717	case NL80211_CONN_FAIL_BLOCKED_CLIENT:
2718		wpa_printf(MSG_DEBUG, "nl80211: Blocked client " MACSTR
2719			   " tried to connect",
2720			   MAC2STR(data.connect_failed_reason.addr));
2721		data.connect_failed_reason.code = BLOCKED_CLIENT;
2722		break;
2723	default:
2724		wpa_printf(MSG_DEBUG, "nl8021l: Unknown connect failed reason "
2725			   "%u", reason);
2726		return;
2727	}
2728
2729	wpa_supplicant_event(drv->ctx, EVENT_CONNECT_FAILED_REASON, &data);
2730}
2731
2732
2733static void nl80211_radar_event(struct wpa_driver_nl80211_data *drv,
2734				struct nlattr **tb)
2735{
2736	union wpa_event_data data;
2737	enum nl80211_radar_event event_type;
2738
2739	if (!tb[NL80211_ATTR_WIPHY_FREQ] || !tb[NL80211_ATTR_RADAR_EVENT])
2740		return;
2741
2742	os_memset(&data, 0, sizeof(data));
2743	data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
2744	event_type = nla_get_u32(tb[NL80211_ATTR_RADAR_EVENT]);
2745
2746	/* Check HT params */
2747	if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2748		data.dfs_event.ht_enabled = 1;
2749		data.dfs_event.chan_offset = 0;
2750
2751		switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) {
2752		case NL80211_CHAN_NO_HT:
2753			data.dfs_event.ht_enabled = 0;
2754			break;
2755		case NL80211_CHAN_HT20:
2756			break;
2757		case NL80211_CHAN_HT40PLUS:
2758			data.dfs_event.chan_offset = 1;
2759			break;
2760		case NL80211_CHAN_HT40MINUS:
2761			data.dfs_event.chan_offset = -1;
2762			break;
2763		}
2764	}
2765
2766	/* Get VHT params */
2767	if (tb[NL80211_ATTR_CHANNEL_WIDTH])
2768		data.dfs_event.chan_width =
2769			convert2width(nla_get_u32(
2770					      tb[NL80211_ATTR_CHANNEL_WIDTH]));
2771	if (tb[NL80211_ATTR_CENTER_FREQ1])
2772		data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
2773	if (tb[NL80211_ATTR_CENTER_FREQ2])
2774		data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
2775
2776	wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz",
2777		   data.dfs_event.freq, data.dfs_event.ht_enabled,
2778		   data.dfs_event.chan_offset, data.dfs_event.chan_width,
2779		   data.dfs_event.cf1, data.dfs_event.cf2);
2780
2781	switch (event_type) {
2782	case NL80211_RADAR_DETECTED:
2783		wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data);
2784		break;
2785	case NL80211_RADAR_CAC_FINISHED:
2786		wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data);
2787		break;
2788	case NL80211_RADAR_CAC_ABORTED:
2789		wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data);
2790		break;
2791	case NL80211_RADAR_NOP_FINISHED:
2792		wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data);
2793		break;
2794	default:
2795		wpa_printf(MSG_DEBUG, "nl80211: Unknown radar event %d "
2796			   "received", event_type);
2797		break;
2798	}
2799}
2800
2801
2802static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb,
2803				   int wds)
2804{
2805	struct wpa_driver_nl80211_data *drv = bss->drv;
2806	union wpa_event_data event;
2807
2808	if (!tb[NL80211_ATTR_MAC])
2809		return;
2810
2811	os_memset(&event, 0, sizeof(event));
2812	event.rx_from_unknown.bssid = bss->addr;
2813	event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]);
2814	event.rx_from_unknown.wds = wds;
2815
2816	wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
2817}
2818
2819
2820static void qca_nl80211_avoid_freq(struct wpa_driver_nl80211_data *drv,
2821				   const u8 *data, size_t len)
2822{
2823	u32 i, count;
2824	union wpa_event_data event;
2825	struct wpa_freq_range *range = NULL;
2826	const struct qca_avoid_freq_list *freq_range;
2827
2828	freq_range = (const struct qca_avoid_freq_list *) data;
2829	if (len < sizeof(freq_range->count))
2830		return;
2831
2832	count = freq_range->count;
2833	if (len < sizeof(freq_range->count) +
2834	    count * sizeof(struct qca_avoid_freq_range)) {
2835		wpa_printf(MSG_DEBUG, "nl80211: Ignored too short avoid frequency list (len=%u)",
2836			   (unsigned int) len);
2837		return;
2838	}
2839
2840	if (count > 0) {
2841		range = os_calloc(count, sizeof(struct wpa_freq_range));
2842		if (range == NULL)
2843			return;
2844	}
2845
2846	os_memset(&event, 0, sizeof(event));
2847	for (i = 0; i < count; i++) {
2848		unsigned int idx = event.freq_range.num;
2849		range[idx].min = freq_range->range[i].start_freq;
2850		range[idx].max = freq_range->range[i].end_freq;
2851		wpa_printf(MSG_DEBUG, "nl80211: Avoid frequency range: %u-%u",
2852			   range[idx].min, range[idx].max);
2853		if (range[idx].min > range[idx].max) {
2854			wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid frequency range");
2855			continue;
2856		}
2857		event.freq_range.num++;
2858	}
2859	event.freq_range.range = range;
2860
2861	wpa_supplicant_event(drv->ctx, EVENT_AVOID_FREQUENCIES, &event);
2862
2863	os_free(range);
2864}
2865
2866
2867static void nl80211_vendor_event_qca(struct wpa_driver_nl80211_data *drv,
2868				     u32 subcmd, u8 *data, size_t len)
2869{
2870	switch (subcmd) {
2871	case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY:
2872		qca_nl80211_avoid_freq(drv, data, len);
2873		break;
2874	default:
2875		wpa_printf(MSG_DEBUG,
2876			   "nl80211: Ignore unsupported QCA vendor event %u",
2877			   subcmd);
2878		break;
2879	}
2880}
2881
2882
2883static void nl80211_vendor_event(struct wpa_driver_nl80211_data *drv,
2884				 struct nlattr **tb)
2885{
2886	u32 vendor_id, subcmd, wiphy = 0;
2887	int wiphy_idx;
2888	u8 *data = NULL;
2889	size_t len = 0;
2890
2891	if (!tb[NL80211_ATTR_VENDOR_ID] ||
2892	    !tb[NL80211_ATTR_VENDOR_SUBCMD])
2893		return;
2894
2895	vendor_id = nla_get_u32(tb[NL80211_ATTR_VENDOR_ID]);
2896	subcmd = nla_get_u32(tb[NL80211_ATTR_VENDOR_SUBCMD]);
2897
2898	if (tb[NL80211_ATTR_WIPHY])
2899		wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2900
2901	wpa_printf(MSG_DEBUG, "nl80211: Vendor event: wiphy=%u vendor_id=0x%x subcmd=%u",
2902		   wiphy, vendor_id, subcmd);
2903
2904	if (tb[NL80211_ATTR_VENDOR_DATA]) {
2905		data = nla_data(tb[NL80211_ATTR_VENDOR_DATA]);
2906		len = nla_len(tb[NL80211_ATTR_VENDOR_DATA]);
2907		wpa_hexdump(MSG_MSGDUMP, "nl80211: Vendor data", data, len);
2908	}
2909
2910	wiphy_idx = nl80211_get_wiphy_index(drv->first_bss);
2911	if (wiphy_idx >= 0 && wiphy_idx != (int) wiphy) {
2912		wpa_printf(MSG_DEBUG, "nl80211: Ignore vendor event for foreign wiphy %u (own: %d)",
2913			   wiphy, wiphy_idx);
2914		return;
2915	}
2916
2917	switch (vendor_id) {
2918	case OUI_QCA:
2919		nl80211_vendor_event_qca(drv, subcmd, data, len);
2920		break;
2921	default:
2922		wpa_printf(MSG_DEBUG, "nl80211: Ignore unsupported vendor event");
2923		break;
2924	}
2925}
2926
2927
2928static void nl80211_reg_change_event(struct wpa_driver_nl80211_data *drv,
2929				     struct nlattr *tb[])
2930{
2931	union wpa_event_data data;
2932	enum nl80211_reg_initiator init;
2933
2934	wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change");
2935
2936	if (tb[NL80211_ATTR_REG_INITIATOR] == NULL)
2937		return;
2938
2939	os_memset(&data, 0, sizeof(data));
2940	init = nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR]);
2941	wpa_printf(MSG_DEBUG, " * initiator=%d", init);
2942	switch (init) {
2943	case NL80211_REGDOM_SET_BY_CORE:
2944		data.channel_list_changed.initiator = REGDOM_SET_BY_CORE;
2945		break;
2946	case NL80211_REGDOM_SET_BY_USER:
2947		data.channel_list_changed.initiator = REGDOM_SET_BY_USER;
2948		break;
2949	case NL80211_REGDOM_SET_BY_DRIVER:
2950		data.channel_list_changed.initiator = REGDOM_SET_BY_DRIVER;
2951		break;
2952	case NL80211_REGDOM_SET_BY_COUNTRY_IE:
2953		data.channel_list_changed.initiator = REGDOM_SET_BY_COUNTRY_IE;
2954		break;
2955	}
2956
2957	if (tb[NL80211_ATTR_REG_TYPE]) {
2958		enum nl80211_reg_type type;
2959		type = nla_get_u8(tb[NL80211_ATTR_REG_TYPE]);
2960		wpa_printf(MSG_DEBUG, " * type=%d", type);
2961		switch (type) {
2962		case NL80211_REGDOM_TYPE_COUNTRY:
2963			data.channel_list_changed.type = REGDOM_TYPE_COUNTRY;
2964			break;
2965		case NL80211_REGDOM_TYPE_WORLD:
2966			data.channel_list_changed.type = REGDOM_TYPE_WORLD;
2967			break;
2968		case NL80211_REGDOM_TYPE_CUSTOM_WORLD:
2969			data.channel_list_changed.type =
2970				REGDOM_TYPE_CUSTOM_WORLD;
2971			break;
2972		case NL80211_REGDOM_TYPE_INTERSECTION:
2973			data.channel_list_changed.type =
2974				REGDOM_TYPE_INTERSECTION;
2975			break;
2976		}
2977	}
2978
2979	if (tb[NL80211_ATTR_REG_ALPHA2]) {
2980		os_strlcpy(data.channel_list_changed.alpha2,
2981			   nla_get_string(tb[NL80211_ATTR_REG_ALPHA2]),
2982			   sizeof(data.channel_list_changed.alpha2));
2983		wpa_printf(MSG_DEBUG, " * alpha2=%s",
2984			   data.channel_list_changed.alpha2);
2985	}
2986
2987	wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, &data);
2988}
2989
2990
2991static void do_process_drv_event(struct i802_bss *bss, int cmd,
2992				 struct nlattr **tb)
2993{
2994	struct wpa_driver_nl80211_data *drv = bss->drv;
2995	union wpa_event_data data;
2996
2997	wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s",
2998		   cmd, nl80211_command_to_string(cmd), bss->ifname);
2999
3000	if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED &&
3001	    (cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
3002	     cmd == NL80211_CMD_SCAN_ABORTED)) {
3003		wpa_driver_nl80211_set_mode(drv->first_bss,
3004					    drv->ap_scan_as_station);
3005		drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
3006	}
3007
3008	switch (cmd) {
3009	case NL80211_CMD_TRIGGER_SCAN:
3010		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan trigger");
3011		drv->scan_state = SCAN_STARTED;
3012		if (drv->scan_for_auth) {
3013			/*
3014			 * Cannot indicate EVENT_SCAN_STARTED here since we skip
3015			 * EVENT_SCAN_RESULTS in scan_for_auth case and the
3016			 * upper layer implementation could get confused about
3017			 * scanning state.
3018			 */
3019			wpa_printf(MSG_DEBUG, "nl80211: Do not indicate scan-start event due to internal scan_for_auth");
3020			break;
3021		}
3022		wpa_supplicant_event(drv->ctx, EVENT_SCAN_STARTED, NULL);
3023		break;
3024	case NL80211_CMD_START_SCHED_SCAN:
3025		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan started");
3026		drv->scan_state = SCHED_SCAN_STARTED;
3027		break;
3028	case NL80211_CMD_SCHED_SCAN_STOPPED:
3029		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan stopped");
3030		drv->scan_state = SCHED_SCAN_STOPPED;
3031		wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL);
3032		break;
3033	case NL80211_CMD_NEW_SCAN_RESULTS:
3034		wpa_dbg(drv->ctx, MSG_DEBUG,
3035			"nl80211: New scan results available");
3036		drv->scan_state = SCAN_COMPLETED;
3037		drv->scan_complete_events = 1;
3038		eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
3039				     drv->ctx);
3040		send_scan_event(drv, 0, tb);
3041		break;
3042	case NL80211_CMD_SCHED_SCAN_RESULTS:
3043		wpa_dbg(drv->ctx, MSG_DEBUG,
3044			"nl80211: New sched scan results available");
3045		drv->scan_state = SCHED_SCAN_RESULTS;
3046		send_scan_event(drv, 0, tb);
3047		break;
3048	case NL80211_CMD_SCAN_ABORTED:
3049		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted");
3050		drv->scan_state = SCAN_ABORTED;
3051		/*
3052		 * Need to indicate that scan results are available in order
3053		 * not to make wpa_supplicant stop its scanning.
3054		 */
3055		eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
3056				     drv->ctx);
3057		send_scan_event(drv, 1, tb);
3058		break;
3059	case NL80211_CMD_AUTHENTICATE:
3060	case NL80211_CMD_ASSOCIATE:
3061	case NL80211_CMD_DEAUTHENTICATE:
3062	case NL80211_CMD_DISASSOCIATE:
3063	case NL80211_CMD_FRAME_TX_STATUS:
3064	case NL80211_CMD_UNPROT_DEAUTHENTICATE:
3065	case NL80211_CMD_UNPROT_DISASSOCIATE:
3066		mlme_event(bss, cmd, tb[NL80211_ATTR_FRAME],
3067			   tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
3068			   tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
3069			   tb[NL80211_ATTR_COOKIE],
3070			   tb[NL80211_ATTR_RX_SIGNAL_DBM]);
3071		break;
3072	case NL80211_CMD_CONNECT:
3073	case NL80211_CMD_ROAM:
3074		mlme_event_connect(drv, cmd,
3075				   tb[NL80211_ATTR_STATUS_CODE],
3076				   tb[NL80211_ATTR_MAC],
3077				   tb[NL80211_ATTR_REQ_IE],
3078				   tb[NL80211_ATTR_RESP_IE]);
3079		break;
3080	case NL80211_CMD_CH_SWITCH_NOTIFY:
3081		mlme_event_ch_switch(drv,
3082				     tb[NL80211_ATTR_IFINDEX],
3083				     tb[NL80211_ATTR_WIPHY_FREQ],
3084				     tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3085				     tb[NL80211_ATTR_CHANNEL_WIDTH],
3086				     tb[NL80211_ATTR_CENTER_FREQ1],
3087				     tb[NL80211_ATTR_CENTER_FREQ2]);
3088		break;
3089	case NL80211_CMD_DISCONNECT:
3090		mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE],
3091				      tb[NL80211_ATTR_MAC],
3092				      tb[NL80211_ATTR_DISCONNECTED_BY_AP]);
3093		break;
3094	case NL80211_CMD_MICHAEL_MIC_FAILURE:
3095		mlme_event_michael_mic_failure(bss, tb);
3096		break;
3097	case NL80211_CMD_JOIN_IBSS:
3098		mlme_event_join_ibss(drv, tb);
3099		break;
3100	case NL80211_CMD_REMAIN_ON_CHANNEL:
3101		mlme_event_remain_on_channel(drv, 0, tb);
3102		break;
3103	case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
3104		mlme_event_remain_on_channel(drv, 1, tb);
3105		break;
3106	case NL80211_CMD_NOTIFY_CQM:
3107		nl80211_cqm_event(drv, tb);
3108		break;
3109	case NL80211_CMD_REG_CHANGE:
3110		nl80211_reg_change_event(drv, tb);
3111		break;
3112	case NL80211_CMD_REG_BEACON_HINT:
3113		wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
3114		os_memset(&data, 0, sizeof(data));
3115		data.channel_list_changed.initiator = REGDOM_BEACON_HINT;
3116		wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
3117				     &data);
3118		break;
3119	case NL80211_CMD_NEW_STATION:
3120		nl80211_new_station_event(drv, tb);
3121		break;
3122	case NL80211_CMD_DEL_STATION:
3123		nl80211_del_station_event(drv, tb);
3124		break;
3125	case NL80211_CMD_SET_REKEY_OFFLOAD:
3126		nl80211_rekey_offload_event(drv, tb);
3127		break;
3128	case NL80211_CMD_PMKSA_CANDIDATE:
3129		nl80211_pmksa_candidate_event(drv, tb);
3130		break;
3131	case NL80211_CMD_PROBE_CLIENT:
3132		nl80211_client_probe_event(drv, tb);
3133		break;
3134	case NL80211_CMD_TDLS_OPER:
3135		nl80211_tdls_oper_event(drv, tb);
3136		break;
3137	case NL80211_CMD_CONN_FAILED:
3138		nl80211_connect_failed_event(drv, tb);
3139		break;
3140	case NL80211_CMD_FT_EVENT:
3141		mlme_event_ft_event(drv, tb);
3142		break;
3143	case NL80211_CMD_RADAR_DETECT:
3144		nl80211_radar_event(drv, tb);
3145		break;
3146	case NL80211_CMD_STOP_AP:
3147		nl80211_stop_ap(drv, tb);
3148		break;
3149	case NL80211_CMD_VENDOR:
3150		nl80211_vendor_event(drv, tb);
3151		break;
3152	default:
3153		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event "
3154			"(cmd=%d)", cmd);
3155		break;
3156	}
3157}
3158
3159
3160static int process_drv_event(struct nl_msg *msg, void *arg)
3161{
3162	struct wpa_driver_nl80211_data *drv = arg;
3163	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3164	struct nlattr *tb[NL80211_ATTR_MAX + 1];
3165	struct i802_bss *bss;
3166	int ifidx = -1;
3167
3168	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3169		  genlmsg_attrlen(gnlh, 0), NULL);
3170
3171	if (tb[NL80211_ATTR_IFINDEX]) {
3172		ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3173
3174		for (bss = drv->first_bss; bss; bss = bss->next)
3175			if (ifidx == -1 || ifidx == bss->ifindex) {
3176				do_process_drv_event(bss, gnlh->cmd, tb);
3177				return NL_SKIP;
3178			}
3179		wpa_printf(MSG_DEBUG,
3180			   "nl80211: Ignored event (cmd=%d) for foreign interface (ifindex %d)",
3181			   gnlh->cmd, ifidx);
3182	} else if (tb[NL80211_ATTR_WDEV]) {
3183		u64 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
3184		wpa_printf(MSG_DEBUG, "nl80211: Process event on P2P device");
3185		for (bss = drv->first_bss; bss; bss = bss->next) {
3186			if (bss->wdev_id_set && wdev_id == bss->wdev_id) {
3187				do_process_drv_event(bss, gnlh->cmd, tb);
3188				return NL_SKIP;
3189			}
3190		}
3191		wpa_printf(MSG_DEBUG,
3192			   "nl80211: Ignored event (cmd=%d) for foreign interface (wdev 0x%llx)",
3193			   gnlh->cmd, (long long unsigned int) wdev_id);
3194	}
3195
3196	return NL_SKIP;
3197}
3198
3199
3200static int process_global_event(struct nl_msg *msg, void *arg)
3201{
3202	struct nl80211_global *global = arg;
3203	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3204	struct nlattr *tb[NL80211_ATTR_MAX + 1];
3205	struct wpa_driver_nl80211_data *drv, *tmp;
3206	int ifidx = -1;
3207	struct i802_bss *bss;
3208	u64 wdev_id = 0;
3209	int wdev_id_set = 0;
3210
3211	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3212		  genlmsg_attrlen(gnlh, 0), NULL);
3213
3214	if (tb[NL80211_ATTR_IFINDEX])
3215		ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3216	else if (tb[NL80211_ATTR_WDEV]) {
3217		wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
3218		wdev_id_set = 1;
3219	}
3220
3221	dl_list_for_each_safe(drv, tmp, &global->interfaces,
3222			      struct wpa_driver_nl80211_data, list) {
3223		for (bss = drv->first_bss; bss; bss = bss->next) {
3224			if ((ifidx == -1 && !wdev_id_set) ||
3225			    ifidx == bss->ifindex ||
3226			    (wdev_id_set && bss->wdev_id_set &&
3227			     wdev_id == bss->wdev_id)) {
3228				do_process_drv_event(bss, gnlh->cmd, tb);
3229				return NL_SKIP;
3230			}
3231		}
3232	}
3233
3234	return NL_SKIP;
3235}
3236
3237
3238static int process_bss_event(struct nl_msg *msg, void *arg)
3239{
3240	struct i802_bss *bss = arg;
3241	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3242	struct nlattr *tb[NL80211_ATTR_MAX + 1];
3243
3244	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3245		  genlmsg_attrlen(gnlh, 0), NULL);
3246
3247	wpa_printf(MSG_DEBUG, "nl80211: BSS Event %d (%s) received for %s",
3248		   gnlh->cmd, nl80211_command_to_string(gnlh->cmd),
3249		   bss->ifname);
3250
3251	switch (gnlh->cmd) {
3252	case NL80211_CMD_FRAME:
3253	case NL80211_CMD_FRAME_TX_STATUS:
3254		mlme_event(bss, gnlh->cmd, tb[NL80211_ATTR_FRAME],
3255			   tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
3256			   tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
3257			   tb[NL80211_ATTR_COOKIE],
3258			   tb[NL80211_ATTR_RX_SIGNAL_DBM]);
3259		break;
3260	case NL80211_CMD_UNEXPECTED_FRAME:
3261		nl80211_spurious_frame(bss, tb, 0);
3262		break;
3263	case NL80211_CMD_UNEXPECTED_4ADDR_FRAME:
3264		nl80211_spurious_frame(bss, tb, 1);
3265		break;
3266	default:
3267		wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
3268			   "(cmd=%d)", gnlh->cmd);
3269		break;
3270	}
3271
3272	return NL_SKIP;
3273}
3274
3275
3276static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
3277					     void *handle)
3278{
3279	struct nl_cb *cb = eloop_ctx;
3280	int res;
3281
3282	wpa_printf(MSG_MSGDUMP, "nl80211: Event message available");
3283
3284	res = nl_recvmsgs(handle, cb);
3285	if (res < 0) {
3286		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
3287			   __func__, res);
3288	}
3289}
3290
3291
3292/**
3293 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
3294 * @priv: driver_nl80211 private data
3295 * @alpha2_arg: country to which to switch to
3296 * Returns: 0 on success, -1 on failure
3297 *
3298 * This asks nl80211 to set the regulatory domain for given
3299 * country ISO / IEC alpha2.
3300 */
3301static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
3302{
3303	struct i802_bss *bss = priv;
3304	struct wpa_driver_nl80211_data *drv = bss->drv;
3305	char alpha2[3];
3306	struct nl_msg *msg;
3307
3308	msg = nlmsg_alloc();
3309	if (!msg)
3310		return -ENOMEM;
3311
3312	alpha2[0] = alpha2_arg[0];
3313	alpha2[1] = alpha2_arg[1];
3314	alpha2[2] = '\0';
3315
3316	nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG);
3317
3318	NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
3319	if (send_and_recv_msgs(drv, msg, NULL, NULL))
3320		return -EINVAL;
3321	return 0;
3322nla_put_failure:
3323	nlmsg_free(msg);
3324	return -EINVAL;
3325}
3326
3327
3328static int nl80211_get_country(struct nl_msg *msg, void *arg)
3329{
3330	char *alpha2 = arg;
3331	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
3332	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3333
3334	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3335		  genlmsg_attrlen(gnlh, 0), NULL);
3336	if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) {
3337		wpa_printf(MSG_DEBUG, "nl80211: No country information available");
3338		return NL_SKIP;
3339	}
3340	os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3);
3341	return NL_SKIP;
3342}
3343
3344
3345static int wpa_driver_nl80211_get_country(void *priv, char *alpha2)
3346{
3347	struct i802_bss *bss = priv;
3348	struct wpa_driver_nl80211_data *drv = bss->drv;
3349	struct nl_msg *msg;
3350	int ret;
3351
3352	msg = nlmsg_alloc();
3353	if (!msg)
3354		return -ENOMEM;
3355
3356	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG);
3357	alpha2[0] = '\0';
3358	ret = send_and_recv_msgs(drv, msg, nl80211_get_country, alpha2);
3359	if (!alpha2[0])
3360		ret = -1;
3361
3362	return ret;
3363}
3364
3365
3366static int protocol_feature_handler(struct nl_msg *msg, void *arg)
3367{
3368	u32 *feat = arg;
3369	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
3370	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3371
3372	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3373		  genlmsg_attrlen(gnlh, 0), NULL);
3374
3375	if (tb_msg[NL80211_ATTR_PROTOCOL_FEATURES])
3376		*feat = nla_get_u32(tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]);
3377
3378	return NL_SKIP;
3379}
3380
3381
3382static u32 get_nl80211_protocol_features(struct wpa_driver_nl80211_data *drv)
3383{
3384	u32 feat = 0;
3385	struct nl_msg *msg;
3386
3387	msg = nlmsg_alloc();
3388	if (!msg)
3389		goto nla_put_failure;
3390
3391	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_PROTOCOL_FEATURES);
3392	if (send_and_recv_msgs(drv, msg, protocol_feature_handler, &feat) == 0)
3393		return feat;
3394
3395	msg = NULL;
3396nla_put_failure:
3397	nlmsg_free(msg);
3398	return 0;
3399}
3400
3401
3402struct wiphy_info_data {
3403	struct wpa_driver_nl80211_data *drv;
3404	struct wpa_driver_capa *capa;
3405
3406	unsigned int num_multichan_concurrent;
3407
3408	unsigned int error:1;
3409	unsigned int device_ap_sme:1;
3410	unsigned int poll_command_supported:1;
3411	unsigned int data_tx_status:1;
3412	unsigned int monitor_supported:1;
3413	unsigned int auth_supported:1;
3414	unsigned int connect_supported:1;
3415	unsigned int p2p_go_supported:1;
3416	unsigned int p2p_client_supported:1;
3417	unsigned int p2p_concurrent:1;
3418	unsigned int channel_switch_supported:1;
3419	unsigned int set_qos_map_supported:1;
3420	unsigned int have_low_prio_scan:1;
3421};
3422
3423
3424static unsigned int probe_resp_offload_support(int supp_protocols)
3425{
3426	unsigned int prot = 0;
3427
3428	if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS)
3429		prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS;
3430	if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2)
3431		prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2;
3432	if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P)
3433		prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P;
3434	if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U)
3435		prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING;
3436
3437	return prot;
3438}
3439
3440
3441static void wiphy_info_supported_iftypes(struct wiphy_info_data *info,
3442					 struct nlattr *tb)
3443{
3444	struct nlattr *nl_mode;
3445	int i;
3446
3447	if (tb == NULL)
3448		return;
3449
3450	nla_for_each_nested(nl_mode, tb, i) {
3451		switch (nla_type(nl_mode)) {
3452		case NL80211_IFTYPE_AP:
3453			info->capa->flags |= WPA_DRIVER_FLAGS_AP;
3454			break;
3455		case NL80211_IFTYPE_ADHOC:
3456			info->capa->flags |= WPA_DRIVER_FLAGS_IBSS;
3457			break;
3458		case NL80211_IFTYPE_P2P_DEVICE:
3459			info->capa->flags |=
3460				WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE;
3461			break;
3462		case NL80211_IFTYPE_P2P_GO:
3463			info->p2p_go_supported = 1;
3464			break;
3465		case NL80211_IFTYPE_P2P_CLIENT:
3466			info->p2p_client_supported = 1;
3467			break;
3468		case NL80211_IFTYPE_MONITOR:
3469			info->monitor_supported = 1;
3470			break;
3471		}
3472	}
3473}
3474
3475
3476static int wiphy_info_iface_comb_process(struct wiphy_info_data *info,
3477					 struct nlattr *nl_combi)
3478{
3479	struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB];
3480	struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT];
3481	struct nlattr *nl_limit, *nl_mode;
3482	int err, rem_limit, rem_mode;
3483	int combination_has_p2p = 0, combination_has_mgd = 0;
3484	static struct nla_policy
3485	iface_combination_policy[NUM_NL80211_IFACE_COMB] = {
3486		[NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED },
3487		[NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 },
3488		[NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG },
3489		[NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 },
3490		[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS] = { .type = NLA_U32 },
3491	},
3492	iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = {
3493		[NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED },
3494		[NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 },
3495	};
3496
3497	err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB,
3498			       nl_combi, iface_combination_policy);
3499	if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] ||
3500	    !tb_comb[NL80211_IFACE_COMB_MAXNUM] ||
3501	    !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS])
3502		return 0; /* broken combination */
3503
3504	if (tb_comb[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS])
3505		info->capa->flags |= WPA_DRIVER_FLAGS_RADAR;
3506
3507	nla_for_each_nested(nl_limit, tb_comb[NL80211_IFACE_COMB_LIMITS],
3508			    rem_limit) {
3509		err = nla_parse_nested(tb_limit, MAX_NL80211_IFACE_LIMIT,
3510				       nl_limit, iface_limit_policy);
3511		if (err || !tb_limit[NL80211_IFACE_LIMIT_TYPES])
3512			return 0; /* broken combination */
3513
3514		nla_for_each_nested(nl_mode,
3515				    tb_limit[NL80211_IFACE_LIMIT_TYPES],
3516				    rem_mode) {
3517			int ift = nla_type(nl_mode);
3518			if (ift == NL80211_IFTYPE_P2P_GO ||
3519			    ift == NL80211_IFTYPE_P2P_CLIENT)
3520				combination_has_p2p = 1;
3521			if (ift == NL80211_IFTYPE_STATION)
3522				combination_has_mgd = 1;
3523		}
3524		if (combination_has_p2p && combination_has_mgd)
3525			break;
3526	}
3527
3528	if (combination_has_p2p && combination_has_mgd) {
3529		unsigned int num_channels =
3530			nla_get_u32(tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]);
3531
3532		info->p2p_concurrent = 1;
3533		if (info->num_multichan_concurrent < num_channels)
3534			info->num_multichan_concurrent = num_channels;
3535	}
3536
3537	return 0;
3538}
3539
3540
3541static void wiphy_info_iface_comb(struct wiphy_info_data *info,
3542				  struct nlattr *tb)
3543{
3544	struct nlattr *nl_combi;
3545	int rem_combi;
3546
3547	if (tb == NULL)
3548		return;
3549
3550	nla_for_each_nested(nl_combi, tb, rem_combi) {
3551		if (wiphy_info_iface_comb_process(info, nl_combi) > 0)
3552			break;
3553	}
3554}
3555
3556
3557static void wiphy_info_supp_cmds(struct wiphy_info_data *info,
3558				 struct nlattr *tb)
3559{
3560	struct nlattr *nl_cmd;
3561	int i;
3562
3563	if (tb == NULL)
3564		return;
3565
3566	nla_for_each_nested(nl_cmd, tb, i) {
3567		switch (nla_get_u32(nl_cmd)) {
3568		case NL80211_CMD_AUTHENTICATE:
3569			info->auth_supported = 1;
3570			break;
3571		case NL80211_CMD_CONNECT:
3572			info->connect_supported = 1;
3573			break;
3574		case NL80211_CMD_START_SCHED_SCAN:
3575			info->capa->sched_scan_supported = 1;
3576			break;
3577		case NL80211_CMD_PROBE_CLIENT:
3578			info->poll_command_supported = 1;
3579			break;
3580		case NL80211_CMD_CHANNEL_SWITCH:
3581			info->channel_switch_supported = 1;
3582			break;
3583		case NL80211_CMD_SET_QOS_MAP:
3584			info->set_qos_map_supported = 1;
3585			break;
3586		}
3587	}
3588}
3589
3590
3591static void wiphy_info_cipher_suites(struct wiphy_info_data *info,
3592				     struct nlattr *tb)
3593{
3594	int i, num;
3595	u32 *ciphers;
3596
3597	if (tb == NULL)
3598		return;
3599
3600	num = nla_len(tb) / sizeof(u32);
3601	ciphers = nla_data(tb);
3602	for (i = 0; i < num; i++) {
3603		u32 c = ciphers[i];
3604
3605		wpa_printf(MSG_DEBUG, "nl80211: Supported cipher %02x-%02x-%02x:%d",
3606			   c >> 24, (c >> 16) & 0xff,
3607			   (c >> 8) & 0xff, c & 0xff);
3608		switch (c) {
3609		case WLAN_CIPHER_SUITE_CCMP_256:
3610			info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP_256;
3611			break;
3612		case WLAN_CIPHER_SUITE_GCMP_256:
3613			info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP_256;
3614			break;
3615		case WLAN_CIPHER_SUITE_CCMP:
3616			info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP;
3617			break;
3618		case WLAN_CIPHER_SUITE_GCMP:
3619			info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP;
3620			break;
3621		case WLAN_CIPHER_SUITE_TKIP:
3622			info->capa->enc |= WPA_DRIVER_CAPA_ENC_TKIP;
3623			break;
3624		case WLAN_CIPHER_SUITE_WEP104:
3625			info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP104;
3626			break;
3627		case WLAN_CIPHER_SUITE_WEP40:
3628			info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP40;
3629			break;
3630		case WLAN_CIPHER_SUITE_AES_CMAC:
3631			info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP;
3632			break;
3633		case WLAN_CIPHER_SUITE_BIP_GMAC_128:
3634			info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_128;
3635			break;
3636		case WLAN_CIPHER_SUITE_BIP_GMAC_256:
3637			info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_256;
3638			break;
3639		case WLAN_CIPHER_SUITE_BIP_CMAC_256:
3640			info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_CMAC_256;
3641			break;
3642		case WLAN_CIPHER_SUITE_NO_GROUP_ADDR:
3643			info->capa->enc |= WPA_DRIVER_CAPA_ENC_GTK_NOT_USED;
3644			break;
3645		}
3646	}
3647}
3648
3649
3650static void wiphy_info_max_roc(struct wpa_driver_capa *capa,
3651			       struct nlattr *tb)
3652{
3653	if (tb)
3654		capa->max_remain_on_chan = nla_get_u32(tb);
3655}
3656
3657
3658static void wiphy_info_tdls(struct wpa_driver_capa *capa, struct nlattr *tdls,
3659			    struct nlattr *ext_setup)
3660{
3661	if (tdls == NULL)
3662		return;
3663
3664	wpa_printf(MSG_DEBUG, "nl80211: TDLS supported");
3665	capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT;
3666
3667	if (ext_setup) {
3668		wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup");
3669		capa->flags |= WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP;
3670	}
3671}
3672
3673
3674static void wiphy_info_feature_flags(struct wiphy_info_data *info,
3675				     struct nlattr *tb)
3676{
3677	u32 flags;
3678	struct wpa_driver_capa *capa = info->capa;
3679
3680	if (tb == NULL)
3681		return;
3682
3683	flags = nla_get_u32(tb);
3684
3685	if (flags & NL80211_FEATURE_SK_TX_STATUS)
3686		info->data_tx_status = 1;
3687
3688	if (flags & NL80211_FEATURE_INACTIVITY_TIMER)
3689		capa->flags |= WPA_DRIVER_FLAGS_INACTIVITY_TIMER;
3690
3691	if (flags & NL80211_FEATURE_SAE)
3692		capa->flags |= WPA_DRIVER_FLAGS_SAE;
3693
3694	if (flags & NL80211_FEATURE_NEED_OBSS_SCAN)
3695		capa->flags |= WPA_DRIVER_FLAGS_OBSS_SCAN;
3696
3697	if (flags & NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)
3698		capa->flags |= WPA_DRIVER_FLAGS_HT_2040_COEX;
3699
3700	if (flags & NL80211_FEATURE_LOW_PRIORITY_SCAN)
3701		info->have_low_prio_scan = 1;
3702}
3703
3704
3705static void wiphy_info_probe_resp_offload(struct wpa_driver_capa *capa,
3706					  struct nlattr *tb)
3707{
3708	u32 protocols;
3709
3710	if (tb == NULL)
3711		return;
3712
3713	protocols = nla_get_u32(tb);
3714	wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response offload in AP "
3715		   "mode");
3716	capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD;
3717	capa->probe_resp_offloads = probe_resp_offload_support(protocols);
3718}
3719
3720
3721static void wiphy_info_wowlan_triggers(struct wpa_driver_capa *capa,
3722				       struct nlattr *tb)
3723{
3724	struct nlattr *triggers[MAX_NL80211_WOWLAN_TRIG + 1];
3725
3726	if (tb == NULL)
3727		return;
3728
3729	if (nla_parse_nested(triggers, MAX_NL80211_WOWLAN_TRIG,
3730			     tb, NULL))
3731		return;
3732
3733	if (triggers[NL80211_WOWLAN_TRIG_ANY])
3734		capa->wowlan_triggers.any = 1;
3735	if (triggers[NL80211_WOWLAN_TRIG_DISCONNECT])
3736		capa->wowlan_triggers.disconnect = 1;
3737	if (triggers[NL80211_WOWLAN_TRIG_MAGIC_PKT])
3738		capa->wowlan_triggers.magic_pkt = 1;
3739	if (triggers[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE])
3740		capa->wowlan_triggers.gtk_rekey_failure = 1;
3741	if (triggers[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST])
3742		capa->wowlan_triggers.eap_identity_req = 1;
3743	if (triggers[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE])
3744		capa->wowlan_triggers.four_way_handshake = 1;
3745	if (triggers[NL80211_WOWLAN_TRIG_RFKILL_RELEASE])
3746		capa->wowlan_triggers.rfkill_release = 1;
3747}
3748
3749
3750static int wiphy_info_handler(struct nl_msg *msg, void *arg)
3751{
3752	struct nlattr *tb[NL80211_ATTR_MAX + 1];
3753	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3754	struct wiphy_info_data *info = arg;
3755	struct wpa_driver_capa *capa = info->capa;
3756	struct wpa_driver_nl80211_data *drv = info->drv;
3757
3758	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3759		  genlmsg_attrlen(gnlh, 0), NULL);
3760
3761	if (tb[NL80211_ATTR_WIPHY_NAME])
3762		os_strlcpy(drv->phyname,
3763			   nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]),
3764			   sizeof(drv->phyname));
3765	if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
3766		capa->max_scan_ssids =
3767			nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
3768
3769	if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS])
3770		capa->max_sched_scan_ssids =
3771			nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]);
3772
3773	if (tb[NL80211_ATTR_MAX_MATCH_SETS])
3774		capa->max_match_sets =
3775			nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]);
3776
3777	if (tb[NL80211_ATTR_MAC_ACL_MAX])
3778		capa->max_acl_mac_addrs =
3779			nla_get_u8(tb[NL80211_ATTR_MAC_ACL_MAX]);
3780
3781	wiphy_info_supported_iftypes(info, tb[NL80211_ATTR_SUPPORTED_IFTYPES]);
3782	wiphy_info_iface_comb(info, tb[NL80211_ATTR_INTERFACE_COMBINATIONS]);
3783	wiphy_info_supp_cmds(info, tb[NL80211_ATTR_SUPPORTED_COMMANDS]);
3784	wiphy_info_cipher_suites(info, tb[NL80211_ATTR_CIPHER_SUITES]);
3785
3786	if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) {
3787		wpa_printf(MSG_DEBUG, "nl80211: Using driver-based "
3788			   "off-channel TX");
3789		capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
3790	}
3791
3792	if (tb[NL80211_ATTR_ROAM_SUPPORT]) {
3793		wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming");
3794		capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION;
3795	}
3796
3797	wiphy_info_max_roc(capa,
3798			   tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]);
3799
3800	if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD])
3801		capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD;
3802
3803	wiphy_info_tdls(capa, tb[NL80211_ATTR_TDLS_SUPPORT],
3804			tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]);
3805
3806	if (tb[NL80211_ATTR_DEVICE_AP_SME])
3807		info->device_ap_sme = 1;
3808
3809	wiphy_info_feature_flags(info, tb[NL80211_ATTR_FEATURE_FLAGS]);
3810	wiphy_info_probe_resp_offload(capa,
3811				      tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]);
3812
3813	if (tb[NL80211_ATTR_EXT_CAPA] && tb[NL80211_ATTR_EXT_CAPA_MASK] &&
3814	    drv->extended_capa == NULL) {
3815		drv->extended_capa =
3816			os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3817		if (drv->extended_capa) {
3818			os_memcpy(drv->extended_capa,
3819				  nla_data(tb[NL80211_ATTR_EXT_CAPA]),
3820				  nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3821			drv->extended_capa_len =
3822				nla_len(tb[NL80211_ATTR_EXT_CAPA]);
3823		}
3824		drv->extended_capa_mask =
3825			os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3826		if (drv->extended_capa_mask) {
3827			os_memcpy(drv->extended_capa_mask,
3828				  nla_data(tb[NL80211_ATTR_EXT_CAPA]),
3829				  nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3830		} else {
3831			os_free(drv->extended_capa);
3832			drv->extended_capa = NULL;
3833			drv->extended_capa_len = 0;
3834		}
3835	}
3836
3837	if (tb[NL80211_ATTR_VENDOR_DATA]) {
3838		struct nlattr *nl;
3839		int rem;
3840
3841		nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_DATA], rem) {
3842			struct nl80211_vendor_cmd_info *vinfo;
3843			if (nla_len(nl) != sizeof(*vinfo)) {
3844				wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info");
3845				continue;
3846			}
3847			vinfo = nla_data(nl);
3848			if (vinfo->subcmd ==
3849			    QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY)
3850				drv->dfs_vendor_cmd_avail = 1;
3851
3852			wpa_printf(MSG_DEBUG, "nl80211: Supported vendor command: vendor_id=0x%x subcmd=%u",
3853				   vinfo->vendor_id, vinfo->subcmd);
3854		}
3855	}
3856
3857	if (tb[NL80211_ATTR_VENDOR_EVENTS]) {
3858		struct nlattr *nl;
3859		int rem;
3860
3861		nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_EVENTS], rem) {
3862			struct nl80211_vendor_cmd_info *vinfo;
3863			if (nla_len(nl) != sizeof(*vinfo)) {
3864				wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info");
3865				continue;
3866			}
3867			vinfo = nla_data(nl);
3868			wpa_printf(MSG_DEBUG, "nl80211: Supported vendor event: vendor_id=0x%x subcmd=%u",
3869				   vinfo->vendor_id, vinfo->subcmd);
3870		}
3871	}
3872
3873	wiphy_info_wowlan_triggers(capa,
3874				   tb[NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED]);
3875
3876	if (tb[NL80211_ATTR_MAX_AP_ASSOC_STA])
3877		capa->max_stations =
3878			nla_get_u32(tb[NL80211_ATTR_MAX_AP_ASSOC_STA]);
3879
3880	return NL_SKIP;
3881}
3882
3883
3884static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
3885				       struct wiphy_info_data *info)
3886{
3887	u32 feat;
3888	struct nl_msg *msg;
3889
3890	os_memset(info, 0, sizeof(*info));
3891	info->capa = &drv->capa;
3892	info->drv = drv;
3893
3894	msg = nlmsg_alloc();
3895	if (!msg)
3896		return -1;
3897
3898	feat = get_nl80211_protocol_features(drv);
3899	if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP)
3900		nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY);
3901	else
3902		nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
3903
3904	NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP);
3905	if (nl80211_set_iface_id(msg, drv->first_bss) < 0)
3906		goto nla_put_failure;
3907
3908	if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info))
3909		return -1;
3910
3911	if (info->auth_supported)
3912		drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
3913	else if (!info->connect_supported) {
3914		wpa_printf(MSG_INFO, "nl80211: Driver does not support "
3915			   "authentication/association or connect commands");
3916		info->error = 1;
3917	}
3918
3919	if (info->p2p_go_supported && info->p2p_client_supported)
3920		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE;
3921	if (info->p2p_concurrent) {
3922		wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
3923			   "interface (driver advertised support)");
3924		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
3925		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
3926	}
3927	if (info->num_multichan_concurrent > 1) {
3928		wpa_printf(MSG_DEBUG, "nl80211: Enable multi-channel "
3929			   "concurrent (driver advertised support)");
3930		drv->capa.num_multichan_concurrent =
3931			info->num_multichan_concurrent;
3932	}
3933
3934	/* default to 5000 since early versions of mac80211 don't set it */
3935	if (!drv->capa.max_remain_on_chan)
3936		drv->capa.max_remain_on_chan = 5000;
3937
3938	if (info->channel_switch_supported)
3939		drv->capa.flags |= WPA_DRIVER_FLAGS_AP_CSA;
3940
3941	return 0;
3942nla_put_failure:
3943	nlmsg_free(msg);
3944	return -1;
3945}
3946
3947
3948static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
3949{
3950	struct wiphy_info_data info;
3951	if (wpa_driver_nl80211_get_info(drv, &info))
3952		return -1;
3953
3954	if (info.error)
3955		return -1;
3956
3957	drv->has_capability = 1;
3958	drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
3959		WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
3960		WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
3961		WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
3962	drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
3963		WPA_DRIVER_AUTH_SHARED |
3964		WPA_DRIVER_AUTH_LEAP;
3965
3966	drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES;
3967	drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
3968	drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
3969
3970	/*
3971	 * As all cfg80211 drivers must support cases where the AP interface is
3972	 * removed without the knowledge of wpa_supplicant/hostapd, e.g., in
3973	 * case that the user space daemon has crashed, they must be able to
3974	 * cleanup all stations and key entries in the AP tear down flow. Thus,
3975	 * this flag can/should always be set for cfg80211 drivers.
3976	 */
3977	drv->capa.flags |= WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT;
3978
3979	if (!info.device_ap_sme) {
3980		drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS;
3981
3982		/*
3983		 * No AP SME is currently assumed to also indicate no AP MLME
3984		 * in the driver/firmware.
3985		 */
3986		drv->capa.flags |= WPA_DRIVER_FLAGS_AP_MLME;
3987	}
3988
3989	drv->device_ap_sme = info.device_ap_sme;
3990	drv->poll_command_supported = info.poll_command_supported;
3991	drv->data_tx_status = info.data_tx_status;
3992	if (info.set_qos_map_supported)
3993		drv->capa.flags |= WPA_DRIVER_FLAGS_QOS_MAPPING;
3994	drv->have_low_prio_scan = info.have_low_prio_scan;
3995
3996	/*
3997	 * If poll command and tx status are supported, mac80211 is new enough
3998	 * to have everything we need to not need monitor interfaces.
3999	 */
4000	drv->use_monitor = !info.poll_command_supported || !info.data_tx_status;
4001
4002	if (drv->device_ap_sme && drv->use_monitor) {
4003		/*
4004		 * Non-mac80211 drivers may not support monitor interface.
4005		 * Make sure we do not get stuck with incorrect capability here
4006		 * by explicitly testing this.
4007		 */
4008		if (!info.monitor_supported) {
4009			wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor "
4010				   "with device_ap_sme since no monitor mode "
4011				   "support detected");
4012			drv->use_monitor = 0;
4013		}
4014	}
4015
4016	/*
4017	 * If we aren't going to use monitor interfaces, but the
4018	 * driver doesn't support data TX status, we won't get TX
4019	 * status for EAPOL frames.
4020	 */
4021	if (!drv->use_monitor && !info.data_tx_status)
4022		drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
4023
4024	return 0;
4025}
4026
4027
4028#ifdef ANDROID
4029static int android_genl_ctrl_resolve(struct nl_handle *handle,
4030				     const char *name)
4031{
4032	/*
4033	 * Android ICS has very minimal genl_ctrl_resolve() implementation, so
4034	 * need to work around that.
4035	 */
4036	struct nl_cache *cache = NULL;
4037	struct genl_family *nl80211 = NULL;
4038	int id = -1;
4039
4040	if (genl_ctrl_alloc_cache(handle, &cache) < 0) {
4041		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
4042			   "netlink cache");
4043		goto fail;
4044	}
4045
4046	nl80211 = genl_ctrl_search_by_name(cache, name);
4047	if (nl80211 == NULL)
4048		goto fail;
4049
4050	id = genl_family_get_id(nl80211);
4051
4052fail:
4053	if (nl80211)
4054		genl_family_put(nl80211);
4055	if (cache)
4056		nl_cache_free(cache);
4057
4058	return id;
4059}
4060#define genl_ctrl_resolve android_genl_ctrl_resolve
4061#endif /* ANDROID */
4062
4063
4064static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
4065{
4066	int ret;
4067
4068	global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
4069	if (global->nl_cb == NULL) {
4070		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
4071			   "callbacks");
4072		return -1;
4073	}
4074
4075	global->nl = nl_create_handle(global->nl_cb, "nl");
4076	if (global->nl == NULL)
4077		goto err;
4078
4079	global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211");
4080	if (global->nl80211_id < 0) {
4081		wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
4082			   "found");
4083		goto err;
4084	}
4085
4086	global->nl_event = nl_create_handle(global->nl_cb, "event");
4087	if (global->nl_event == NULL)
4088		goto err;
4089
4090	ret = nl_get_multicast_id(global, "nl80211", "scan");
4091	if (ret >= 0)
4092		ret = nl_socket_add_membership(global->nl_event, ret);
4093	if (ret < 0) {
4094		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
4095			   "membership for scan events: %d (%s)",
4096			   ret, strerror(-ret));
4097		goto err;
4098	}
4099
4100	ret = nl_get_multicast_id(global, "nl80211", "mlme");
4101	if (ret >= 0)
4102		ret = nl_socket_add_membership(global->nl_event, ret);
4103	if (ret < 0) {
4104		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
4105			   "membership for mlme events: %d (%s)",
4106			   ret, strerror(-ret));
4107		goto err;
4108	}
4109
4110	ret = nl_get_multicast_id(global, "nl80211", "regulatory");
4111	if (ret >= 0)
4112		ret = nl_socket_add_membership(global->nl_event, ret);
4113	if (ret < 0) {
4114		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
4115			   "membership for regulatory events: %d (%s)",
4116			   ret, strerror(-ret));
4117		/* Continue without regulatory events */
4118	}
4119
4120	ret = nl_get_multicast_id(global, "nl80211", "vendor");
4121	if (ret >= 0)
4122		ret = nl_socket_add_membership(global->nl_event, ret);
4123	if (ret < 0) {
4124		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
4125			   "membership for vendor events: %d (%s)",
4126			   ret, strerror(-ret));
4127		/* Continue without vendor events */
4128	}
4129
4130	nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
4131		  no_seq_check, NULL);
4132	nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
4133		  process_global_event, global);
4134
4135	nl80211_register_eloop_read(&global->nl_event,
4136				    wpa_driver_nl80211_event_receive,
4137				    global->nl_cb);
4138
4139	return 0;
4140
4141err:
4142	nl_destroy_handles(&global->nl_event);
4143	nl_destroy_handles(&global->nl);
4144	nl_cb_put(global->nl_cb);
4145	global->nl_cb = NULL;
4146	return -1;
4147}
4148
4149
4150static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
4151{
4152	drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
4153	if (!drv->nl_cb) {
4154		wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct");
4155		return -1;
4156	}
4157
4158	nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
4159		  no_seq_check, NULL);
4160	nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
4161		  process_drv_event, drv);
4162
4163	return 0;
4164}
4165
4166
4167static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
4168{
4169	wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
4170	/*
4171	 * This may be for any interface; use ifdown event to disable
4172	 * interface.
4173	 */
4174}
4175
4176
4177static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
4178{
4179	struct wpa_driver_nl80211_data *drv = ctx;
4180	wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
4181	if (i802_set_iface_flags(drv->first_bss, 1)) {
4182		wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
4183			   "after rfkill unblock");
4184		return;
4185	}
4186	/* rtnetlink ifup handler will report interface as enabled */
4187}
4188
4189
4190static void wpa_driver_nl80211_handle_eapol_tx_status(int sock,
4191						      void *eloop_ctx,
4192						      void *handle)
4193{
4194	struct wpa_driver_nl80211_data *drv = eloop_ctx;
4195	u8 data[2048];
4196	struct msghdr msg;
4197	struct iovec entry;
4198	u8 control[512];
4199	struct cmsghdr *cmsg;
4200	int res, found_ee = 0, found_wifi = 0, acked = 0;
4201	union wpa_event_data event;
4202
4203	memset(&msg, 0, sizeof(msg));
4204	msg.msg_iov = &entry;
4205	msg.msg_iovlen = 1;
4206	entry.iov_base = data;
4207	entry.iov_len = sizeof(data);
4208	msg.msg_control = &control;
4209	msg.msg_controllen = sizeof(control);
4210
4211	res = recvmsg(sock, &msg, MSG_ERRQUEUE);
4212	/* if error or not fitting 802.3 header, return */
4213	if (res < 14)
4214		return;
4215
4216	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
4217	{
4218		if (cmsg->cmsg_level == SOL_SOCKET &&
4219		    cmsg->cmsg_type == SCM_WIFI_STATUS) {
4220			int *ack;
4221
4222			found_wifi = 1;
4223			ack = (void *)CMSG_DATA(cmsg);
4224			acked = *ack;
4225		}
4226
4227		if (cmsg->cmsg_level == SOL_PACKET &&
4228		    cmsg->cmsg_type == PACKET_TX_TIMESTAMP) {
4229			struct sock_extended_err *err =
4230				(struct sock_extended_err *)CMSG_DATA(cmsg);
4231
4232			if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS)
4233				found_ee = 1;
4234		}
4235	}
4236
4237	if (!found_ee || !found_wifi)
4238		return;
4239
4240	memset(&event, 0, sizeof(event));
4241	event.eapol_tx_status.dst = data;
4242	event.eapol_tx_status.data = data + 14;
4243	event.eapol_tx_status.data_len = res - 14;
4244	event.eapol_tx_status.ack = acked;
4245	wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event);
4246}
4247
4248
4249static int nl80211_init_bss(struct i802_bss *bss)
4250{
4251	bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
4252	if (!bss->nl_cb)
4253		return -1;
4254
4255	nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
4256		  no_seq_check, NULL);
4257	nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
4258		  process_bss_event, bss);
4259
4260	return 0;
4261}
4262
4263
4264static void nl80211_destroy_bss(struct i802_bss *bss)
4265{
4266	nl_cb_put(bss->nl_cb);
4267	bss->nl_cb = NULL;
4268}
4269
4270
4271static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname,
4272					  void *global_priv, int hostapd,
4273					  const u8 *set_addr)
4274{
4275	struct wpa_driver_nl80211_data *drv;
4276	struct rfkill_config *rcfg;
4277	struct i802_bss *bss;
4278
4279	if (global_priv == NULL)
4280		return NULL;
4281	drv = os_zalloc(sizeof(*drv));
4282	if (drv == NULL)
4283		return NULL;
4284	drv->global = global_priv;
4285	drv->ctx = ctx;
4286	drv->hostapd = !!hostapd;
4287	drv->eapol_sock = -1;
4288	drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
4289	drv->if_indices = drv->default_if_indices;
4290
4291	drv->first_bss = os_zalloc(sizeof(*drv->first_bss));
4292	if (!drv->first_bss) {
4293		os_free(drv);
4294		return NULL;
4295	}
4296	bss = drv->first_bss;
4297	bss->drv = drv;
4298	bss->ctx = ctx;
4299
4300	os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
4301	drv->monitor_ifidx = -1;
4302	drv->monitor_sock = -1;
4303	drv->eapol_tx_sock = -1;
4304	drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
4305
4306	if (wpa_driver_nl80211_init_nl(drv)) {
4307		os_free(drv);
4308		return NULL;
4309	}
4310
4311	if (nl80211_init_bss(bss))
4312		goto failed;
4313
4314	rcfg = os_zalloc(sizeof(*rcfg));
4315	if (rcfg == NULL)
4316		goto failed;
4317	rcfg->ctx = drv;
4318	os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
4319	rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
4320	rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
4321	drv->rfkill = rfkill_init(rcfg);
4322	if (drv->rfkill == NULL) {
4323		wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
4324		os_free(rcfg);
4325	}
4326
4327	if (linux_iface_up(drv->global->ioctl_sock, ifname) > 0)
4328		drv->start_iface_up = 1;
4329
4330	if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1))
4331		goto failed;
4332
4333	drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
4334	if (drv->eapol_tx_sock < 0)
4335		goto failed;
4336
4337	if (drv->data_tx_status) {
4338		int enabled = 1;
4339
4340		if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS,
4341			       &enabled, sizeof(enabled)) < 0) {
4342			wpa_printf(MSG_DEBUG,
4343				"nl80211: wifi status sockopt failed\n");
4344			drv->data_tx_status = 0;
4345			if (!drv->use_monitor)
4346				drv->capa.flags &=
4347					~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
4348		} else {
4349			eloop_register_read_sock(drv->eapol_tx_sock,
4350				wpa_driver_nl80211_handle_eapol_tx_status,
4351				drv, NULL);
4352		}
4353	}
4354
4355	if (drv->global) {
4356		dl_list_add(&drv->global->interfaces, &drv->list);
4357		drv->in_interface_list = 1;
4358	}
4359
4360	return bss;
4361
4362failed:
4363	wpa_driver_nl80211_deinit(bss);
4364	return NULL;
4365}
4366
4367
4368/**
4369 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
4370 * @ctx: context to be used when calling wpa_supplicant functions,
4371 * e.g., wpa_supplicant_event()
4372 * @ifname: interface name, e.g., wlan0
4373 * @global_priv: private driver global data from global_init()
4374 * Returns: Pointer to private data, %NULL on failure
4375 */
4376static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
4377				      void *global_priv)
4378{
4379	return wpa_driver_nl80211_drv_init(ctx, ifname, global_priv, 0, NULL);
4380}
4381
4382
4383static int nl80211_register_frame(struct i802_bss *bss,
4384				  struct nl_handle *nl_handle,
4385				  u16 type, const u8 *match, size_t match_len)
4386{
4387	struct wpa_driver_nl80211_data *drv = bss->drv;
4388	struct nl_msg *msg;
4389	int ret = -1;
4390	char buf[30];
4391
4392	msg = nlmsg_alloc();
4393	if (!msg)
4394		return -1;
4395
4396	buf[0] = '\0';
4397	wpa_snprintf_hex(buf, sizeof(buf), match, match_len);
4398	wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x (%s) nl_handle=%p match=%s",
4399		   type, fc2str(type), nl_handle, buf);
4400
4401	nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION);
4402
4403	if (nl80211_set_iface_id(msg, bss) < 0)
4404		goto nla_put_failure;
4405
4406	NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type);
4407	NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match);
4408
4409	ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL);
4410	msg = NULL;
4411	if (ret) {
4412		wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
4413			   "failed (type=%u): ret=%d (%s)",
4414			   type, ret, strerror(-ret));
4415		wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
4416			    match, match_len);
4417		goto nla_put_failure;
4418	}
4419	ret = 0;
4420nla_put_failure:
4421	nlmsg_free(msg);
4422	return ret;
4423}
4424
4425
4426static int nl80211_alloc_mgmt_handle(struct i802_bss *bss)
4427{
4428	struct wpa_driver_nl80211_data *drv = bss->drv;
4429
4430	if (bss->nl_mgmt) {
4431		wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting "
4432			   "already on! (nl_mgmt=%p)", bss->nl_mgmt);
4433		return -1;
4434	}
4435
4436	bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt");
4437	if (bss->nl_mgmt == NULL)
4438		return -1;
4439
4440	return 0;
4441}
4442
4443
4444static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss)
4445{
4446	nl80211_register_eloop_read(&bss->nl_mgmt,
4447				    wpa_driver_nl80211_event_receive,
4448				    bss->nl_cb);
4449}
4450
4451
4452static int nl80211_register_action_frame(struct i802_bss *bss,
4453					 const u8 *match, size_t match_len)
4454{
4455	u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
4456	return nl80211_register_frame(bss, bss->nl_mgmt,
4457				      type, match, match_len);
4458}
4459
4460
4461static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
4462{
4463	struct wpa_driver_nl80211_data *drv = bss->drv;
4464	int ret = 0;
4465
4466	if (nl80211_alloc_mgmt_handle(bss))
4467		return -1;
4468	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP "
4469		   "handle %p", bss->nl_mgmt);
4470
4471	if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
4472		u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4);
4473
4474		/* register for any AUTH message */
4475		nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0);
4476	}
4477
4478#ifdef CONFIG_INTERWORKING
4479	/* QoS Map Configure */
4480	if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0)
4481		ret = -1;
4482#endif /* CONFIG_INTERWORKING */
4483#if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING)
4484	/* GAS Initial Request */
4485	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0)
4486		ret = -1;
4487	/* GAS Initial Response */
4488	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0)
4489		ret = -1;
4490	/* GAS Comeback Request */
4491	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0)
4492		ret = -1;
4493	/* GAS Comeback Response */
4494	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0)
4495		ret = -1;
4496	/* Protected GAS Initial Request */
4497	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0a", 2) < 0)
4498		ret = -1;
4499	/* Protected GAS Initial Response */
4500	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0b", 2) < 0)
4501		ret = -1;
4502	/* Protected GAS Comeback Request */
4503	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0c", 2) < 0)
4504		ret = -1;
4505	/* Protected GAS Comeback Response */
4506	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0d", 2) < 0)
4507		ret = -1;
4508#endif /* CONFIG_P2P || CONFIG_INTERWORKING */
4509#ifdef CONFIG_P2P
4510	/* P2P Public Action */
4511	if (nl80211_register_action_frame(bss,
4512					  (u8 *) "\x04\x09\x50\x6f\x9a\x09",
4513					  6) < 0)
4514		ret = -1;
4515	/* P2P Action */
4516	if (nl80211_register_action_frame(bss,
4517					  (u8 *) "\x7f\x50\x6f\x9a\x09",
4518					  5) < 0)
4519		ret = -1;
4520#endif /* CONFIG_P2P */
4521#ifdef CONFIG_IEEE80211W
4522	/* SA Query Response */
4523	if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0)
4524		ret = -1;
4525#endif /* CONFIG_IEEE80211W */
4526#ifdef CONFIG_TDLS
4527	if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) {
4528		/* TDLS Discovery Response */
4529		if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) <
4530		    0)
4531			ret = -1;
4532	}
4533#endif /* CONFIG_TDLS */
4534
4535	/* FT Action frames */
4536	if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
4537		ret = -1;
4538	else
4539		drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
4540			WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
4541
4542	/* WNM - BSS Transition Management Request */
4543	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0)
4544		ret = -1;
4545	/* WNM-Sleep Mode Response */
4546	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0)
4547		ret = -1;
4548
4549#ifdef CONFIG_HS20
4550	/* WNM-Notification */
4551	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x1a", 2) < 0)
4552		return -1;
4553#endif /* CONFIG_HS20 */
4554
4555	nl80211_mgmt_handle_register_eloop(bss);
4556
4557	return ret;
4558}
4559
4560
4561static int nl80211_register_spurious_class3(struct i802_bss *bss)
4562{
4563	struct wpa_driver_nl80211_data *drv = bss->drv;
4564	struct nl_msg *msg;
4565	int ret = -1;
4566
4567	msg = nlmsg_alloc();
4568	if (!msg)
4569		return -1;
4570
4571	nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME);
4572
4573	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
4574
4575	ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL);
4576	msg = NULL;
4577	if (ret) {
4578		wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 "
4579			   "failed: ret=%d (%s)",
4580			   ret, strerror(-ret));
4581		goto nla_put_failure;
4582	}
4583	ret = 0;
4584nla_put_failure:
4585	nlmsg_free(msg);
4586	return ret;
4587}
4588
4589
4590static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss)
4591{
4592	static const int stypes[] = {
4593		WLAN_FC_STYPE_AUTH,
4594		WLAN_FC_STYPE_ASSOC_REQ,
4595		WLAN_FC_STYPE_REASSOC_REQ,
4596		WLAN_FC_STYPE_DISASSOC,
4597		WLAN_FC_STYPE_DEAUTH,
4598		WLAN_FC_STYPE_ACTION,
4599		WLAN_FC_STYPE_PROBE_REQ,
4600/* Beacon doesn't work as mac80211 doesn't currently allow
4601 * it, but it wouldn't really be the right thing anyway as
4602 * it isn't per interface ... maybe just dump the scan
4603 * results periodically for OLBC?
4604 */
4605		/* WLAN_FC_STYPE_BEACON, */
4606	};
4607	unsigned int i;
4608
4609	if (nl80211_alloc_mgmt_handle(bss))
4610		return -1;
4611	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
4612		   "handle %p", bss->nl_mgmt);
4613
4614	for (i = 0; i < ARRAY_SIZE(stypes); i++) {
4615		if (nl80211_register_frame(bss, bss->nl_mgmt,
4616					   (WLAN_FC_TYPE_MGMT << 2) |
4617					   (stypes[i] << 4),
4618					   NULL, 0) < 0) {
4619			goto out_err;
4620		}
4621	}
4622
4623	if (nl80211_register_spurious_class3(bss))
4624		goto out_err;
4625
4626	if (nl80211_get_wiphy_data_ap(bss) == NULL)
4627		goto out_err;
4628
4629	nl80211_mgmt_handle_register_eloop(bss);
4630	return 0;
4631
4632out_err:
4633	nl_destroy_handles(&bss->nl_mgmt);
4634	return -1;
4635}
4636
4637
4638static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss)
4639{
4640	if (nl80211_alloc_mgmt_handle(bss))
4641		return -1;
4642	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
4643		   "handle %p (device SME)", bss->nl_mgmt);
4644
4645	if (nl80211_register_frame(bss, bss->nl_mgmt,
4646				   (WLAN_FC_TYPE_MGMT << 2) |
4647				   (WLAN_FC_STYPE_ACTION << 4),
4648				   NULL, 0) < 0)
4649		goto out_err;
4650
4651	nl80211_mgmt_handle_register_eloop(bss);
4652	return 0;
4653
4654out_err:
4655	nl_destroy_handles(&bss->nl_mgmt);
4656	return -1;
4657}
4658
4659
4660static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason)
4661{
4662	if (bss->nl_mgmt == NULL)
4663		return;
4664	wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p "
4665		   "(%s)", bss->nl_mgmt, reason);
4666	nl80211_destroy_eloop_handle(&bss->nl_mgmt);
4667
4668	nl80211_put_wiphy_data_ap(bss);
4669}
4670
4671
4672static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
4673{
4674	wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
4675}
4676
4677
4678static void nl80211_del_p2pdev(struct i802_bss *bss)
4679{
4680	struct wpa_driver_nl80211_data *drv = bss->drv;
4681	struct nl_msg *msg;
4682	int ret;
4683
4684	msg = nlmsg_alloc();
4685	if (!msg)
4686		return;
4687
4688	nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE);
4689	NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
4690
4691	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4692	msg = NULL;
4693
4694	wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s",
4695		   bss->ifname, (long long unsigned int) bss->wdev_id,
4696		   strerror(-ret));
4697
4698nla_put_failure:
4699	nlmsg_free(msg);
4700}
4701
4702
4703static int nl80211_set_p2pdev(struct i802_bss *bss, int start)
4704{
4705	struct wpa_driver_nl80211_data *drv = bss->drv;
4706	struct nl_msg *msg;
4707	int ret = -1;
4708
4709	msg = nlmsg_alloc();
4710	if (!msg)
4711		return -1;
4712
4713	if (start)
4714		nl80211_cmd(drv, msg, 0, NL80211_CMD_START_P2P_DEVICE);
4715	else
4716		nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_P2P_DEVICE);
4717
4718	NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
4719
4720	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4721	msg = NULL;
4722
4723	wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s",
4724		   start ? "Start" : "Stop",
4725		   bss->ifname, (long long unsigned int) bss->wdev_id,
4726		   strerror(-ret));
4727
4728nla_put_failure:
4729	nlmsg_free(msg);
4730	return ret;
4731}
4732
4733
4734static int i802_set_iface_flags(struct i802_bss *bss, int up)
4735{
4736	enum nl80211_iftype nlmode;
4737
4738	nlmode = nl80211_get_ifmode(bss);
4739	if (nlmode != NL80211_IFTYPE_P2P_DEVICE) {
4740		return linux_set_iface_flags(bss->drv->global->ioctl_sock,
4741					     bss->ifname, up);
4742	}
4743
4744	/* P2P Device has start/stop which is equivalent */
4745	return nl80211_set_p2pdev(bss, up);
4746}
4747
4748
4749static int
4750wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
4751				   const u8 *set_addr, int first)
4752{
4753	struct i802_bss *bss = drv->first_bss;
4754	int send_rfkill_event = 0;
4755	enum nl80211_iftype nlmode;
4756
4757	drv->ifindex = if_nametoindex(bss->ifname);
4758	bss->ifindex = drv->ifindex;
4759	bss->wdev_id = drv->global->if_add_wdevid;
4760	bss->wdev_id_set = drv->global->if_add_wdevid_set;
4761
4762	bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex;
4763	bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set;
4764	drv->global->if_add_wdevid_set = 0;
4765
4766	if (wpa_driver_nl80211_capa(drv))
4767		return -1;
4768
4769	wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
4770		   bss->ifname, drv->phyname);
4771
4772	if (set_addr &&
4773	    (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) ||
4774	     linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
4775				set_addr)))
4776		return -1;
4777
4778	if (first && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP)
4779		drv->start_mode_ap = 1;
4780
4781	if (drv->hostapd)
4782		nlmode = NL80211_IFTYPE_AP;
4783	else if (bss->if_dynamic)
4784		nlmode = nl80211_get_ifmode(bss);
4785	else
4786		nlmode = NL80211_IFTYPE_STATION;
4787
4788	if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) {
4789		wpa_printf(MSG_ERROR, "nl80211: Could not configure driver mode");
4790		return -1;
4791	}
4792
4793	if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
4794		nl80211_get_macaddr(bss);
4795
4796	if (!rfkill_is_blocked(drv->rfkill)) {
4797		int ret = i802_set_iface_flags(bss, 1);
4798		if (ret) {
4799			wpa_printf(MSG_ERROR, "nl80211: Could not set "
4800				   "interface '%s' UP", bss->ifname);
4801			return ret;
4802		}
4803		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
4804			return ret;
4805	} else {
4806		wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
4807			   "interface '%s' due to rfkill", bss->ifname);
4808		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
4809			return 0;
4810		drv->if_disabled = 1;
4811		send_rfkill_event = 1;
4812	}
4813
4814	if (!drv->hostapd)
4815		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
4816				       1, IF_OPER_DORMANT);
4817
4818	if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
4819			       bss->addr))
4820		return -1;
4821
4822	if (send_rfkill_event) {
4823		eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
4824				       drv, drv->ctx);
4825	}
4826
4827	return 0;
4828}
4829
4830
4831static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
4832{
4833	struct nl_msg *msg;
4834
4835	msg = nlmsg_alloc();
4836	if (!msg)
4837		return -ENOMEM;
4838
4839	wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
4840		   drv->ifindex);
4841	nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON);
4842	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4843
4844	return send_and_recv_msgs(drv, msg, NULL, NULL);
4845 nla_put_failure:
4846	nlmsg_free(msg);
4847	return -ENOBUFS;
4848}
4849
4850
4851/**
4852 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
4853 * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init()
4854 *
4855 * Shut down driver interface and processing of driver events. Free
4856 * private data buffer if one was allocated in wpa_driver_nl80211_init().
4857 */
4858static void wpa_driver_nl80211_deinit(struct i802_bss *bss)
4859{
4860	struct wpa_driver_nl80211_data *drv = bss->drv;
4861
4862	bss->in_deinit = 1;
4863	if (drv->data_tx_status)
4864		eloop_unregister_read_sock(drv->eapol_tx_sock);
4865	if (drv->eapol_tx_sock >= 0)
4866		close(drv->eapol_tx_sock);
4867
4868	if (bss->nl_preq)
4869		wpa_driver_nl80211_probe_req_report(bss, 0);
4870	if (bss->added_if_into_bridge) {
4871		if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
4872				    bss->ifname) < 0)
4873			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
4874				   "interface %s from bridge %s: %s",
4875				   bss->ifname, bss->brname, strerror(errno));
4876	}
4877	if (bss->added_bridge) {
4878		if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
4879			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
4880				   "bridge %s: %s",
4881				   bss->brname, strerror(errno));
4882	}
4883
4884	nl80211_remove_monitor_interface(drv);
4885
4886	if (is_ap_interface(drv->nlmode))
4887		wpa_driver_nl80211_del_beacon(drv);
4888
4889	if (drv->eapol_sock >= 0) {
4890		eloop_unregister_read_sock(drv->eapol_sock);
4891		close(drv->eapol_sock);
4892	}
4893
4894	if (drv->if_indices != drv->default_if_indices)
4895		os_free(drv->if_indices);
4896
4897	if (drv->disabled_11b_rates)
4898		nl80211_disable_11b_rates(drv, drv->ifindex, 0);
4899
4900	netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0,
4901			       IF_OPER_UP);
4902	eloop_cancel_timeout(wpa_driver_nl80211_send_rfkill, drv, drv->ctx);
4903	rfkill_deinit(drv->rfkill);
4904
4905	eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
4906
4907	if (!drv->start_iface_up)
4908		(void) i802_set_iface_flags(bss, 0);
4909	if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) {
4910		if (!drv->hostapd || !drv->start_mode_ap)
4911			wpa_driver_nl80211_set_mode(bss,
4912						    NL80211_IFTYPE_STATION);
4913		nl80211_mgmt_unsubscribe(bss, "deinit");
4914	} else {
4915		nl80211_mgmt_unsubscribe(bss, "deinit");
4916		nl80211_del_p2pdev(bss);
4917	}
4918	nl_cb_put(drv->nl_cb);
4919
4920	nl80211_destroy_bss(drv->first_bss);
4921
4922	os_free(drv->filter_ssids);
4923
4924	os_free(drv->auth_ie);
4925
4926	if (drv->in_interface_list)
4927		dl_list_del(&drv->list);
4928
4929	os_free(drv->extended_capa);
4930	os_free(drv->extended_capa_mask);
4931	os_free(drv->first_bss);
4932	os_free(drv);
4933}
4934
4935
4936/**
4937 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
4938 * @eloop_ctx: Driver private data
4939 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
4940 *
4941 * This function can be used as registered timeout when starting a scan to
4942 * generate a scan completed event if the driver does not report this.
4943 */
4944static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
4945{
4946	struct wpa_driver_nl80211_data *drv = eloop_ctx;
4947	if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) {
4948		wpa_driver_nl80211_set_mode(drv->first_bss,
4949					    drv->ap_scan_as_station);
4950		drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
4951	}
4952	wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
4953	wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
4954}
4955
4956
4957static struct nl_msg *
4958nl80211_scan_common(struct wpa_driver_nl80211_data *drv, u8 cmd,
4959		    struct wpa_driver_scan_params *params, u64 *wdev_id)
4960{
4961	struct nl_msg *msg;
4962	size_t i;
4963	u32 scan_flags = 0;
4964
4965	msg = nlmsg_alloc();
4966	if (!msg)
4967		return NULL;
4968
4969	nl80211_cmd(drv, msg, 0, cmd);
4970
4971	if (!wdev_id)
4972		NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4973	else
4974		NLA_PUT_U64(msg, NL80211_ATTR_WDEV, *wdev_id);
4975
4976	if (params->num_ssids) {
4977		struct nlattr *ssids;
4978
4979		ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
4980		if (ssids == NULL)
4981			goto fail;
4982		for (i = 0; i < params->num_ssids; i++) {
4983			wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
4984					  params->ssids[i].ssid,
4985					  params->ssids[i].ssid_len);
4986			if (nla_put(msg, i + 1, params->ssids[i].ssid_len,
4987				    params->ssids[i].ssid) < 0)
4988				goto fail;
4989		}
4990		nla_nest_end(msg, ssids);
4991	}
4992
4993	if (params->extra_ies) {
4994		wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
4995			    params->extra_ies, params->extra_ies_len);
4996		if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len,
4997			    params->extra_ies) < 0)
4998			goto fail;
4999	}
5000
5001	if (params->freqs) {
5002		struct nlattr *freqs;
5003		freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
5004		if (freqs == NULL)
5005			goto fail;
5006		for (i = 0; params->freqs[i]; i++) {
5007			wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
5008				   "MHz", params->freqs[i]);
5009			if (nla_put_u32(msg, i + 1, params->freqs[i]) < 0)
5010				goto fail;
5011		}
5012		nla_nest_end(msg, freqs);
5013	}
5014
5015	os_free(drv->filter_ssids);
5016	drv->filter_ssids = params->filter_ssids;
5017	params->filter_ssids = NULL;
5018	drv->num_filter_ssids = params->num_filter_ssids;
5019
5020	if (params->only_new_results) {
5021		wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH");
5022		scan_flags |= NL80211_SCAN_FLAG_FLUSH;
5023	}
5024
5025	if (params->low_priority && drv->have_low_prio_scan) {
5026		wpa_printf(MSG_DEBUG,
5027			   "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY");
5028		scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY;
5029	}
5030
5031	if (scan_flags)
5032		NLA_PUT_U32(msg, NL80211_ATTR_SCAN_FLAGS, scan_flags);
5033
5034	return msg;
5035
5036fail:
5037nla_put_failure:
5038	nlmsg_free(msg);
5039	return NULL;
5040}
5041
5042
5043/**
5044 * wpa_driver_nl80211_scan - Request the driver to initiate scan
5045 * @bss: Pointer to private driver data from wpa_driver_nl80211_init()
5046 * @params: Scan parameters
5047 * Returns: 0 on success, -1 on failure
5048 */
5049static int wpa_driver_nl80211_scan(struct i802_bss *bss,
5050				   struct wpa_driver_scan_params *params)
5051{
5052	struct wpa_driver_nl80211_data *drv = bss->drv;
5053	int ret = -1, timeout;
5054	struct nl_msg *msg = NULL;
5055
5056	wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request");
5057	drv->scan_for_auth = 0;
5058
5059	msg = nl80211_scan_common(drv, NL80211_CMD_TRIGGER_SCAN, params,
5060				  bss->wdev_id_set ? &bss->wdev_id : NULL);
5061	if (!msg)
5062		return -1;
5063
5064	if (params->p2p_probe) {
5065		struct nlattr *rates;
5066
5067		wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates");
5068
5069		rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES);
5070		if (rates == NULL)
5071			goto nla_put_failure;
5072
5073		/*
5074		 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
5075		 * by masking out everything else apart from the OFDM rates 6,
5076		 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
5077		 * rates are left enabled.
5078		 */
5079		NLA_PUT(msg, NL80211_BAND_2GHZ, 8,
5080			"\x0c\x12\x18\x24\x30\x48\x60\x6c");
5081		nla_nest_end(msg, rates);
5082
5083		NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
5084	}
5085
5086	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5087	msg = NULL;
5088	if (ret) {
5089		wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
5090			   "(%s)", ret, strerror(-ret));
5091		if (drv->hostapd && is_ap_interface(drv->nlmode)) {
5092			enum nl80211_iftype old_mode = drv->nlmode;
5093
5094			/*
5095			 * mac80211 does not allow scan requests in AP mode, so
5096			 * try to do this in station mode.
5097			 */
5098			if (wpa_driver_nl80211_set_mode(
5099				    bss, NL80211_IFTYPE_STATION))
5100				goto nla_put_failure;
5101
5102			if (wpa_driver_nl80211_scan(bss, params)) {
5103				wpa_driver_nl80211_set_mode(bss, drv->nlmode);
5104				goto nla_put_failure;
5105			}
5106
5107			/* Restore AP mode when processing scan results */
5108			drv->ap_scan_as_station = old_mode;
5109			ret = 0;
5110		} else
5111			goto nla_put_failure;
5112	}
5113
5114	drv->scan_state = SCAN_REQUESTED;
5115	/* Not all drivers generate "scan completed" wireless event, so try to
5116	 * read results after a timeout. */
5117	timeout = 10;
5118	if (drv->scan_complete_events) {
5119		/*
5120		 * The driver seems to deliver events to notify when scan is
5121		 * complete, so use longer timeout to avoid race conditions
5122		 * with scanning and following association request.
5123		 */
5124		timeout = 30;
5125	}
5126	wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
5127		   "seconds", ret, timeout);
5128	eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
5129	eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
5130			       drv, drv->ctx);
5131
5132nla_put_failure:
5133	nlmsg_free(msg);
5134	return ret;
5135}
5136
5137
5138/**
5139 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan
5140 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
5141 * @params: Scan parameters
5142 * @interval: Interval between scan cycles in milliseconds
5143 * Returns: 0 on success, -1 on failure or if not supported
5144 */
5145static int wpa_driver_nl80211_sched_scan(void *priv,
5146					 struct wpa_driver_scan_params *params,
5147					 u32 interval)
5148{
5149	struct i802_bss *bss = priv;
5150	struct wpa_driver_nl80211_data *drv = bss->drv;
5151	int ret = -1;
5152	struct nl_msg *msg;
5153	size_t i;
5154
5155	wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request");
5156
5157#ifdef ANDROID
5158	if (!drv->capa.sched_scan_supported)
5159		return android_pno_start(bss, params);
5160#endif /* ANDROID */
5161
5162	msg = nl80211_scan_common(drv, NL80211_CMD_START_SCHED_SCAN, params,
5163				  bss->wdev_id_set ? &bss->wdev_id : NULL);
5164	if (!msg)
5165		goto nla_put_failure;
5166
5167	NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval);
5168
5169	if ((drv->num_filter_ssids &&
5170	    (int) drv->num_filter_ssids <= drv->capa.max_match_sets) ||
5171	    params->filter_rssi) {
5172		struct nlattr *match_sets;
5173		match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
5174		if (match_sets == NULL)
5175			goto nla_put_failure;
5176
5177		for (i = 0; i < drv->num_filter_ssids; i++) {
5178			struct nlattr *match_set_ssid;
5179			wpa_hexdump_ascii(MSG_MSGDUMP,
5180					  "nl80211: Sched scan filter SSID",
5181					  drv->filter_ssids[i].ssid,
5182					  drv->filter_ssids[i].ssid_len);
5183
5184			match_set_ssid = nla_nest_start(msg, i + 1);
5185			if (match_set_ssid == NULL)
5186				goto nla_put_failure;
5187			NLA_PUT(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID,
5188				drv->filter_ssids[i].ssid_len,
5189				drv->filter_ssids[i].ssid);
5190			if (params->filter_rssi)
5191				NLA_PUT_U32(msg,
5192					    NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
5193					    params->filter_rssi);
5194
5195			nla_nest_end(msg, match_set_ssid);
5196		}
5197
5198		/*
5199		 * Due to backward compatibility code, newer kernels treat this
5200		 * matchset (with only an RSSI filter) as the default for all
5201		 * other matchsets, unless it's the only one, in which case the
5202		 * matchset will actually allow all SSIDs above the RSSI.
5203		 */
5204		if (params->filter_rssi) {
5205			struct nlattr *match_set_rssi;
5206			match_set_rssi = nla_nest_start(msg, 0);
5207			if (match_set_rssi == NULL)
5208				goto nla_put_failure;
5209			NLA_PUT_U32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
5210				    params->filter_rssi);
5211			wpa_printf(MSG_MSGDUMP,
5212				   "nl80211: Sched scan RSSI filter %d dBm",
5213				   params->filter_rssi);
5214			nla_nest_end(msg, match_set_rssi);
5215		}
5216
5217		nla_nest_end(msg, match_sets);
5218	}
5219
5220	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5221
5222	/* TODO: if we get an error here, we should fall back to normal scan */
5223
5224	msg = NULL;
5225	if (ret) {
5226		wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: "
5227			   "ret=%d (%s)", ret, strerror(-ret));
5228		goto nla_put_failure;
5229	}
5230
5231	wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - "
5232		   "scan interval %d msec", ret, interval);
5233
5234nla_put_failure:
5235	nlmsg_free(msg);
5236	return ret;
5237}
5238
5239
5240/**
5241 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan
5242 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
5243 * Returns: 0 on success, -1 on failure or if not supported
5244 */
5245static int wpa_driver_nl80211_stop_sched_scan(void *priv)
5246{
5247	struct i802_bss *bss = priv;
5248	struct wpa_driver_nl80211_data *drv = bss->drv;
5249	int ret = 0;
5250	struct nl_msg *msg;
5251
5252#ifdef ANDROID
5253	if (!drv->capa.sched_scan_supported)
5254		return android_pno_stop(bss);
5255#endif /* ANDROID */
5256
5257	msg = nlmsg_alloc();
5258	if (!msg)
5259		return -1;
5260
5261	nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN);
5262
5263	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5264
5265	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5266	msg = NULL;
5267	if (ret) {
5268		wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: "
5269			   "ret=%d (%s)", ret, strerror(-ret));
5270		goto nla_put_failure;
5271	}
5272
5273	wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret);
5274
5275nla_put_failure:
5276	nlmsg_free(msg);
5277	return ret;
5278}
5279
5280
5281static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie)
5282{
5283	const u8 *end, *pos;
5284
5285	if (ies == NULL)
5286		return NULL;
5287
5288	pos = ies;
5289	end = ies + ies_len;
5290
5291	while (pos + 1 < end) {
5292		if (pos + 2 + pos[1] > end)
5293			break;
5294		if (pos[0] == ie)
5295			return pos;
5296		pos += 2 + pos[1];
5297	}
5298
5299	return NULL;
5300}
5301
5302
5303static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
5304				 const u8 *ie, size_t ie_len)
5305{
5306	const u8 *ssid;
5307	size_t i;
5308
5309	if (drv->filter_ssids == NULL)
5310		return 0;
5311
5312	ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID);
5313	if (ssid == NULL)
5314		return 1;
5315
5316	for (i = 0; i < drv->num_filter_ssids; i++) {
5317		if (ssid[1] == drv->filter_ssids[i].ssid_len &&
5318		    os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
5319		    0)
5320			return 0;
5321	}
5322
5323	return 1;
5324}
5325
5326
5327static int bss_info_handler(struct nl_msg *msg, void *arg)
5328{
5329	struct nlattr *tb[NL80211_ATTR_MAX + 1];
5330	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5331	struct nlattr *bss[NL80211_BSS_MAX + 1];
5332	static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
5333		[NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
5334		[NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
5335		[NL80211_BSS_TSF] = { .type = NLA_U64 },
5336		[NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
5337		[NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
5338		[NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
5339		[NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
5340		[NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
5341		[NL80211_BSS_STATUS] = { .type = NLA_U32 },
5342		[NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
5343		[NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
5344	};
5345	struct nl80211_bss_info_arg *_arg = arg;
5346	struct wpa_scan_results *res = _arg->res;
5347	struct wpa_scan_res **tmp;
5348	struct wpa_scan_res *r;
5349	const u8 *ie, *beacon_ie;
5350	size_t ie_len, beacon_ie_len;
5351	u8 *pos;
5352	size_t i;
5353
5354	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5355		  genlmsg_attrlen(gnlh, 0), NULL);
5356	if (!tb[NL80211_ATTR_BSS])
5357		return NL_SKIP;
5358	if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
5359			     bss_policy))
5360		return NL_SKIP;
5361	if (bss[NL80211_BSS_STATUS]) {
5362		enum nl80211_bss_status status;
5363		status = nla_get_u32(bss[NL80211_BSS_STATUS]);
5364		if (status == NL80211_BSS_STATUS_ASSOCIATED &&
5365		    bss[NL80211_BSS_FREQUENCY]) {
5366			_arg->assoc_freq =
5367				nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
5368			wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz",
5369				   _arg->assoc_freq);
5370		}
5371		if (status == NL80211_BSS_STATUS_IBSS_JOINED &&
5372		    bss[NL80211_BSS_FREQUENCY]) {
5373			_arg->ibss_freq =
5374				nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
5375			wpa_printf(MSG_DEBUG, "nl80211: IBSS-joined on %u MHz",
5376				   _arg->ibss_freq);
5377		}
5378		if (status == NL80211_BSS_STATUS_ASSOCIATED &&
5379		    bss[NL80211_BSS_BSSID]) {
5380			os_memcpy(_arg->assoc_bssid,
5381				  nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN);
5382			wpa_printf(MSG_DEBUG, "nl80211: Associated with "
5383				   MACSTR, MAC2STR(_arg->assoc_bssid));
5384		}
5385	}
5386	if (!res)
5387		return NL_SKIP;
5388	if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
5389		ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
5390		ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
5391	} else {
5392		ie = NULL;
5393		ie_len = 0;
5394	}
5395	if (bss[NL80211_BSS_BEACON_IES]) {
5396		beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
5397		beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
5398	} else {
5399		beacon_ie = NULL;
5400		beacon_ie_len = 0;
5401	}
5402
5403	if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie,
5404				  ie ? ie_len : beacon_ie_len))
5405		return NL_SKIP;
5406
5407	r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
5408	if (r == NULL)
5409		return NL_SKIP;
5410	if (bss[NL80211_BSS_BSSID])
5411		os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
5412			  ETH_ALEN);
5413	if (bss[NL80211_BSS_FREQUENCY])
5414		r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
5415	if (bss[NL80211_BSS_BEACON_INTERVAL])
5416		r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
5417	if (bss[NL80211_BSS_CAPABILITY])
5418		r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
5419	r->flags |= WPA_SCAN_NOISE_INVALID;
5420	if (bss[NL80211_BSS_SIGNAL_MBM]) {
5421		r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
5422		r->level /= 100; /* mBm to dBm */
5423		r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
5424	} else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
5425		r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
5426		r->flags |= WPA_SCAN_QUAL_INVALID;
5427	} else
5428		r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
5429	if (bss[NL80211_BSS_TSF])
5430		r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
5431	if (bss[NL80211_BSS_SEEN_MS_AGO])
5432		r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
5433	r->ie_len = ie_len;
5434	pos = (u8 *) (r + 1);
5435	if (ie) {
5436		os_memcpy(pos, ie, ie_len);
5437		pos += ie_len;
5438	}
5439	r->beacon_ie_len = beacon_ie_len;
5440	if (beacon_ie)
5441		os_memcpy(pos, beacon_ie, beacon_ie_len);
5442
5443	if (bss[NL80211_BSS_STATUS]) {
5444		enum nl80211_bss_status status;
5445		status = nla_get_u32(bss[NL80211_BSS_STATUS]);
5446		switch (status) {
5447		case NL80211_BSS_STATUS_AUTHENTICATED:
5448			r->flags |= WPA_SCAN_AUTHENTICATED;
5449			break;
5450		case NL80211_BSS_STATUS_ASSOCIATED:
5451			r->flags |= WPA_SCAN_ASSOCIATED;
5452			break;
5453		default:
5454			break;
5455		}
5456	}
5457
5458	/*
5459	 * cfg80211 maintains separate BSS table entries for APs if the same
5460	 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does
5461	 * not use frequency as a separate key in the BSS table, so filter out
5462	 * duplicated entries. Prefer associated BSS entry in such a case in
5463	 * order to get the correct frequency into the BSS table. Similarly,
5464	 * prefer newer entries over older.
5465	 */
5466	for (i = 0; i < res->num; i++) {
5467		const u8 *s1, *s2;
5468		if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0)
5469			continue;
5470
5471		s1 = nl80211_get_ie((u8 *) (res->res[i] + 1),
5472				    res->res[i]->ie_len, WLAN_EID_SSID);
5473		s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID);
5474		if (s1 == NULL || s2 == NULL || s1[1] != s2[1] ||
5475		    os_memcmp(s1, s2, 2 + s1[1]) != 0)
5476			continue;
5477
5478		/* Same BSSID,SSID was already included in scan results */
5479		wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result "
5480			   "for " MACSTR, MAC2STR(r->bssid));
5481
5482		if (((r->flags & WPA_SCAN_ASSOCIATED) &&
5483		     !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) ||
5484		    r->age < res->res[i]->age) {
5485			os_free(res->res[i]);
5486			res->res[i] = r;
5487		} else
5488			os_free(r);
5489		return NL_SKIP;
5490	}
5491
5492	tmp = os_realloc_array(res->res, res->num + 1,
5493			       sizeof(struct wpa_scan_res *));
5494	if (tmp == NULL) {
5495		os_free(r);
5496		return NL_SKIP;
5497	}
5498	tmp[res->num++] = r;
5499	res->res = tmp;
5500
5501	return NL_SKIP;
5502}
5503
5504
5505static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
5506				 const u8 *addr)
5507{
5508	if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
5509		wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
5510			   "mismatch (" MACSTR ")", MAC2STR(addr));
5511		wpa_driver_nl80211_mlme(drv, addr,
5512					NL80211_CMD_DEAUTHENTICATE,
5513					WLAN_REASON_PREV_AUTH_NOT_VALID, 1);
5514	}
5515}
5516
5517
5518static void wpa_driver_nl80211_check_bss_status(
5519	struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
5520{
5521	size_t i;
5522
5523	for (i = 0; i < res->num; i++) {
5524		struct wpa_scan_res *r = res->res[i];
5525		if (r->flags & WPA_SCAN_AUTHENTICATED) {
5526			wpa_printf(MSG_DEBUG, "nl80211: Scan results "
5527				   "indicates BSS status with " MACSTR
5528				   " as authenticated",
5529				   MAC2STR(r->bssid));
5530			if (is_sta_interface(drv->nlmode) &&
5531			    os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 &&
5532			    os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) !=
5533			    0) {
5534				wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID"
5535					   " in local state (auth=" MACSTR
5536					   " assoc=" MACSTR ")",
5537					   MAC2STR(drv->auth_bssid),
5538					   MAC2STR(drv->bssid));
5539				clear_state_mismatch(drv, r->bssid);
5540			}
5541		}
5542
5543		if (r->flags & WPA_SCAN_ASSOCIATED) {
5544			wpa_printf(MSG_DEBUG, "nl80211: Scan results "
5545				   "indicate BSS status with " MACSTR
5546				   " as associated",
5547				   MAC2STR(r->bssid));
5548			if (is_sta_interface(drv->nlmode) &&
5549			    !drv->associated) {
5550				wpa_printf(MSG_DEBUG, "nl80211: Local state "
5551					   "(not associated) does not match "
5552					   "with BSS state");
5553				clear_state_mismatch(drv, r->bssid);
5554			} else if (is_sta_interface(drv->nlmode) &&
5555				   os_memcmp(drv->bssid, r->bssid, ETH_ALEN) !=
5556				   0) {
5557				wpa_printf(MSG_DEBUG, "nl80211: Local state "
5558					   "(associated with " MACSTR ") does "
5559					   "not match with BSS state",
5560					   MAC2STR(drv->bssid));
5561				clear_state_mismatch(drv, r->bssid);
5562				clear_state_mismatch(drv, drv->bssid);
5563			}
5564		}
5565	}
5566}
5567
5568
5569static struct wpa_scan_results *
5570nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
5571{
5572	struct nl_msg *msg;
5573	struct wpa_scan_results *res;
5574	int ret;
5575	struct nl80211_bss_info_arg arg;
5576
5577	res = os_zalloc(sizeof(*res));
5578	if (res == NULL)
5579		return NULL;
5580	msg = nlmsg_alloc();
5581	if (!msg)
5582		goto nla_put_failure;
5583
5584	nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
5585	if (nl80211_set_iface_id(msg, drv->first_bss) < 0)
5586		goto nla_put_failure;
5587
5588	arg.drv = drv;
5589	arg.res = res;
5590	ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
5591	msg = NULL;
5592	if (ret == 0) {
5593		wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu "
5594			   "BSSes)", (unsigned long) res->num);
5595		nl80211_get_noise_for_scan_results(drv, res);
5596		return res;
5597	}
5598	wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
5599		   "(%s)", ret, strerror(-ret));
5600nla_put_failure:
5601	nlmsg_free(msg);
5602	wpa_scan_results_free(res);
5603	return NULL;
5604}
5605
5606
5607/**
5608 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
5609 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
5610 * Returns: Scan results on success, -1 on failure
5611 */
5612static struct wpa_scan_results *
5613wpa_driver_nl80211_get_scan_results(void *priv)
5614{
5615	struct i802_bss *bss = priv;
5616	struct wpa_driver_nl80211_data *drv = bss->drv;
5617	struct wpa_scan_results *res;
5618
5619	res = nl80211_get_scan_results(drv);
5620	if (res)
5621		wpa_driver_nl80211_check_bss_status(drv, res);
5622	return res;
5623}
5624
5625
5626static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
5627{
5628	struct wpa_scan_results *res;
5629	size_t i;
5630
5631	res = nl80211_get_scan_results(drv);
5632	if (res == NULL) {
5633		wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results");
5634		return;
5635	}
5636
5637	wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
5638	for (i = 0; i < res->num; i++) {
5639		struct wpa_scan_res *r = res->res[i];
5640		wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s",
5641			   (int) i, (int) res->num, MAC2STR(r->bssid),
5642			   r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "",
5643			   r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
5644	}
5645
5646	wpa_scan_results_free(res);
5647}
5648
5649
5650static u32 wpa_alg_to_cipher_suite(enum wpa_alg alg, size_t key_len)
5651{
5652	switch (alg) {
5653	case WPA_ALG_WEP:
5654		if (key_len == 5)
5655			return WLAN_CIPHER_SUITE_WEP40;
5656		return WLAN_CIPHER_SUITE_WEP104;
5657	case WPA_ALG_TKIP:
5658		return WLAN_CIPHER_SUITE_TKIP;
5659	case WPA_ALG_CCMP:
5660		return WLAN_CIPHER_SUITE_CCMP;
5661	case WPA_ALG_GCMP:
5662		return WLAN_CIPHER_SUITE_GCMP;
5663	case WPA_ALG_CCMP_256:
5664		return WLAN_CIPHER_SUITE_CCMP_256;
5665	case WPA_ALG_GCMP_256:
5666		return WLAN_CIPHER_SUITE_GCMP_256;
5667	case WPA_ALG_IGTK:
5668		return WLAN_CIPHER_SUITE_AES_CMAC;
5669	case WPA_ALG_BIP_GMAC_128:
5670		return WLAN_CIPHER_SUITE_BIP_GMAC_128;
5671	case WPA_ALG_BIP_GMAC_256:
5672		return WLAN_CIPHER_SUITE_BIP_GMAC_256;
5673	case WPA_ALG_BIP_CMAC_256:
5674		return WLAN_CIPHER_SUITE_BIP_CMAC_256;
5675	case WPA_ALG_SMS4:
5676		return WLAN_CIPHER_SUITE_SMS4;
5677	case WPA_ALG_KRK:
5678		return WLAN_CIPHER_SUITE_KRK;
5679	case WPA_ALG_NONE:
5680	case WPA_ALG_PMK:
5681		wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm %d",
5682			   alg);
5683		return 0;
5684	}
5685
5686	wpa_printf(MSG_ERROR, "nl80211: Unsupported encryption algorithm %d",
5687		   alg);
5688	return 0;
5689}
5690
5691
5692static u32 wpa_cipher_to_cipher_suite(unsigned int cipher)
5693{
5694	switch (cipher) {
5695	case WPA_CIPHER_CCMP_256:
5696		return WLAN_CIPHER_SUITE_CCMP_256;
5697	case WPA_CIPHER_GCMP_256:
5698		return WLAN_CIPHER_SUITE_GCMP_256;
5699	case WPA_CIPHER_CCMP:
5700		return WLAN_CIPHER_SUITE_CCMP;
5701	case WPA_CIPHER_GCMP:
5702		return WLAN_CIPHER_SUITE_GCMP;
5703	case WPA_CIPHER_TKIP:
5704		return WLAN_CIPHER_SUITE_TKIP;
5705	case WPA_CIPHER_WEP104:
5706		return WLAN_CIPHER_SUITE_WEP104;
5707	case WPA_CIPHER_WEP40:
5708		return WLAN_CIPHER_SUITE_WEP40;
5709	case WPA_CIPHER_GTK_NOT_USED:
5710		return WLAN_CIPHER_SUITE_NO_GROUP_ADDR;
5711	}
5712
5713	return 0;
5714}
5715
5716
5717static int wpa_cipher_to_cipher_suites(unsigned int ciphers, u32 suites[],
5718				       int max_suites)
5719{
5720	int num_suites = 0;
5721
5722	if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP_256)
5723		suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP_256;
5724	if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP_256)
5725		suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP_256;
5726	if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP)
5727		suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP;
5728	if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP)
5729		suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP;
5730	if (num_suites < max_suites && ciphers & WPA_CIPHER_TKIP)
5731		suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP;
5732	if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP104)
5733		suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104;
5734	if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP40)
5735		suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40;
5736
5737	return num_suites;
5738}
5739
5740
5741static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
5742				      enum wpa_alg alg, const u8 *addr,
5743				      int key_idx, int set_tx,
5744				      const u8 *seq, size_t seq_len,
5745				      const u8 *key, size_t key_len)
5746{
5747	struct wpa_driver_nl80211_data *drv = bss->drv;
5748	int ifindex;
5749	struct nl_msg *msg;
5750	int ret;
5751	int tdls = 0;
5752
5753	/* Ignore for P2P Device */
5754	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
5755		return 0;
5756
5757	ifindex = if_nametoindex(ifname);
5758	wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d "
5759		   "set_tx=%d seq_len=%lu key_len=%lu",
5760		   __func__, ifindex, ifname, alg, addr, key_idx, set_tx,
5761		   (unsigned long) seq_len, (unsigned long) key_len);
5762#ifdef CONFIG_TDLS
5763	if (key_idx == -1) {
5764		key_idx = 0;
5765		tdls = 1;
5766	}
5767#endif /* CONFIG_TDLS */
5768
5769	msg = nlmsg_alloc();
5770	if (!msg)
5771		return -ENOMEM;
5772
5773	if (alg == WPA_ALG_NONE) {
5774		nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY);
5775	} else {
5776		nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY);
5777		NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
5778		wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len);
5779		NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
5780			    wpa_alg_to_cipher_suite(alg, key_len));
5781	}
5782
5783	if (seq && seq_len) {
5784		NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
5785		wpa_hexdump(MSG_DEBUG, "nl80211: KEY_SEQ", seq, seq_len);
5786	}
5787
5788	if (addr && !is_broadcast_ether_addr(addr)) {
5789		wpa_printf(MSG_DEBUG, "   addr=" MACSTR, MAC2STR(addr));
5790		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5791
5792		if (alg != WPA_ALG_WEP && key_idx && !set_tx) {
5793			wpa_printf(MSG_DEBUG, "   RSN IBSS RX GTK");
5794			NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE,
5795				    NL80211_KEYTYPE_GROUP);
5796		}
5797	} else if (addr && is_broadcast_ether_addr(addr)) {
5798		struct nlattr *types;
5799
5800		wpa_printf(MSG_DEBUG, "   broadcast key");
5801
5802		types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
5803		if (!types)
5804			goto nla_put_failure;
5805		NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
5806		nla_nest_end(msg, types);
5807	}
5808	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
5809	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
5810
5811	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5812	if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
5813		ret = 0;
5814	if (ret)
5815		wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
5816			   ret, strerror(-ret));
5817
5818	/*
5819	 * If we failed or don't need to set the default TX key (below),
5820	 * we're done here.
5821	 */
5822	if (ret || !set_tx || alg == WPA_ALG_NONE || tdls)
5823		return ret;
5824	if (is_ap_interface(drv->nlmode) && addr &&
5825	    !is_broadcast_ether_addr(addr))
5826		return ret;
5827
5828	msg = nlmsg_alloc();
5829	if (!msg)
5830		return -ENOMEM;
5831
5832	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY);
5833	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
5834	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
5835	if (alg == WPA_ALG_IGTK)
5836		NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
5837	else
5838		NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
5839	if (addr && is_broadcast_ether_addr(addr)) {
5840		struct nlattr *types;
5841
5842		types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
5843		if (!types)
5844			goto nla_put_failure;
5845		NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
5846		nla_nest_end(msg, types);
5847	} else if (addr) {
5848		struct nlattr *types;
5849
5850		types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
5851		if (!types)
5852			goto nla_put_failure;
5853		NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_UNICAST);
5854		nla_nest_end(msg, types);
5855	}
5856
5857	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5858	if (ret == -ENOENT)
5859		ret = 0;
5860	if (ret)
5861		wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
5862			   "err=%d %s)", ret, strerror(-ret));
5863	return ret;
5864
5865nla_put_failure:
5866	nlmsg_free(msg);
5867	return -ENOBUFS;
5868}
5869
5870
5871static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
5872		      int key_idx, int defkey,
5873		      const u8 *seq, size_t seq_len,
5874		      const u8 *key, size_t key_len)
5875{
5876	struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
5877	if (!key_attr)
5878		return -1;
5879
5880	if (defkey && alg == WPA_ALG_IGTK)
5881		NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT);
5882	else if (defkey)
5883		NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
5884
5885	NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx);
5886
5887	NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
5888		    wpa_alg_to_cipher_suite(alg, key_len));
5889
5890	if (seq && seq_len)
5891		NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq);
5892
5893	NLA_PUT(msg, NL80211_KEY_DATA, key_len, key);
5894
5895	nla_nest_end(msg, key_attr);
5896
5897	return 0;
5898 nla_put_failure:
5899	return -1;
5900}
5901
5902
5903static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
5904				 struct nl_msg *msg)
5905{
5906	int i, privacy = 0;
5907	struct nlattr *nl_keys, *nl_key;
5908
5909	for (i = 0; i < 4; i++) {
5910		if (!params->wep_key[i])
5911			continue;
5912		privacy = 1;
5913		break;
5914	}
5915	if (params->wps == WPS_MODE_PRIVACY)
5916		privacy = 1;
5917	if (params->pairwise_suite &&
5918	    params->pairwise_suite != WPA_CIPHER_NONE)
5919		privacy = 1;
5920
5921	if (!privacy)
5922		return 0;
5923
5924	NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
5925
5926	nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
5927	if (!nl_keys)
5928		goto nla_put_failure;
5929
5930	for (i = 0; i < 4; i++) {
5931		if (!params->wep_key[i])
5932			continue;
5933
5934		nl_key = nla_nest_start(msg, i);
5935		if (!nl_key)
5936			goto nla_put_failure;
5937
5938		NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i],
5939			params->wep_key[i]);
5940		if (params->wep_key_len[i] == 5)
5941			NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
5942				    WLAN_CIPHER_SUITE_WEP40);
5943		else
5944			NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
5945				    WLAN_CIPHER_SUITE_WEP104);
5946
5947		NLA_PUT_U8(msg, NL80211_KEY_IDX, i);
5948
5949		if (i == params->wep_tx_keyidx)
5950			NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
5951
5952		nla_nest_end(msg, nl_key);
5953	}
5954	nla_nest_end(msg, nl_keys);
5955
5956	return 0;
5957
5958nla_put_failure:
5959	return -ENOBUFS;
5960}
5961
5962
5963static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
5964				   const u8 *addr, int cmd, u16 reason_code,
5965				   int local_state_change)
5966{
5967	int ret = -1;
5968	struct nl_msg *msg;
5969
5970	msg = nlmsg_alloc();
5971	if (!msg)
5972		return -1;
5973
5974	nl80211_cmd(drv, msg, 0, cmd);
5975
5976	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5977	NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
5978	if (addr)
5979		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5980	if (local_state_change)
5981		NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
5982
5983	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5984	msg = NULL;
5985	if (ret) {
5986		wpa_dbg(drv->ctx, MSG_DEBUG,
5987			"nl80211: MLME command failed: reason=%u ret=%d (%s)",
5988			reason_code, ret, strerror(-ret));
5989		goto nla_put_failure;
5990	}
5991	ret = 0;
5992
5993nla_put_failure:
5994	nlmsg_free(msg);
5995	return ret;
5996}
5997
5998
5999static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
6000					 int reason_code)
6001{
6002	int ret;
6003
6004	wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code);
6005	nl80211_mark_disconnected(drv);
6006	/* Disconnect command doesn't need BSSID - it uses cached value */
6007	ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT,
6008				      reason_code, 0);
6009	/*
6010	 * For locally generated disconnect, supplicant already generates a
6011	 * DEAUTH event, so ignore the event from NL80211.
6012	 */
6013	drv->ignore_next_local_disconnect = ret == 0;
6014
6015	return ret;
6016}
6017
6018
6019static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss,
6020					     const u8 *addr, int reason_code)
6021{
6022	struct wpa_driver_nl80211_data *drv = bss->drv;
6023	int ret;
6024
6025	if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
6026		nl80211_mark_disconnected(drv);
6027		return nl80211_leave_ibss(drv);
6028	}
6029	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
6030		return wpa_driver_nl80211_disconnect(drv, reason_code);
6031	wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
6032		   __func__, MAC2STR(addr), reason_code);
6033	nl80211_mark_disconnected(drv);
6034	ret = wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
6035				      reason_code, 0);
6036	/*
6037	 * For locally generated deauthenticate, supplicant already generates a
6038	 * DEAUTH event, so ignore the event from NL80211.
6039	 */
6040	drv->ignore_next_local_deauth = ret == 0;
6041	return ret;
6042}
6043
6044
6045static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv,
6046				     struct wpa_driver_auth_params *params)
6047{
6048	int i;
6049
6050	drv->auth_freq = params->freq;
6051	drv->auth_alg = params->auth_alg;
6052	drv->auth_wep_tx_keyidx = params->wep_tx_keyidx;
6053	drv->auth_local_state_change = params->local_state_change;
6054	drv->auth_p2p = params->p2p;
6055
6056	if (params->bssid)
6057		os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN);
6058	else
6059		os_memset(drv->auth_bssid_, 0, ETH_ALEN);
6060
6061	if (params->ssid) {
6062		os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len);
6063		drv->auth_ssid_len = params->ssid_len;
6064	} else
6065		drv->auth_ssid_len = 0;
6066
6067
6068	os_free(drv->auth_ie);
6069	drv->auth_ie = NULL;
6070	drv->auth_ie_len = 0;
6071	if (params->ie) {
6072		drv->auth_ie = os_malloc(params->ie_len);
6073		if (drv->auth_ie) {
6074			os_memcpy(drv->auth_ie, params->ie, params->ie_len);
6075			drv->auth_ie_len = params->ie_len;
6076		}
6077	}
6078
6079	for (i = 0; i < 4; i++) {
6080		if (params->wep_key[i] && params->wep_key_len[i] &&
6081		    params->wep_key_len[i] <= 16) {
6082			os_memcpy(drv->auth_wep_key[i], params->wep_key[i],
6083				  params->wep_key_len[i]);
6084			drv->auth_wep_key_len[i] = params->wep_key_len[i];
6085		} else
6086			drv->auth_wep_key_len[i] = 0;
6087	}
6088}
6089
6090
6091static int wpa_driver_nl80211_authenticate(
6092	struct i802_bss *bss, struct wpa_driver_auth_params *params)
6093{
6094	struct wpa_driver_nl80211_data *drv = bss->drv;
6095	int ret = -1, i;
6096	struct nl_msg *msg;
6097	enum nl80211_auth_type type;
6098	enum nl80211_iftype nlmode;
6099	int count = 0;
6100	int is_retry;
6101
6102	is_retry = drv->retry_auth;
6103	drv->retry_auth = 0;
6104	drv->ignore_deauth_event = 0;
6105
6106	nl80211_mark_disconnected(drv);
6107	os_memset(drv->auth_bssid, 0, ETH_ALEN);
6108	if (params->bssid)
6109		os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN);
6110	else
6111		os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
6112	/* FIX: IBSS mode */
6113	nlmode = params->p2p ?
6114		NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
6115	if (drv->nlmode != nlmode &&
6116	    wpa_driver_nl80211_set_mode(bss, nlmode) < 0)
6117		return -1;
6118
6119retry:
6120	msg = nlmsg_alloc();
6121	if (!msg)
6122		return -1;
6123
6124	wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
6125		   drv->ifindex);
6126
6127	nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE);
6128
6129	for (i = 0; i < 4; i++) {
6130		if (!params->wep_key[i])
6131			continue;
6132		wpa_driver_nl80211_set_key(bss->ifname, bss, WPA_ALG_WEP,
6133					   NULL, i,
6134					   i == params->wep_tx_keyidx, NULL, 0,
6135					   params->wep_key[i],
6136					   params->wep_key_len[i]);
6137		if (params->wep_tx_keyidx != i)
6138			continue;
6139		if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
6140			       params->wep_key[i], params->wep_key_len[i])) {
6141			nlmsg_free(msg);
6142			return -1;
6143		}
6144	}
6145
6146	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6147	if (params->bssid) {
6148		wpa_printf(MSG_DEBUG, "  * bssid=" MACSTR,
6149			   MAC2STR(params->bssid));
6150		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
6151	}
6152	if (params->freq) {
6153		wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq);
6154		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
6155	}
6156	if (params->ssid) {
6157		wpa_hexdump_ascii(MSG_DEBUG, "  * SSID",
6158				  params->ssid, params->ssid_len);
6159		NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
6160			params->ssid);
6161	}
6162	wpa_hexdump(MSG_DEBUG, "  * IEs", params->ie, params->ie_len);
6163	if (params->ie)
6164		NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
6165	if (params->sae_data) {
6166		wpa_hexdump(MSG_DEBUG, "  * SAE data", params->sae_data,
6167			    params->sae_data_len);
6168		NLA_PUT(msg, NL80211_ATTR_SAE_DATA, params->sae_data_len,
6169			params->sae_data);
6170	}
6171	if (params->auth_alg & WPA_AUTH_ALG_OPEN)
6172		type = NL80211_AUTHTYPE_OPEN_SYSTEM;
6173	else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
6174		type = NL80211_AUTHTYPE_SHARED_KEY;
6175	else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
6176		type = NL80211_AUTHTYPE_NETWORK_EAP;
6177	else if (params->auth_alg & WPA_AUTH_ALG_FT)
6178		type = NL80211_AUTHTYPE_FT;
6179	else if (params->auth_alg & WPA_AUTH_ALG_SAE)
6180		type = NL80211_AUTHTYPE_SAE;
6181	else
6182		goto nla_put_failure;
6183	wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
6184	NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
6185	if (params->local_state_change) {
6186		wpa_printf(MSG_DEBUG, "  * Local state change only");
6187		NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
6188	}
6189
6190	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6191	msg = NULL;
6192	if (ret) {
6193		wpa_dbg(drv->ctx, MSG_DEBUG,
6194			"nl80211: MLME command failed (auth): ret=%d (%s)",
6195			ret, strerror(-ret));
6196		count++;
6197		if (ret == -EALREADY && count == 1 && params->bssid &&
6198		    !params->local_state_change) {
6199			/*
6200			 * mac80211 does not currently accept new
6201			 * authentication if we are already authenticated. As a
6202			 * workaround, force deauthentication and try again.
6203			 */
6204			wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
6205				   "after forced deauthentication");
6206			drv->ignore_deauth_event = 1;
6207			wpa_driver_nl80211_deauthenticate(
6208				bss, params->bssid,
6209				WLAN_REASON_PREV_AUTH_NOT_VALID);
6210			nlmsg_free(msg);
6211			goto retry;
6212		}
6213
6214		if (ret == -ENOENT && params->freq && !is_retry) {
6215			/*
6216			 * cfg80211 has likely expired the BSS entry even
6217			 * though it was previously available in our internal
6218			 * BSS table. To recover quickly, start a single
6219			 * channel scan on the specified channel.
6220			 */
6221			struct wpa_driver_scan_params scan;
6222			int freqs[2];
6223
6224			os_memset(&scan, 0, sizeof(scan));
6225			scan.num_ssids = 1;
6226			if (params->ssid) {
6227				scan.ssids[0].ssid = params->ssid;
6228				scan.ssids[0].ssid_len = params->ssid_len;
6229			}
6230			freqs[0] = params->freq;
6231			freqs[1] = 0;
6232			scan.freqs = freqs;
6233			wpa_printf(MSG_DEBUG, "nl80211: Trigger single "
6234				   "channel scan to refresh cfg80211 BSS "
6235				   "entry");
6236			ret = wpa_driver_nl80211_scan(bss, &scan);
6237			if (ret == 0) {
6238				nl80211_copy_auth_params(drv, params);
6239				drv->scan_for_auth = 1;
6240			}
6241		} else if (is_retry) {
6242			/*
6243			 * Need to indicate this with an event since the return
6244			 * value from the retry is not delivered to core code.
6245			 */
6246			union wpa_event_data event;
6247			wpa_printf(MSG_DEBUG, "nl80211: Authentication retry "
6248				   "failed");
6249			os_memset(&event, 0, sizeof(event));
6250			os_memcpy(event.timeout_event.addr, drv->auth_bssid_,
6251				  ETH_ALEN);
6252			wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT,
6253					     &event);
6254		}
6255
6256		goto nla_put_failure;
6257	}
6258	ret = 0;
6259	wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
6260		   "successfully");
6261
6262nla_put_failure:
6263	nlmsg_free(msg);
6264	return ret;
6265}
6266
6267
6268static int wpa_driver_nl80211_authenticate_retry(
6269	struct wpa_driver_nl80211_data *drv)
6270{
6271	struct wpa_driver_auth_params params;
6272	struct i802_bss *bss = drv->first_bss;
6273	int i;
6274
6275	wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again");
6276
6277	os_memset(&params, 0, sizeof(params));
6278	params.freq = drv->auth_freq;
6279	params.auth_alg = drv->auth_alg;
6280	params.wep_tx_keyidx = drv->auth_wep_tx_keyidx;
6281	params.local_state_change = drv->auth_local_state_change;
6282	params.p2p = drv->auth_p2p;
6283
6284	if (!is_zero_ether_addr(drv->auth_bssid_))
6285		params.bssid = drv->auth_bssid_;
6286
6287	if (drv->auth_ssid_len) {
6288		params.ssid = drv->auth_ssid;
6289		params.ssid_len = drv->auth_ssid_len;
6290	}
6291
6292	params.ie = drv->auth_ie;
6293	params.ie_len = drv->auth_ie_len;
6294
6295	for (i = 0; i < 4; i++) {
6296		if (drv->auth_wep_key_len[i]) {
6297			params.wep_key[i] = drv->auth_wep_key[i];
6298			params.wep_key_len[i] = drv->auth_wep_key_len[i];
6299		}
6300	}
6301
6302	drv->retry_auth = 1;
6303	return wpa_driver_nl80211_authenticate(bss, &params);
6304}
6305
6306
6307struct phy_info_arg {
6308	u16 *num_modes;
6309	struct hostapd_hw_modes *modes;
6310	int last_mode, last_chan_idx;
6311};
6312
6313static void phy_info_ht_capa(struct hostapd_hw_modes *mode, struct nlattr *capa,
6314			     struct nlattr *ampdu_factor,
6315			     struct nlattr *ampdu_density,
6316			     struct nlattr *mcs_set)
6317{
6318	if (capa)
6319		mode->ht_capab = nla_get_u16(capa);
6320
6321	if (ampdu_factor)
6322		mode->a_mpdu_params |= nla_get_u8(ampdu_factor) & 0x03;
6323
6324	if (ampdu_density)
6325		mode->a_mpdu_params |= nla_get_u8(ampdu_density) << 2;
6326
6327	if (mcs_set && nla_len(mcs_set) >= 16) {
6328		u8 *mcs;
6329		mcs = nla_data(mcs_set);
6330		os_memcpy(mode->mcs_set, mcs, 16);
6331	}
6332}
6333
6334
6335static void phy_info_vht_capa(struct hostapd_hw_modes *mode,
6336			      struct nlattr *capa,
6337			      struct nlattr *mcs_set)
6338{
6339	if (capa)
6340		mode->vht_capab = nla_get_u32(capa);
6341
6342	if (mcs_set && nla_len(mcs_set) >= 8) {
6343		u8 *mcs;
6344		mcs = nla_data(mcs_set);
6345		os_memcpy(mode->vht_mcs_set, mcs, 8);
6346	}
6347}
6348
6349
6350static void phy_info_freq(struct hostapd_hw_modes *mode,
6351			  struct hostapd_channel_data *chan,
6352			  struct nlattr *tb_freq[])
6353{
6354	u8 channel;
6355	chan->freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
6356	chan->flag = 0;
6357	chan->dfs_cac_ms = 0;
6358	if (ieee80211_freq_to_chan(chan->freq, &channel) != NUM_HOSTAPD_MODES)
6359		chan->chan = channel;
6360
6361	if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
6362		chan->flag |= HOSTAPD_CHAN_DISABLED;
6363	if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IR])
6364		chan->flag |= HOSTAPD_CHAN_PASSIVE_SCAN | HOSTAPD_CHAN_NO_IBSS;
6365	if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
6366		chan->flag |= HOSTAPD_CHAN_RADAR;
6367
6368	if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]) {
6369		enum nl80211_dfs_state state =
6370			nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]);
6371
6372		switch (state) {
6373		case NL80211_DFS_USABLE:
6374			chan->flag |= HOSTAPD_CHAN_DFS_USABLE;
6375			break;
6376		case NL80211_DFS_AVAILABLE:
6377			chan->flag |= HOSTAPD_CHAN_DFS_AVAILABLE;
6378			break;
6379		case NL80211_DFS_UNAVAILABLE:
6380			chan->flag |= HOSTAPD_CHAN_DFS_UNAVAILABLE;
6381			break;
6382		}
6383	}
6384
6385	if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_CAC_TIME]) {
6386		chan->dfs_cac_ms = nla_get_u32(
6387			tb_freq[NL80211_FREQUENCY_ATTR_DFS_CAC_TIME]);
6388	}
6389}
6390
6391
6392static int phy_info_freqs(struct phy_info_arg *phy_info,
6393			  struct hostapd_hw_modes *mode, struct nlattr *tb)
6394{
6395	static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
6396		[NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
6397		[NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
6398		[NL80211_FREQUENCY_ATTR_NO_IR] = { .type = NLA_FLAG },
6399		[NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
6400		[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
6401		[NL80211_FREQUENCY_ATTR_DFS_STATE] = { .type = NLA_U32 },
6402	};
6403	int new_channels = 0;
6404	struct hostapd_channel_data *channel;
6405	struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
6406	struct nlattr *nl_freq;
6407	int rem_freq, idx;
6408
6409	if (tb == NULL)
6410		return NL_OK;
6411
6412	nla_for_each_nested(nl_freq, tb, rem_freq) {
6413		nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX,
6414			  nla_data(nl_freq), nla_len(nl_freq), freq_policy);
6415		if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
6416			continue;
6417		new_channels++;
6418	}
6419
6420	channel = os_realloc_array(mode->channels,
6421				   mode->num_channels + new_channels,
6422				   sizeof(struct hostapd_channel_data));
6423	if (!channel)
6424		return NL_SKIP;
6425
6426	mode->channels = channel;
6427	mode->num_channels += new_channels;
6428
6429	idx = phy_info->last_chan_idx;
6430
6431	nla_for_each_nested(nl_freq, tb, rem_freq) {
6432		nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX,
6433			  nla_data(nl_freq), nla_len(nl_freq), freq_policy);
6434		if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
6435			continue;
6436		phy_info_freq(mode, &mode->channels[idx], tb_freq);
6437		idx++;
6438	}
6439	phy_info->last_chan_idx = idx;
6440
6441	return NL_OK;
6442}
6443
6444
6445static int phy_info_rates(struct hostapd_hw_modes *mode, struct nlattr *tb)
6446{
6447	static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
6448		[NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
6449		[NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] =
6450		{ .type = NLA_FLAG },
6451	};
6452	struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
6453	struct nlattr *nl_rate;
6454	int rem_rate, idx;
6455
6456	if (tb == NULL)
6457		return NL_OK;
6458
6459	nla_for_each_nested(nl_rate, tb, rem_rate) {
6460		nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX,
6461			  nla_data(nl_rate), nla_len(nl_rate),
6462			  rate_policy);
6463		if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
6464			continue;
6465		mode->num_rates++;
6466	}
6467
6468	mode->rates = os_calloc(mode->num_rates, sizeof(int));
6469	if (!mode->rates)
6470		return NL_SKIP;
6471
6472	idx = 0;
6473
6474	nla_for_each_nested(nl_rate, tb, rem_rate) {
6475		nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX,
6476			  nla_data(nl_rate), nla_len(nl_rate),
6477			  rate_policy);
6478		if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
6479			continue;
6480		mode->rates[idx] = nla_get_u32(
6481			tb_rate[NL80211_BITRATE_ATTR_RATE]);
6482		idx++;
6483	}
6484
6485	return NL_OK;
6486}
6487
6488
6489static int phy_info_band(struct phy_info_arg *phy_info, struct nlattr *nl_band)
6490{
6491	struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
6492	struct hostapd_hw_modes *mode;
6493	int ret;
6494
6495	if (phy_info->last_mode != nl_band->nla_type) {
6496		mode = os_realloc_array(phy_info->modes,
6497					*phy_info->num_modes + 1,
6498					sizeof(*mode));
6499		if (!mode)
6500			return NL_SKIP;
6501		phy_info->modes = mode;
6502
6503		mode = &phy_info->modes[*(phy_info->num_modes)];
6504		os_memset(mode, 0, sizeof(*mode));
6505		mode->mode = NUM_HOSTAPD_MODES;
6506		mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN |
6507			HOSTAPD_MODE_FLAG_VHT_INFO_KNOWN;
6508
6509		/*
6510		 * Unsupported VHT MCS stream is defined as value 3, so the VHT
6511		 * MCS RX/TX map must be initialized with 0xffff to mark all 8
6512		 * possible streams as unsupported. This will be overridden if
6513		 * driver advertises VHT support.
6514		 */
6515		mode->vht_mcs_set[0] = 0xff;
6516		mode->vht_mcs_set[1] = 0xff;
6517		mode->vht_mcs_set[4] = 0xff;
6518		mode->vht_mcs_set[5] = 0xff;
6519
6520		*(phy_info->num_modes) += 1;
6521		phy_info->last_mode = nl_band->nla_type;
6522		phy_info->last_chan_idx = 0;
6523	} else
6524		mode = &phy_info->modes[*(phy_info->num_modes) - 1];
6525
6526	nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
6527		  nla_len(nl_band), NULL);
6528
6529	phy_info_ht_capa(mode, tb_band[NL80211_BAND_ATTR_HT_CAPA],
6530			 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR],
6531			 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY],
6532			 tb_band[NL80211_BAND_ATTR_HT_MCS_SET]);
6533	phy_info_vht_capa(mode, tb_band[NL80211_BAND_ATTR_VHT_CAPA],
6534			  tb_band[NL80211_BAND_ATTR_VHT_MCS_SET]);
6535	ret = phy_info_freqs(phy_info, mode, tb_band[NL80211_BAND_ATTR_FREQS]);
6536	if (ret != NL_OK)
6537		return ret;
6538	ret = phy_info_rates(mode, tb_band[NL80211_BAND_ATTR_RATES]);
6539	if (ret != NL_OK)
6540		return ret;
6541
6542	return NL_OK;
6543}
6544
6545
6546static int phy_info_handler(struct nl_msg *msg, void *arg)
6547{
6548	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
6549	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6550	struct phy_info_arg *phy_info = arg;
6551	struct nlattr *nl_band;
6552	int rem_band;
6553
6554	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6555		  genlmsg_attrlen(gnlh, 0), NULL);
6556
6557	if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
6558		return NL_SKIP;
6559
6560	nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band)
6561	{
6562		int res = phy_info_band(phy_info, nl_band);
6563		if (res != NL_OK)
6564			return res;
6565	}
6566
6567	return NL_SKIP;
6568}
6569
6570
6571static struct hostapd_hw_modes *
6572wpa_driver_nl80211_postprocess_modes(struct hostapd_hw_modes *modes,
6573				     u16 *num_modes)
6574{
6575	u16 m;
6576	struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
6577	int i, mode11g_idx = -1;
6578
6579	/* heuristic to set up modes */
6580	for (m = 0; m < *num_modes; m++) {
6581		if (!modes[m].num_channels)
6582			continue;
6583		if (modes[m].channels[0].freq < 4000) {
6584			modes[m].mode = HOSTAPD_MODE_IEEE80211B;
6585			for (i = 0; i < modes[m].num_rates; i++) {
6586				if (modes[m].rates[i] > 200) {
6587					modes[m].mode = HOSTAPD_MODE_IEEE80211G;
6588					break;
6589				}
6590			}
6591		} else if (modes[m].channels[0].freq > 50000)
6592			modes[m].mode = HOSTAPD_MODE_IEEE80211AD;
6593		else
6594			modes[m].mode = HOSTAPD_MODE_IEEE80211A;
6595	}
6596
6597	/* If only 802.11g mode is included, use it to construct matching
6598	 * 802.11b mode data. */
6599
6600	for (m = 0; m < *num_modes; m++) {
6601		if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
6602			return modes; /* 802.11b already included */
6603		if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
6604			mode11g_idx = m;
6605	}
6606
6607	if (mode11g_idx < 0)
6608		return modes; /* 2.4 GHz band not supported at all */
6609
6610	nmodes = os_realloc_array(modes, *num_modes + 1, sizeof(*nmodes));
6611	if (nmodes == NULL)
6612		return modes; /* Could not add 802.11b mode */
6613
6614	mode = &nmodes[*num_modes];
6615	os_memset(mode, 0, sizeof(*mode));
6616	(*num_modes)++;
6617	modes = nmodes;
6618
6619	mode->mode = HOSTAPD_MODE_IEEE80211B;
6620
6621	mode11g = &modes[mode11g_idx];
6622	mode->num_channels = mode11g->num_channels;
6623	mode->channels = os_malloc(mode11g->num_channels *
6624				   sizeof(struct hostapd_channel_data));
6625	if (mode->channels == NULL) {
6626		(*num_modes)--;
6627		return modes; /* Could not add 802.11b mode */
6628	}
6629	os_memcpy(mode->channels, mode11g->channels,
6630		  mode11g->num_channels * sizeof(struct hostapd_channel_data));
6631
6632	mode->num_rates = 0;
6633	mode->rates = os_malloc(4 * sizeof(int));
6634	if (mode->rates == NULL) {
6635		os_free(mode->channels);
6636		(*num_modes)--;
6637		return modes; /* Could not add 802.11b mode */
6638	}
6639
6640	for (i = 0; i < mode11g->num_rates; i++) {
6641		if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 &&
6642		    mode11g->rates[i] != 55 && mode11g->rates[i] != 110)
6643			continue;
6644		mode->rates[mode->num_rates] = mode11g->rates[i];
6645		mode->num_rates++;
6646		if (mode->num_rates == 4)
6647			break;
6648	}
6649
6650	if (mode->num_rates == 0) {
6651		os_free(mode->channels);
6652		os_free(mode->rates);
6653		(*num_modes)--;
6654		return modes; /* No 802.11b rates */
6655	}
6656
6657	wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
6658		   "information");
6659
6660	return modes;
6661}
6662
6663
6664static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start,
6665				  int end)
6666{
6667	int c;
6668
6669	for (c = 0; c < mode->num_channels; c++) {
6670		struct hostapd_channel_data *chan = &mode->channels[c];
6671		if (chan->freq - 10 >= start && chan->freq + 10 <= end)
6672			chan->flag |= HOSTAPD_CHAN_HT40;
6673	}
6674}
6675
6676
6677static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start,
6678				      int end)
6679{
6680	int c;
6681
6682	for (c = 0; c < mode->num_channels; c++) {
6683		struct hostapd_channel_data *chan = &mode->channels[c];
6684		if (!(chan->flag & HOSTAPD_CHAN_HT40))
6685			continue;
6686		if (chan->freq - 30 >= start && chan->freq - 10 <= end)
6687			chan->flag |= HOSTAPD_CHAN_HT40MINUS;
6688		if (chan->freq + 10 >= start && chan->freq + 30 <= end)
6689			chan->flag |= HOSTAPD_CHAN_HT40PLUS;
6690	}
6691}
6692
6693
6694static void nl80211_reg_rule_max_eirp(u32 start, u32 end, u32 max_eirp,
6695				      struct phy_info_arg *results)
6696{
6697	u16 m;
6698
6699	for (m = 0; m < *results->num_modes; m++) {
6700		int c;
6701		struct hostapd_hw_modes *mode = &results->modes[m];
6702
6703		for (c = 0; c < mode->num_channels; c++) {
6704			struct hostapd_channel_data *chan = &mode->channels[c];
6705			if ((u32) chan->freq - 10 >= start &&
6706			    (u32) chan->freq + 10 <= end)
6707				chan->max_tx_power = max_eirp;
6708		}
6709	}
6710}
6711
6712
6713static void nl80211_reg_rule_ht40(u32 start, u32 end,
6714				  struct phy_info_arg *results)
6715{
6716	u16 m;
6717
6718	for (m = 0; m < *results->num_modes; m++) {
6719		if (!(results->modes[m].ht_capab &
6720		      HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
6721			continue;
6722		nl80211_set_ht40_mode(&results->modes[m], start, end);
6723	}
6724}
6725
6726
6727static void nl80211_reg_rule_sec(struct nlattr *tb[],
6728				 struct phy_info_arg *results)
6729{
6730	u32 start, end, max_bw;
6731	u16 m;
6732
6733	if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
6734	    tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
6735	    tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
6736		return;
6737
6738	start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
6739	end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
6740	max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
6741
6742	if (max_bw < 20)
6743		return;
6744
6745	for (m = 0; m < *results->num_modes; m++) {
6746		if (!(results->modes[m].ht_capab &
6747		      HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
6748			continue;
6749		nl80211_set_ht40_mode_sec(&results->modes[m], start, end);
6750	}
6751}
6752
6753
6754static void nl80211_set_vht_mode(struct hostapd_hw_modes *mode, int start,
6755				 int end)
6756{
6757	int c;
6758
6759	for (c = 0; c < mode->num_channels; c++) {
6760		struct hostapd_channel_data *chan = &mode->channels[c];
6761		if (chan->freq - 10 >= start && chan->freq + 70 <= end)
6762			chan->flag |= HOSTAPD_CHAN_VHT_10_70;
6763
6764		if (chan->freq - 30 >= start && chan->freq + 50 <= end)
6765			chan->flag |= HOSTAPD_CHAN_VHT_30_50;
6766
6767		if (chan->freq - 50 >= start && chan->freq + 30 <= end)
6768			chan->flag |= HOSTAPD_CHAN_VHT_50_30;
6769
6770		if (chan->freq - 70 >= start && chan->freq + 10 <= end)
6771			chan->flag |= HOSTAPD_CHAN_VHT_70_10;
6772	}
6773}
6774
6775
6776static void nl80211_reg_rule_vht(struct nlattr *tb[],
6777				 struct phy_info_arg *results)
6778{
6779	u32 start, end, max_bw;
6780	u16 m;
6781
6782	if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
6783	    tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
6784	    tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
6785		return;
6786
6787	start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
6788	end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
6789	max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
6790
6791	if (max_bw < 80)
6792		return;
6793
6794	for (m = 0; m < *results->num_modes; m++) {
6795		if (!(results->modes[m].ht_capab &
6796		      HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
6797			continue;
6798		/* TODO: use a real VHT support indication */
6799		if (!results->modes[m].vht_capab)
6800			continue;
6801
6802		nl80211_set_vht_mode(&results->modes[m], start, end);
6803	}
6804}
6805
6806
6807static const char * dfs_domain_name(enum nl80211_dfs_regions region)
6808{
6809	switch (region) {
6810	case NL80211_DFS_UNSET:
6811		return "DFS-UNSET";
6812	case NL80211_DFS_FCC:
6813		return "DFS-FCC";
6814	case NL80211_DFS_ETSI:
6815		return "DFS-ETSI";
6816	case NL80211_DFS_JP:
6817		return "DFS-JP";
6818	default:
6819		return "DFS-invalid";
6820	}
6821}
6822
6823
6824static int nl80211_get_reg(struct nl_msg *msg, void *arg)
6825{
6826	struct phy_info_arg *results = arg;
6827	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
6828	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6829	struct nlattr *nl_rule;
6830	struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1];
6831	int rem_rule;
6832	static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
6833		[NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
6834		[NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
6835		[NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
6836		[NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
6837		[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
6838		[NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
6839	};
6840
6841	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6842		  genlmsg_attrlen(gnlh, 0), NULL);
6843	if (!tb_msg[NL80211_ATTR_REG_ALPHA2] ||
6844	    !tb_msg[NL80211_ATTR_REG_RULES]) {
6845		wpa_printf(MSG_DEBUG, "nl80211: No regulatory information "
6846			   "available");
6847		return NL_SKIP;
6848	}
6849
6850	if (tb_msg[NL80211_ATTR_DFS_REGION]) {
6851		enum nl80211_dfs_regions dfs_domain;
6852		dfs_domain = nla_get_u8(tb_msg[NL80211_ATTR_DFS_REGION]);
6853		wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s (%s)",
6854			   (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]),
6855			   dfs_domain_name(dfs_domain));
6856	} else {
6857		wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s",
6858			   (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]));
6859	}
6860
6861	nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
6862	{
6863		u32 start, end, max_eirp = 0, max_bw = 0, flags = 0;
6864		nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
6865			  nla_data(nl_rule), nla_len(nl_rule), reg_policy);
6866		if (tb_rule[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
6867		    tb_rule[NL80211_ATTR_FREQ_RANGE_END] == NULL)
6868			continue;
6869		start = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
6870		end = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
6871		if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP])
6872			max_eirp = nla_get_u32(tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) / 100;
6873		if (tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW])
6874			max_bw = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
6875		if (tb_rule[NL80211_ATTR_REG_RULE_FLAGS])
6876			flags = nla_get_u32(tb_rule[NL80211_ATTR_REG_RULE_FLAGS]);
6877
6878		wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz %u mBm%s%s%s%s%s%s%s%s",
6879			   start, end, max_bw, max_eirp,
6880			   flags & NL80211_RRF_NO_OFDM ? " (no OFDM)" : "",
6881			   flags & NL80211_RRF_NO_CCK ? " (no CCK)" : "",
6882			   flags & NL80211_RRF_NO_INDOOR ? " (no indoor)" : "",
6883			   flags & NL80211_RRF_NO_OUTDOOR ? " (no outdoor)" :
6884			   "",
6885			   flags & NL80211_RRF_DFS ? " (DFS)" : "",
6886			   flags & NL80211_RRF_PTP_ONLY ? " (PTP only)" : "",
6887			   flags & NL80211_RRF_PTMP_ONLY ? " (PTMP only)" : "",
6888			   flags & NL80211_RRF_NO_IR ? " (no IR)" : "");
6889		if (max_bw >= 40)
6890			nl80211_reg_rule_ht40(start, end, results);
6891		if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP])
6892			nl80211_reg_rule_max_eirp(start, end, max_eirp,
6893						  results);
6894	}
6895
6896	nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
6897	{
6898		nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
6899			  nla_data(nl_rule), nla_len(nl_rule), reg_policy);
6900		nl80211_reg_rule_sec(tb_rule, results);
6901	}
6902
6903	nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
6904	{
6905		nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
6906			  nla_data(nl_rule), nla_len(nl_rule), reg_policy);
6907		nl80211_reg_rule_vht(tb_rule, results);
6908	}
6909
6910	return NL_SKIP;
6911}
6912
6913
6914static int nl80211_set_regulatory_flags(struct wpa_driver_nl80211_data *drv,
6915					struct phy_info_arg *results)
6916{
6917	struct nl_msg *msg;
6918
6919	msg = nlmsg_alloc();
6920	if (!msg)
6921		return -ENOMEM;
6922
6923	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG);
6924	return send_and_recv_msgs(drv, msg, nl80211_get_reg, results);
6925}
6926
6927
6928static struct hostapd_hw_modes *
6929wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
6930{
6931	u32 feat;
6932	struct i802_bss *bss = priv;
6933	struct wpa_driver_nl80211_data *drv = bss->drv;
6934	struct nl_msg *msg;
6935	struct phy_info_arg result = {
6936		.num_modes = num_modes,
6937		.modes = NULL,
6938		.last_mode = -1,
6939	};
6940
6941	*num_modes = 0;
6942	*flags = 0;
6943
6944	msg = nlmsg_alloc();
6945	if (!msg)
6946		return NULL;
6947
6948	feat = get_nl80211_protocol_features(drv);
6949	if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP)
6950		nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY);
6951	else
6952		nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
6953
6954	NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP);
6955	if (nl80211_set_iface_id(msg, bss) < 0)
6956		goto nla_put_failure;
6957
6958	if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) {
6959		nl80211_set_regulatory_flags(drv, &result);
6960		return wpa_driver_nl80211_postprocess_modes(result.modes,
6961							    num_modes);
6962	}
6963	msg = NULL;
6964 nla_put_failure:
6965	nlmsg_free(msg);
6966	return NULL;
6967}
6968
6969
6970static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv,
6971					const void *data, size_t len,
6972					int encrypt, int noack)
6973{
6974	__u8 rtap_hdr[] = {
6975		0x00, 0x00, /* radiotap version */
6976		0x0e, 0x00, /* radiotap length */
6977		0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
6978		IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
6979		0x00,       /* padding */
6980		0x00, 0x00, /* RX and TX flags to indicate that */
6981		0x00, 0x00, /* this is the injected frame directly */
6982	};
6983	struct iovec iov[2] = {
6984		{
6985			.iov_base = &rtap_hdr,
6986			.iov_len = sizeof(rtap_hdr),
6987		},
6988		{
6989			.iov_base = (void *) data,
6990			.iov_len = len,
6991		}
6992	};
6993	struct msghdr msg = {
6994		.msg_name = NULL,
6995		.msg_namelen = 0,
6996		.msg_iov = iov,
6997		.msg_iovlen = 2,
6998		.msg_control = NULL,
6999		.msg_controllen = 0,
7000		.msg_flags = 0,
7001	};
7002	int res;
7003	u16 txflags = 0;
7004
7005	if (encrypt)
7006		rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
7007
7008	if (drv->monitor_sock < 0) {
7009		wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available "
7010			   "for %s", __func__);
7011		return -1;
7012	}
7013
7014	if (noack)
7015		txflags |= IEEE80211_RADIOTAP_F_TX_NOACK;
7016	WPA_PUT_LE16(&rtap_hdr[12], txflags);
7017
7018	res = sendmsg(drv->monitor_sock, &msg, 0);
7019	if (res < 0) {
7020		wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno));
7021		return -1;
7022	}
7023	return 0;
7024}
7025
7026
7027static int wpa_driver_nl80211_send_frame(struct i802_bss *bss,
7028					 const void *data, size_t len,
7029					 int encrypt, int noack,
7030					 unsigned int freq, int no_cck,
7031					 int offchanok, unsigned int wait_time)
7032{
7033	struct wpa_driver_nl80211_data *drv = bss->drv;
7034	u64 cookie;
7035	int res;
7036
7037	if (freq == 0 && drv->nlmode == NL80211_IFTYPE_ADHOC) {
7038		freq = nl80211_get_assoc_freq(drv);
7039		wpa_printf(MSG_DEBUG,
7040			   "nl80211: send_frame - Use assoc_freq=%u for IBSS",
7041			   freq);
7042	}
7043	if (freq == 0) {
7044		wpa_printf(MSG_DEBUG, "nl80211: send_frame - Use bss->freq=%u",
7045			   bss->freq);
7046		freq = bss->freq;
7047	}
7048
7049	if (drv->use_monitor) {
7050		wpa_printf(MSG_DEBUG, "nl80211: send_frame(freq=%u bss->freq=%u) -> send_mntr",
7051			   freq, bss->freq);
7052		return wpa_driver_nl80211_send_mntr(drv, data, len,
7053						    encrypt, noack);
7054	}
7055
7056	wpa_printf(MSG_DEBUG, "nl80211: send_frame -> send_frame_cmd");
7057	res = nl80211_send_frame_cmd(bss, freq, wait_time, data, len,
7058				     &cookie, no_cck, noack, offchanok);
7059	if (res == 0 && !noack) {
7060		const struct ieee80211_mgmt *mgmt;
7061		u16 fc;
7062
7063		mgmt = (const struct ieee80211_mgmt *) data;
7064		fc = le_to_host16(mgmt->frame_control);
7065		if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
7066		    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION) {
7067			wpa_printf(MSG_MSGDUMP,
7068				   "nl80211: Update send_action_cookie from 0x%llx to 0x%llx",
7069				   (long long unsigned int)
7070				   drv->send_action_cookie,
7071				   (long long unsigned int) cookie);
7072			drv->send_action_cookie = cookie;
7073		}
7074	}
7075
7076	return res;
7077}
7078
7079
7080static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data,
7081					size_t data_len, int noack,
7082					unsigned int freq, int no_cck,
7083					int offchanok,
7084					unsigned int wait_time)
7085{
7086	struct wpa_driver_nl80211_data *drv = bss->drv;
7087	struct ieee80211_mgmt *mgmt;
7088	int encrypt = 1;
7089	u16 fc;
7090
7091	mgmt = (struct ieee80211_mgmt *) data;
7092	fc = le_to_host16(mgmt->frame_control);
7093	wpa_printf(MSG_DEBUG, "nl80211: send_mlme - da= " MACSTR
7094		   " noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u fc=0x%x (%s) nlmode=%d",
7095		   MAC2STR(mgmt->da), noack, freq, no_cck, offchanok, wait_time,
7096		   fc, fc2str(fc), drv->nlmode);
7097
7098	if ((is_sta_interface(drv->nlmode) ||
7099	     drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) &&
7100	    WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
7101	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
7102		/*
7103		 * The use of last_mgmt_freq is a bit of a hack,
7104		 * but it works due to the single-threaded nature
7105		 * of wpa_supplicant.
7106		 */
7107		if (freq == 0) {
7108			wpa_printf(MSG_DEBUG, "nl80211: Use last_mgmt_freq=%d",
7109				   drv->last_mgmt_freq);
7110			freq = drv->last_mgmt_freq;
7111		}
7112		return nl80211_send_frame_cmd(bss, freq, 0,
7113					      data, data_len, NULL, 1, noack,
7114					      1);
7115	}
7116
7117	if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) {
7118		if (freq == 0) {
7119			wpa_printf(MSG_DEBUG, "nl80211: Use bss->freq=%d",
7120				   bss->freq);
7121			freq = bss->freq;
7122		}
7123		return nl80211_send_frame_cmd(bss, freq,
7124					      (int) freq == bss->freq ? 0 :
7125					      wait_time,
7126					      data, data_len,
7127					      &drv->send_action_cookie,
7128					      no_cck, noack, offchanok);
7129	}
7130
7131	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
7132	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
7133		/*
7134		 * Only one of the authentication frame types is encrypted.
7135		 * In order for static WEP encryption to work properly (i.e.,
7136		 * to not encrypt the frame), we need to tell mac80211 about
7137		 * the frames that must not be encrypted.
7138		 */
7139		u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
7140		u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
7141		if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
7142			encrypt = 0;
7143	}
7144
7145	wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame");
7146	return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt,
7147					     noack, freq, no_cck, offchanok,
7148					     wait_time);
7149}
7150
7151
7152static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble,
7153			   int slot, int ht_opmode, int ap_isolate,
7154			   int *basic_rates)
7155{
7156	struct wpa_driver_nl80211_data *drv = bss->drv;
7157	struct nl_msg *msg;
7158
7159	msg = nlmsg_alloc();
7160	if (!msg)
7161		return -ENOMEM;
7162
7163	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS);
7164
7165	if (cts >= 0)
7166		NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
7167	if (preamble >= 0)
7168		NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
7169	if (slot >= 0)
7170		NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
7171	if (ht_opmode >= 0)
7172		NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode);
7173	if (ap_isolate >= 0)
7174		NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate);
7175
7176	if (basic_rates) {
7177		u8 rates[NL80211_MAX_SUPP_RATES];
7178		u8 rates_len = 0;
7179		int i;
7180
7181		for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0;
7182		     i++)
7183			rates[rates_len++] = basic_rates[i] / 5;
7184
7185		NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
7186	}
7187
7188	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
7189
7190	return send_and_recv_msgs(drv, msg, NULL, NULL);
7191 nla_put_failure:
7192	nlmsg_free(msg);
7193	return -ENOBUFS;
7194}
7195
7196
7197static int wpa_driver_nl80211_set_acl(void *priv,
7198				      struct hostapd_acl_params *params)
7199{
7200	struct i802_bss *bss = priv;
7201	struct wpa_driver_nl80211_data *drv = bss->drv;
7202	struct nl_msg *msg;
7203	struct nlattr *acl;
7204	unsigned int i;
7205	int ret = 0;
7206
7207	if (!(drv->capa.max_acl_mac_addrs))
7208		return -ENOTSUP;
7209
7210	if (params->num_mac_acl > drv->capa.max_acl_mac_addrs)
7211		return -ENOTSUP;
7212
7213	msg = nlmsg_alloc();
7214	if (!msg)
7215		return -ENOMEM;
7216
7217	wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)",
7218		   params->acl_policy ? "Accept" : "Deny", params->num_mac_acl);
7219
7220	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_MAC_ACL);
7221
7222	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7223
7224	NLA_PUT_U32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ?
7225		    NL80211_ACL_POLICY_DENY_UNLESS_LISTED :
7226		    NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED);
7227
7228	acl = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
7229	if (acl == NULL)
7230		goto nla_put_failure;
7231
7232	for (i = 0; i < params->num_mac_acl; i++)
7233		NLA_PUT(msg, i + 1, ETH_ALEN, params->mac_acl[i].addr);
7234
7235	nla_nest_end(msg, acl);
7236
7237	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7238	msg = NULL;
7239	if (ret) {
7240		wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)",
7241			   ret, strerror(-ret));
7242	}
7243
7244nla_put_failure:
7245	nlmsg_free(msg);
7246
7247	return ret;
7248}
7249
7250
7251static int wpa_driver_nl80211_set_ap(void *priv,
7252				     struct wpa_driver_ap_params *params)
7253{
7254	struct i802_bss *bss = priv;
7255	struct wpa_driver_nl80211_data *drv = bss->drv;
7256	struct nl_msg *msg;
7257	u8 cmd = NL80211_CMD_NEW_BEACON;
7258	int ret;
7259	int beacon_set;
7260	int ifindex = if_nametoindex(bss->ifname);
7261	int num_suites;
7262	u32 suites[10], suite;
7263	u32 ver;
7264
7265	beacon_set = bss->beacon_set;
7266
7267	msg = nlmsg_alloc();
7268	if (!msg)
7269		return -ENOMEM;
7270
7271	wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
7272		   beacon_set);
7273	if (beacon_set)
7274		cmd = NL80211_CMD_SET_BEACON;
7275
7276	nl80211_cmd(drv, msg, 0, cmd);
7277	wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head",
7278		    params->head, params->head_len);
7279	NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head);
7280	wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail",
7281		    params->tail, params->tail_len);
7282	NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail);
7283	wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", ifindex);
7284	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
7285	wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int);
7286	NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int);
7287	wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period);
7288	NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period);
7289	wpa_hexdump_ascii(MSG_DEBUG, "nl80211: ssid",
7290			  params->ssid, params->ssid_len);
7291	NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
7292		params->ssid);
7293	if (params->proberesp && params->proberesp_len) {
7294		wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)",
7295			    params->proberesp, params->proberesp_len);
7296		NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len,
7297			params->proberesp);
7298	}
7299	switch (params->hide_ssid) {
7300	case NO_SSID_HIDING:
7301		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use");
7302		NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
7303			    NL80211_HIDDEN_SSID_NOT_IN_USE);
7304		break;
7305	case HIDDEN_SSID_ZERO_LEN:
7306		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len");
7307		NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
7308			    NL80211_HIDDEN_SSID_ZERO_LEN);
7309		break;
7310	case HIDDEN_SSID_ZERO_CONTENTS:
7311		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents");
7312		NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
7313			    NL80211_HIDDEN_SSID_ZERO_CONTENTS);
7314		break;
7315	}
7316	wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy);
7317	if (params->privacy)
7318		NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
7319	wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs);
7320	if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) ==
7321	    (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) {
7322		/* Leave out the attribute */
7323	} else if (params->auth_algs & WPA_AUTH_ALG_SHARED)
7324		NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
7325			    NL80211_AUTHTYPE_SHARED_KEY);
7326	else
7327		NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
7328			    NL80211_AUTHTYPE_OPEN_SYSTEM);
7329
7330	wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version);
7331	ver = 0;
7332	if (params->wpa_version & WPA_PROTO_WPA)
7333		ver |= NL80211_WPA_VERSION_1;
7334	if (params->wpa_version & WPA_PROTO_RSN)
7335		ver |= NL80211_WPA_VERSION_2;
7336	if (ver)
7337		NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
7338
7339	wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x",
7340		   params->key_mgmt_suites);
7341	num_suites = 0;
7342	if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X)
7343		suites[num_suites++] = WLAN_AKM_SUITE_8021X;
7344	if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)
7345		suites[num_suites++] = WLAN_AKM_SUITE_PSK;
7346	if (num_suites) {
7347		NLA_PUT(msg, NL80211_ATTR_AKM_SUITES,
7348			num_suites * sizeof(u32), suites);
7349	}
7350
7351	if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X &&
7352	    params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40))
7353		NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT);
7354
7355	wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x",
7356		   params->pairwise_ciphers);
7357	num_suites = wpa_cipher_to_cipher_suites(params->pairwise_ciphers,
7358						 suites, ARRAY_SIZE(suites));
7359	if (num_suites) {
7360		NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
7361			num_suites * sizeof(u32), suites);
7362	}
7363
7364	wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x",
7365		   params->group_cipher);
7366	suite = wpa_cipher_to_cipher_suite(params->group_cipher);
7367	if (suite)
7368		NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite);
7369
7370	if (params->beacon_ies) {
7371		wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies",
7372				params->beacon_ies);
7373		NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies),
7374			wpabuf_head(params->beacon_ies));
7375	}
7376	if (params->proberesp_ies) {
7377		wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies",
7378				params->proberesp_ies);
7379		NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP,
7380			wpabuf_len(params->proberesp_ies),
7381			wpabuf_head(params->proberesp_ies));
7382	}
7383	if (params->assocresp_ies) {
7384		wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies",
7385				params->assocresp_ies);
7386		NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP,
7387			wpabuf_len(params->assocresp_ies),
7388			wpabuf_head(params->assocresp_ies));
7389	}
7390
7391	if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)  {
7392		wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d",
7393			   params->ap_max_inactivity);
7394		NLA_PUT_U16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT,
7395			    params->ap_max_inactivity);
7396	}
7397
7398	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7399	if (ret) {
7400		wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
7401			   ret, strerror(-ret));
7402	} else {
7403		bss->beacon_set = 1;
7404		nl80211_set_bss(bss, params->cts_protect, params->preamble,
7405				params->short_slot_time, params->ht_opmode,
7406				params->isolate, params->basic_rates);
7407		if (beacon_set && params->freq &&
7408		    params->freq->bandwidth != bss->bandwidth) {
7409			wpa_printf(MSG_DEBUG,
7410				   "nl80211: Update BSS %s bandwidth: %d -> %d",
7411				   bss->ifname, bss->bandwidth,
7412				   params->freq->bandwidth);
7413			ret = nl80211_set_channel(bss, params->freq, 1);
7414			if (ret) {
7415				wpa_printf(MSG_DEBUG,
7416					   "nl80211: Frequency set failed: %d (%s)",
7417					   ret, strerror(-ret));
7418			} else {
7419				wpa_printf(MSG_DEBUG,
7420					   "nl80211: Frequency set succeeded for ht2040 coex");
7421				bss->bandwidth = params->freq->bandwidth;
7422			}
7423		} else if (!beacon_set) {
7424			/*
7425			 * cfg80211 updates the driver on frequence change in AP
7426			 * mode only at the point when beaconing is started, so
7427			 * set the initial value here.
7428			 */
7429			bss->bandwidth = params->freq->bandwidth;
7430		}
7431	}
7432	return ret;
7433 nla_put_failure:
7434	nlmsg_free(msg);
7435	return -ENOBUFS;
7436}
7437
7438
7439static int nl80211_put_freq_params(struct nl_msg *msg,
7440				   struct hostapd_freq_params *freq)
7441{
7442	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq);
7443	if (freq->vht_enabled) {
7444		switch (freq->bandwidth) {
7445		case 20:
7446			NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
7447				    NL80211_CHAN_WIDTH_20);
7448			break;
7449		case 40:
7450			NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
7451				    NL80211_CHAN_WIDTH_40);
7452			break;
7453		case 80:
7454			if (freq->center_freq2)
7455				NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
7456					    NL80211_CHAN_WIDTH_80P80);
7457			else
7458				NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
7459					    NL80211_CHAN_WIDTH_80);
7460			break;
7461		case 160:
7462			NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
7463				    NL80211_CHAN_WIDTH_160);
7464			break;
7465		default:
7466			return -EINVAL;
7467		}
7468		NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1);
7469		if (freq->center_freq2)
7470			NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2,
7471				    freq->center_freq2);
7472	} else if (freq->ht_enabled) {
7473		switch (freq->sec_channel_offset) {
7474		case -1:
7475			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
7476				    NL80211_CHAN_HT40MINUS);
7477			break;
7478		case 1:
7479			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
7480				    NL80211_CHAN_HT40PLUS);
7481			break;
7482		default:
7483			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
7484				    NL80211_CHAN_HT20);
7485			break;
7486		}
7487	}
7488	return 0;
7489
7490nla_put_failure:
7491	return -ENOBUFS;
7492}
7493
7494
7495static int nl80211_set_channel(struct i802_bss *bss,
7496			       struct hostapd_freq_params *freq, int set_chan)
7497{
7498	struct wpa_driver_nl80211_data *drv = bss->drv;
7499	struct nl_msg *msg;
7500	int ret;
7501
7502	wpa_printf(MSG_DEBUG,
7503		   "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
7504		   freq->freq, freq->ht_enabled, freq->vht_enabled,
7505		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
7506	msg = nlmsg_alloc();
7507	if (!msg)
7508		return -1;
7509
7510	nl80211_cmd(drv, msg, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
7511		    NL80211_CMD_SET_WIPHY);
7512
7513	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7514	if (nl80211_put_freq_params(msg, freq) < 0)
7515		goto nla_put_failure;
7516
7517	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7518	msg = NULL;
7519	if (ret == 0) {
7520		bss->freq = freq->freq;
7521		return 0;
7522	}
7523	wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
7524		   "%d (%s)", freq->freq, ret, strerror(-ret));
7525nla_put_failure:
7526	nlmsg_free(msg);
7527	return -1;
7528}
7529
7530
7531static u32 sta_flags_nl80211(int flags)
7532{
7533	u32 f = 0;
7534
7535	if (flags & WPA_STA_AUTHORIZED)
7536		f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
7537	if (flags & WPA_STA_WMM)
7538		f |= BIT(NL80211_STA_FLAG_WME);
7539	if (flags & WPA_STA_SHORT_PREAMBLE)
7540		f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
7541	if (flags & WPA_STA_MFP)
7542		f |= BIT(NL80211_STA_FLAG_MFP);
7543	if (flags & WPA_STA_TDLS_PEER)
7544		f |= BIT(NL80211_STA_FLAG_TDLS_PEER);
7545
7546	return f;
7547}
7548
7549
7550static int wpa_driver_nl80211_sta_add(void *priv,
7551				      struct hostapd_sta_add_params *params)
7552{
7553	struct i802_bss *bss = priv;
7554	struct wpa_driver_nl80211_data *drv = bss->drv;
7555	struct nl_msg *msg;
7556	struct nl80211_sta_flag_update upd;
7557	int ret = -ENOBUFS;
7558
7559	if ((params->flags & WPA_STA_TDLS_PEER) &&
7560	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
7561		return -EOPNOTSUPP;
7562
7563	msg = nlmsg_alloc();
7564	if (!msg)
7565		return -ENOMEM;
7566
7567	wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR,
7568		   params->set ? "Set" : "Add", MAC2STR(params->addr));
7569	nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION :
7570		    NL80211_CMD_NEW_STATION);
7571
7572	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
7573	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
7574	NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
7575		params->supp_rates);
7576	wpa_hexdump(MSG_DEBUG, "  * supported rates", params->supp_rates,
7577		    params->supp_rates_len);
7578	if (!params->set) {
7579		if (params->aid) {
7580			wpa_printf(MSG_DEBUG, "  * aid=%u", params->aid);
7581			NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
7582		} else {
7583			/*
7584			 * cfg80211 validates that AID is non-zero, so we have
7585			 * to make this a non-zero value for the TDLS case where
7586			 * a dummy STA entry is used for now.
7587			 */
7588			wpa_printf(MSG_DEBUG, "  * aid=1 (TDLS workaround)");
7589			NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, 1);
7590		}
7591		wpa_printf(MSG_DEBUG, "  * listen_interval=%u",
7592			   params->listen_interval);
7593		NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
7594			    params->listen_interval);
7595	} else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) {
7596		wpa_printf(MSG_DEBUG, "  * peer_aid=%u", params->aid);
7597		NLA_PUT_U16(msg, NL80211_ATTR_PEER_AID, params->aid);
7598	}
7599	if (params->ht_capabilities) {
7600		wpa_hexdump(MSG_DEBUG, "  * ht_capabilities",
7601			    (u8 *) params->ht_capabilities,
7602			    sizeof(*params->ht_capabilities));
7603		NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
7604			sizeof(*params->ht_capabilities),
7605			params->ht_capabilities);
7606	}
7607
7608	if (params->vht_capabilities) {
7609		wpa_hexdump(MSG_DEBUG, "  * vht_capabilities",
7610			    (u8 *) params->vht_capabilities,
7611			    sizeof(*params->vht_capabilities));
7612		NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY,
7613			sizeof(*params->vht_capabilities),
7614			params->vht_capabilities);
7615	}
7616
7617	if (params->vht_opmode_enabled) {
7618		wpa_printf(MSG_DEBUG, "  * opmode=%u", params->vht_opmode);
7619		NLA_PUT_U8(msg, NL80211_ATTR_OPMODE_NOTIF,
7620			   params->vht_opmode);
7621	}
7622
7623	wpa_printf(MSG_DEBUG, "  * capability=0x%x", params->capability);
7624	NLA_PUT_U16(msg, NL80211_ATTR_STA_CAPABILITY, params->capability);
7625
7626	if (params->ext_capab) {
7627		wpa_hexdump(MSG_DEBUG, "  * ext_capab",
7628			    params->ext_capab, params->ext_capab_len);
7629		NLA_PUT(msg, NL80211_ATTR_STA_EXT_CAPABILITY,
7630			params->ext_capab_len, params->ext_capab);
7631	}
7632
7633	if (params->supp_channels) {
7634		wpa_hexdump(MSG_DEBUG, "  * supported channels",
7635			    params->supp_channels, params->supp_channels_len);
7636		NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_CHANNELS,
7637			params->supp_channels_len, params->supp_channels);
7638	}
7639
7640	if (params->supp_oper_classes) {
7641		wpa_hexdump(MSG_DEBUG, "  * supported operating classes",
7642			    params->supp_oper_classes,
7643			    params->supp_oper_classes_len);
7644		NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES,
7645			params->supp_oper_classes_len,
7646			params->supp_oper_classes);
7647	}
7648
7649	os_memset(&upd, 0, sizeof(upd));
7650	upd.mask = sta_flags_nl80211(params->flags);
7651	upd.set = upd.mask;
7652	wpa_printf(MSG_DEBUG, "  * flags set=0x%x mask=0x%x",
7653		   upd.set, upd.mask);
7654	NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
7655
7656	if (params->flags & WPA_STA_WMM) {
7657		struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME);
7658
7659		if (!wme)
7660			goto nla_put_failure;
7661
7662		wpa_printf(MSG_DEBUG, "  * qosinfo=0x%x", params->qosinfo);
7663		NLA_PUT_U8(msg, NL80211_STA_WME_UAPSD_QUEUES,
7664				params->qosinfo & WMM_QOSINFO_STA_AC_MASK);
7665		NLA_PUT_U8(msg, NL80211_STA_WME_MAX_SP,
7666				(params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) &
7667				WMM_QOSINFO_STA_SP_MASK);
7668		nla_nest_end(msg, wme);
7669	}
7670
7671	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7672	msg = NULL;
7673	if (ret)
7674		wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION "
7675			   "result: %d (%s)", params->set ? "SET" : "NEW", ret,
7676			   strerror(-ret));
7677	if (ret == -EEXIST)
7678		ret = 0;
7679 nla_put_failure:
7680	nlmsg_free(msg);
7681	return ret;
7682}
7683
7684
7685static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr)
7686{
7687	struct wpa_driver_nl80211_data *drv = bss->drv;
7688	struct nl_msg *msg;
7689	int ret;
7690
7691	msg = nlmsg_alloc();
7692	if (!msg)
7693		return -ENOMEM;
7694
7695	nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION);
7696
7697	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
7698		    if_nametoindex(bss->ifname));
7699	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7700
7701	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7702	wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR
7703		   " --> %d (%s)",
7704		   bss->ifname, MAC2STR(addr), ret, strerror(-ret));
7705	if (ret == -ENOENT)
7706		return 0;
7707	return ret;
7708 nla_put_failure:
7709	nlmsg_free(msg);
7710	return -ENOBUFS;
7711}
7712
7713
7714static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
7715				 int ifidx)
7716{
7717	struct nl_msg *msg;
7718	struct wpa_driver_nl80211_data *drv2;
7719
7720	wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
7721
7722	/* stop listening for EAPOL on this interface */
7723	dl_list_for_each(drv2, &drv->global->interfaces,
7724			 struct wpa_driver_nl80211_data, list)
7725		del_ifidx(drv2, ifidx);
7726
7727	msg = nlmsg_alloc();
7728	if (!msg)
7729		goto nla_put_failure;
7730
7731	nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE);
7732	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
7733
7734	if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
7735		return;
7736	msg = NULL;
7737 nla_put_failure:
7738	nlmsg_free(msg);
7739	wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
7740}
7741
7742
7743static const char * nl80211_iftype_str(enum nl80211_iftype mode)
7744{
7745	switch (mode) {
7746	case NL80211_IFTYPE_ADHOC:
7747		return "ADHOC";
7748	case NL80211_IFTYPE_STATION:
7749		return "STATION";
7750	case NL80211_IFTYPE_AP:
7751		return "AP";
7752	case NL80211_IFTYPE_AP_VLAN:
7753		return "AP_VLAN";
7754	case NL80211_IFTYPE_WDS:
7755		return "WDS";
7756	case NL80211_IFTYPE_MONITOR:
7757		return "MONITOR";
7758	case NL80211_IFTYPE_MESH_POINT:
7759		return "MESH_POINT";
7760	case NL80211_IFTYPE_P2P_CLIENT:
7761		return "P2P_CLIENT";
7762	case NL80211_IFTYPE_P2P_GO:
7763		return "P2P_GO";
7764	case NL80211_IFTYPE_P2P_DEVICE:
7765		return "P2P_DEVICE";
7766	default:
7767		return "unknown";
7768	}
7769}
7770
7771
7772static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
7773				     const char *ifname,
7774				     enum nl80211_iftype iftype,
7775				     const u8 *addr, int wds,
7776				     int (*handler)(struct nl_msg *, void *),
7777				     void *arg)
7778{
7779	struct nl_msg *msg;
7780	int ifidx;
7781	int ret = -ENOBUFS;
7782
7783	wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)",
7784		   iftype, nl80211_iftype_str(iftype));
7785
7786	msg = nlmsg_alloc();
7787	if (!msg)
7788		return -1;
7789
7790	nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE);
7791	if (nl80211_set_iface_id(msg, drv->first_bss) < 0)
7792		goto nla_put_failure;
7793	NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
7794	NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
7795
7796	if (iftype == NL80211_IFTYPE_MONITOR) {
7797		struct nlattr *flags;
7798
7799		flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS);
7800		if (!flags)
7801			goto nla_put_failure;
7802
7803		NLA_PUT_FLAG(msg, NL80211_MNTR_FLAG_COOK_FRAMES);
7804
7805		nla_nest_end(msg, flags);
7806	} else if (wds) {
7807		NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds);
7808	}
7809
7810	/*
7811	 * Tell cfg80211 that the interface belongs to the socket that created
7812	 * it, and the interface should be deleted when the socket is closed.
7813	 */
7814	NLA_PUT_FLAG(msg, NL80211_ATTR_IFACE_SOCKET_OWNER);
7815
7816	ret = send_and_recv_msgs(drv, msg, handler, arg);
7817	msg = NULL;
7818	if (ret) {
7819 nla_put_failure:
7820		nlmsg_free(msg);
7821		wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
7822			   ifname, ret, strerror(-ret));
7823		return ret;
7824	}
7825
7826	if (iftype == NL80211_IFTYPE_P2P_DEVICE)
7827		return 0;
7828
7829	ifidx = if_nametoindex(ifname);
7830	wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
7831		   ifname, ifidx);
7832
7833	if (ifidx <= 0)
7834		return -1;
7835
7836	/*
7837	 * Some virtual interfaces need to process EAPOL packets and events on
7838	 * the parent interface. This is used mainly with hostapd.
7839	 */
7840	if (drv->hostapd ||
7841	    iftype == NL80211_IFTYPE_AP_VLAN ||
7842	    iftype == NL80211_IFTYPE_WDS ||
7843	    iftype == NL80211_IFTYPE_MONITOR) {
7844		/* start listening for EAPOL on this interface */
7845		add_ifidx(drv, ifidx);
7846	}
7847
7848	if (addr && iftype != NL80211_IFTYPE_MONITOR &&
7849	    linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) {
7850		nl80211_remove_iface(drv, ifidx);
7851		return -1;
7852	}
7853
7854	return ifidx;
7855}
7856
7857
7858static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
7859				const char *ifname, enum nl80211_iftype iftype,
7860				const u8 *addr, int wds,
7861				int (*handler)(struct nl_msg *, void *),
7862				void *arg, int use_existing)
7863{
7864	int ret;
7865
7866	ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler,
7867					arg);
7868
7869	/* if error occurred and interface exists already */
7870	if (ret == -ENFILE && if_nametoindex(ifname)) {
7871		if (use_existing) {
7872			wpa_printf(MSG_DEBUG, "nl80211: Continue using existing interface %s",
7873				   ifname);
7874			if (addr && iftype != NL80211_IFTYPE_MONITOR &&
7875			    linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
7876					       addr) < 0 &&
7877			    (linux_set_iface_flags(drv->global->ioctl_sock,
7878						   ifname, 0) < 0 ||
7879			     linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
7880						addr) < 0 ||
7881			     linux_set_iface_flags(drv->global->ioctl_sock,
7882						   ifname, 1) < 0))
7883					return -1;
7884			return -ENFILE;
7885		}
7886		wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
7887
7888		/* Try to remove the interface that was already there. */
7889		nl80211_remove_iface(drv, if_nametoindex(ifname));
7890
7891		/* Try to create the interface again */
7892		ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
7893						wds, handler, arg);
7894	}
7895
7896	if (ret >= 0 && is_p2p_net_interface(iftype))
7897		nl80211_disable_11b_rates(drv, ret, 1);
7898
7899	return ret;
7900}
7901
7902
7903static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
7904{
7905	struct ieee80211_hdr *hdr;
7906	u16 fc;
7907	union wpa_event_data event;
7908
7909	hdr = (struct ieee80211_hdr *) buf;
7910	fc = le_to_host16(hdr->frame_control);
7911
7912	os_memset(&event, 0, sizeof(event));
7913	event.tx_status.type = WLAN_FC_GET_TYPE(fc);
7914	event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
7915	event.tx_status.dst = hdr->addr1;
7916	event.tx_status.data = buf;
7917	event.tx_status.data_len = len;
7918	event.tx_status.ack = ok;
7919	wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event);
7920}
7921
7922
7923static void from_unknown_sta(struct wpa_driver_nl80211_data *drv,
7924			     u8 *buf, size_t len)
7925{
7926	struct ieee80211_hdr *hdr = (void *)buf;
7927	u16 fc;
7928	union wpa_event_data event;
7929
7930	if (len < sizeof(*hdr))
7931		return;
7932
7933	fc = le_to_host16(hdr->frame_control);
7934
7935	os_memset(&event, 0, sizeof(event));
7936	event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len);
7937	event.rx_from_unknown.addr = hdr->addr2;
7938	event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) ==
7939		(WLAN_FC_FROMDS | WLAN_FC_TODS);
7940	wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
7941}
7942
7943
7944static void handle_frame(struct wpa_driver_nl80211_data *drv,
7945			 u8 *buf, size_t len, int datarate, int ssi_signal)
7946{
7947	struct ieee80211_hdr *hdr;
7948	u16 fc;
7949	union wpa_event_data event;
7950
7951	hdr = (struct ieee80211_hdr *) buf;
7952	fc = le_to_host16(hdr->frame_control);
7953
7954	switch (WLAN_FC_GET_TYPE(fc)) {
7955	case WLAN_FC_TYPE_MGMT:
7956		os_memset(&event, 0, sizeof(event));
7957		event.rx_mgmt.frame = buf;
7958		event.rx_mgmt.frame_len = len;
7959		event.rx_mgmt.datarate = datarate;
7960		event.rx_mgmt.ssi_signal = ssi_signal;
7961		wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
7962		break;
7963	case WLAN_FC_TYPE_CTRL:
7964		/* can only get here with PS-Poll frames */
7965		wpa_printf(MSG_DEBUG, "CTRL");
7966		from_unknown_sta(drv, buf, len);
7967		break;
7968	case WLAN_FC_TYPE_DATA:
7969		from_unknown_sta(drv, buf, len);
7970		break;
7971	}
7972}
7973
7974
7975static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
7976{
7977	struct wpa_driver_nl80211_data *drv = eloop_ctx;
7978	int len;
7979	unsigned char buf[3000];
7980	struct ieee80211_radiotap_iterator iter;
7981	int ret;
7982	int datarate = 0, ssi_signal = 0;
7983	int injected = 0, failed = 0, rxflags = 0;
7984
7985	len = recv(sock, buf, sizeof(buf), 0);
7986	if (len < 0) {
7987		wpa_printf(MSG_ERROR, "nl80211: Monitor socket recv failed: %s",
7988			   strerror(errno));
7989		return;
7990	}
7991
7992	if (ieee80211_radiotap_iterator_init(&iter, (void *) buf, len, NULL)) {
7993		wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame");
7994		return;
7995	}
7996
7997	while (1) {
7998		ret = ieee80211_radiotap_iterator_next(&iter);
7999		if (ret == -ENOENT)
8000			break;
8001		if (ret) {
8002			wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame (%d)",
8003				   ret);
8004			return;
8005		}
8006		switch (iter.this_arg_index) {
8007		case IEEE80211_RADIOTAP_FLAGS:
8008			if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
8009				len -= 4;
8010			break;
8011		case IEEE80211_RADIOTAP_RX_FLAGS:
8012			rxflags = 1;
8013			break;
8014		case IEEE80211_RADIOTAP_TX_FLAGS:
8015			injected = 1;
8016			failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
8017					IEEE80211_RADIOTAP_F_TX_FAIL;
8018			break;
8019		case IEEE80211_RADIOTAP_DATA_RETRIES:
8020			break;
8021		case IEEE80211_RADIOTAP_CHANNEL:
8022			/* TODO: convert from freq/flags to channel number */
8023			break;
8024		case IEEE80211_RADIOTAP_RATE:
8025			datarate = *iter.this_arg * 5;
8026			break;
8027		case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
8028			ssi_signal = (s8) *iter.this_arg;
8029			break;
8030		}
8031	}
8032
8033	if (rxflags && injected)
8034		return;
8035
8036	if (!injected)
8037		handle_frame(drv, buf + iter._max_length,
8038			     len - iter._max_length, datarate, ssi_signal);
8039	else
8040		handle_tx_callback(drv->ctx, buf + iter._max_length,
8041				   len - iter._max_length, !failed);
8042}
8043
8044
8045/*
8046 * we post-process the filter code later and rewrite
8047 * this to the offset to the last instruction
8048 */
8049#define PASS	0xFF
8050#define FAIL	0xFE
8051
8052static struct sock_filter msock_filter_insns[] = {
8053	/*
8054	 * do a little-endian load of the radiotap length field
8055	 */
8056	/* load lower byte into A */
8057	BPF_STMT(BPF_LD  | BPF_B | BPF_ABS, 2),
8058	/* put it into X (== index register) */
8059	BPF_STMT(BPF_MISC| BPF_TAX, 0),
8060	/* load upper byte into A */
8061	BPF_STMT(BPF_LD  | BPF_B | BPF_ABS, 3),
8062	/* left-shift it by 8 */
8063	BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
8064	/* or with X */
8065	BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
8066	/* put result into X */
8067	BPF_STMT(BPF_MISC| BPF_TAX, 0),
8068
8069	/*
8070	 * Allow management frames through, this also gives us those
8071	 * management frames that we sent ourselves with status
8072	 */
8073	/* load the lower byte of the IEEE 802.11 frame control field */
8074	BPF_STMT(BPF_LD  | BPF_B | BPF_IND, 0),
8075	/* mask off frame type and version */
8076	BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
8077	/* accept frame if it's both 0, fall through otherwise */
8078	BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
8079
8080	/*
8081	 * TODO: add a bit to radiotap RX flags that indicates
8082	 * that the sending station is not associated, then
8083	 * add a filter here that filters on our DA and that flag
8084	 * to allow us to deauth frames to that bad station.
8085	 *
8086	 * For now allow all To DS data frames through.
8087	 */
8088	/* load the IEEE 802.11 frame control field */
8089	BPF_STMT(BPF_LD  | BPF_H | BPF_IND, 0),
8090	/* mask off frame type, version and DS status */
8091	BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03),
8092	/* accept frame if version 0, type 2 and To DS, fall through otherwise
8093	 */
8094	BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0),
8095
8096#if 0
8097	/*
8098	 * drop non-data frames
8099	 */
8100	/* load the lower byte of the frame control field */
8101	BPF_STMT(BPF_LD   | BPF_B | BPF_IND, 0),
8102	/* mask off QoS bit */
8103	BPF_STMT(BPF_ALU  | BPF_AND | BPF_K, 0x0c),
8104	/* drop non-data frames */
8105	BPF_JUMP(BPF_JMP  | BPF_JEQ | BPF_K, 8, 0, FAIL),
8106#endif
8107	/* load the upper byte of the frame control field */
8108	BPF_STMT(BPF_LD   | BPF_B | BPF_IND, 1),
8109	/* mask off toDS/fromDS */
8110	BPF_STMT(BPF_ALU  | BPF_AND | BPF_K, 0x03),
8111	/* accept WDS frames */
8112	BPF_JUMP(BPF_JMP  | BPF_JEQ | BPF_K, 3, PASS, 0),
8113
8114	/*
8115	 * add header length to index
8116	 */
8117	/* load the lower byte of the frame control field */
8118	BPF_STMT(BPF_LD   | BPF_B | BPF_IND, 0),
8119	/* mask off QoS bit */
8120	BPF_STMT(BPF_ALU  | BPF_AND | BPF_K, 0x80),
8121	/* right shift it by 6 to give 0 or 2 */
8122	BPF_STMT(BPF_ALU  | BPF_RSH | BPF_K, 6),
8123	/* add data frame header length */
8124	BPF_STMT(BPF_ALU  | BPF_ADD | BPF_K, 24),
8125	/* add index, was start of 802.11 header */
8126	BPF_STMT(BPF_ALU  | BPF_ADD | BPF_X, 0),
8127	/* move to index, now start of LL header */
8128	BPF_STMT(BPF_MISC | BPF_TAX, 0),
8129
8130	/*
8131	 * Accept empty data frames, we use those for
8132	 * polling activity.
8133	 */
8134	BPF_STMT(BPF_LD  | BPF_W | BPF_LEN, 0),
8135	BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
8136
8137	/*
8138	 * Accept EAPOL frames
8139	 */
8140	BPF_STMT(BPF_LD  | BPF_W | BPF_IND, 0),
8141	BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
8142	BPF_STMT(BPF_LD  | BPF_W | BPF_IND, 4),
8143	BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
8144
8145	/* keep these last two statements or change the code below */
8146	/* return 0 == "DROP" */
8147	BPF_STMT(BPF_RET | BPF_K, 0),
8148	/* return ~0 == "keep all" */
8149	BPF_STMT(BPF_RET | BPF_K, ~0),
8150};
8151
8152static struct sock_fprog msock_filter = {
8153	.len = ARRAY_SIZE(msock_filter_insns),
8154	.filter = msock_filter_insns,
8155};
8156
8157
8158static int add_monitor_filter(int s)
8159{
8160	int idx;
8161
8162	/* rewrite all PASS/FAIL jump offsets */
8163	for (idx = 0; idx < msock_filter.len; idx++) {
8164		struct sock_filter *insn = &msock_filter_insns[idx];
8165
8166		if (BPF_CLASS(insn->code) == BPF_JMP) {
8167			if (insn->code == (BPF_JMP|BPF_JA)) {
8168				if (insn->k == PASS)
8169					insn->k = msock_filter.len - idx - 2;
8170				else if (insn->k == FAIL)
8171					insn->k = msock_filter.len - idx - 3;
8172			}
8173
8174			if (insn->jt == PASS)
8175				insn->jt = msock_filter.len - idx - 2;
8176			else if (insn->jt == FAIL)
8177				insn->jt = msock_filter.len - idx - 3;
8178
8179			if (insn->jf == PASS)
8180				insn->jf = msock_filter.len - idx - 2;
8181			else if (insn->jf == FAIL)
8182				insn->jf = msock_filter.len - idx - 3;
8183		}
8184	}
8185
8186	if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
8187		       &msock_filter, sizeof(msock_filter))) {
8188		wpa_printf(MSG_ERROR, "nl80211: setsockopt(SO_ATTACH_FILTER) failed: %s",
8189			   strerror(errno));
8190		return -1;
8191	}
8192
8193	return 0;
8194}
8195
8196
8197static void nl80211_remove_monitor_interface(
8198	struct wpa_driver_nl80211_data *drv)
8199{
8200	if (drv->monitor_refcount > 0)
8201		drv->monitor_refcount--;
8202	wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface: refcount=%d",
8203		   drv->monitor_refcount);
8204	if (drv->monitor_refcount > 0)
8205		return;
8206
8207	if (drv->monitor_ifidx >= 0) {
8208		nl80211_remove_iface(drv, drv->monitor_ifidx);
8209		drv->monitor_ifidx = -1;
8210	}
8211	if (drv->monitor_sock >= 0) {
8212		eloop_unregister_read_sock(drv->monitor_sock);
8213		close(drv->monitor_sock);
8214		drv->monitor_sock = -1;
8215	}
8216}
8217
8218
8219static int
8220nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
8221{
8222	char buf[IFNAMSIZ];
8223	struct sockaddr_ll ll;
8224	int optval;
8225	socklen_t optlen;
8226
8227	if (drv->monitor_ifidx >= 0) {
8228		drv->monitor_refcount++;
8229		wpa_printf(MSG_DEBUG, "nl80211: Re-use existing monitor interface: refcount=%d",
8230			   drv->monitor_refcount);
8231		return 0;
8232	}
8233
8234	if (os_strncmp(drv->first_bss->ifname, "p2p-", 4) == 0) {
8235		/*
8236		 * P2P interface name is of the format p2p-%s-%d. For monitor
8237		 * interface name corresponding to P2P GO, replace "p2p-" with
8238		 * "mon-" to retain the same interface name length and to
8239		 * indicate that it is a monitor interface.
8240		 */
8241		snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss->ifname + 4);
8242	} else {
8243		/* Non-P2P interface with AP functionality. */
8244		snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss->ifname);
8245	}
8246
8247	buf[IFNAMSIZ - 1] = '\0';
8248
8249	drv->monitor_ifidx =
8250		nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL,
8251				     0, NULL, NULL, 0);
8252
8253	if (drv->monitor_ifidx == -EOPNOTSUPP) {
8254		/*
8255		 * This is backward compatibility for a few versions of
8256		 * the kernel only that didn't advertise the right
8257		 * attributes for the only driver that then supported
8258		 * AP mode w/o monitor -- ath6kl.
8259		 */
8260		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support "
8261			   "monitor interface type - try to run without it");
8262		drv->device_ap_sme = 1;
8263	}
8264
8265	if (drv->monitor_ifidx < 0)
8266		return -1;
8267
8268	if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1))
8269		goto error;
8270
8271	memset(&ll, 0, sizeof(ll));
8272	ll.sll_family = AF_PACKET;
8273	ll.sll_ifindex = drv->monitor_ifidx;
8274	drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
8275	if (drv->monitor_sock < 0) {
8276		wpa_printf(MSG_ERROR, "nl80211: socket[PF_PACKET,SOCK_RAW] failed: %s",
8277			   strerror(errno));
8278		goto error;
8279	}
8280
8281	if (add_monitor_filter(drv->monitor_sock)) {
8282		wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
8283			   "interface; do filtering in user space");
8284		/* This works, but will cost in performance. */
8285	}
8286
8287	if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
8288		wpa_printf(MSG_ERROR, "nl80211: monitor socket bind failed: %s",
8289			   strerror(errno));
8290		goto error;
8291	}
8292
8293	optlen = sizeof(optval);
8294	optval = 20;
8295	if (setsockopt
8296	    (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
8297		wpa_printf(MSG_ERROR, "nl80211: Failed to set socket priority: %s",
8298			   strerror(errno));
8299		goto error;
8300	}
8301
8302	if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
8303				     drv, NULL)) {
8304		wpa_printf(MSG_INFO, "nl80211: Could not register monitor read socket");
8305		goto error;
8306	}
8307
8308	drv->monitor_refcount++;
8309	return 0;
8310 error:
8311	nl80211_remove_monitor_interface(drv);
8312	return -1;
8313}
8314
8315
8316static int nl80211_setup_ap(struct i802_bss *bss)
8317{
8318	struct wpa_driver_nl80211_data *drv = bss->drv;
8319
8320	wpa_printf(MSG_DEBUG, "nl80211: Setup AP(%s) - device_ap_sme=%d use_monitor=%d",
8321		   bss->ifname, drv->device_ap_sme, drv->use_monitor);
8322
8323	/*
8324	 * Disable Probe Request reporting unless we need it in this way for
8325	 * devices that include the AP SME, in the other case (unless using
8326	 * monitor iface) we'll get it through the nl_mgmt socket instead.
8327	 */
8328	if (!drv->device_ap_sme)
8329		wpa_driver_nl80211_probe_req_report(bss, 0);
8330
8331	if (!drv->device_ap_sme && !drv->use_monitor)
8332		if (nl80211_mgmt_subscribe_ap(bss))
8333			return -1;
8334
8335	if (drv->device_ap_sme && !drv->use_monitor)
8336		if (nl80211_mgmt_subscribe_ap_dev_sme(bss))
8337			return -1;
8338
8339	if (!drv->device_ap_sme && drv->use_monitor &&
8340	    nl80211_create_monitor_interface(drv) &&
8341	    !drv->device_ap_sme)
8342		return -1;
8343
8344	if (drv->device_ap_sme &&
8345	    wpa_driver_nl80211_probe_req_report(bss, 1) < 0) {
8346		wpa_printf(MSG_DEBUG, "nl80211: Failed to enable "
8347			   "Probe Request frame reporting in AP mode");
8348		/* Try to survive without this */
8349	}
8350
8351	return 0;
8352}
8353
8354
8355static void nl80211_teardown_ap(struct i802_bss *bss)
8356{
8357	struct wpa_driver_nl80211_data *drv = bss->drv;
8358
8359	wpa_printf(MSG_DEBUG, "nl80211: Teardown AP(%s) - device_ap_sme=%d use_monitor=%d",
8360		   bss->ifname, drv->device_ap_sme, drv->use_monitor);
8361	if (drv->device_ap_sme) {
8362		wpa_driver_nl80211_probe_req_report(bss, 0);
8363		if (!drv->use_monitor)
8364			nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)");
8365	} else if (drv->use_monitor)
8366		nl80211_remove_monitor_interface(drv);
8367	else
8368		nl80211_mgmt_unsubscribe(bss, "AP teardown");
8369
8370	bss->beacon_set = 0;
8371}
8372
8373
8374static int nl80211_send_eapol_data(struct i802_bss *bss,
8375				   const u8 *addr, const u8 *data,
8376				   size_t data_len)
8377{
8378	struct sockaddr_ll ll;
8379	int ret;
8380
8381	if (bss->drv->eapol_tx_sock < 0) {
8382		wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL");
8383		return -1;
8384	}
8385
8386	os_memset(&ll, 0, sizeof(ll));
8387	ll.sll_family = AF_PACKET;
8388	ll.sll_ifindex = bss->ifindex;
8389	ll.sll_protocol = htons(ETH_P_PAE);
8390	ll.sll_halen = ETH_ALEN;
8391	os_memcpy(ll.sll_addr, addr, ETH_ALEN);
8392	ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0,
8393		     (struct sockaddr *) &ll, sizeof(ll));
8394	if (ret < 0)
8395		wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s",
8396			   strerror(errno));
8397
8398	return ret;
8399}
8400
8401
8402static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
8403
8404static int wpa_driver_nl80211_hapd_send_eapol(
8405	void *priv, const u8 *addr, const u8 *data,
8406	size_t data_len, int encrypt, const u8 *own_addr, u32 flags)
8407{
8408	struct i802_bss *bss = priv;
8409	struct wpa_driver_nl80211_data *drv = bss->drv;
8410	struct ieee80211_hdr *hdr;
8411	size_t len;
8412	u8 *pos;
8413	int res;
8414	int qos = flags & WPA_STA_WMM;
8415
8416	if (drv->device_ap_sme || !drv->use_monitor)
8417		return nl80211_send_eapol_data(bss, addr, data, data_len);
8418
8419	len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
8420		data_len;
8421	hdr = os_zalloc(len);
8422	if (hdr == NULL) {
8423		wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)",
8424			   (unsigned long) len);
8425		return -1;
8426	}
8427
8428	hdr->frame_control =
8429		IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
8430	hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
8431	if (encrypt)
8432		hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
8433	if (qos) {
8434		hdr->frame_control |=
8435			host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
8436	}
8437
8438	memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
8439	memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
8440	memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
8441	pos = (u8 *) (hdr + 1);
8442
8443	if (qos) {
8444		/* Set highest priority in QoS header */
8445		pos[0] = 7;
8446		pos[1] = 0;
8447		pos += 2;
8448	}
8449
8450	memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
8451	pos += sizeof(rfc1042_header);
8452	WPA_PUT_BE16(pos, ETH_P_PAE);
8453	pos += 2;
8454	memcpy(pos, data, data_len);
8455
8456	res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0,
8457					    0, 0, 0, 0);
8458	if (res < 0) {
8459		wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
8460			   "failed: %d (%s)",
8461			   (unsigned long) len, errno, strerror(errno));
8462	}
8463	os_free(hdr);
8464
8465	return res;
8466}
8467
8468
8469static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
8470					    int total_flags,
8471					    int flags_or, int flags_and)
8472{
8473	struct i802_bss *bss = priv;
8474	struct wpa_driver_nl80211_data *drv = bss->drv;
8475	struct nl_msg *msg;
8476	struct nlattr *flags;
8477	struct nl80211_sta_flag_update upd;
8478
8479	msg = nlmsg_alloc();
8480	if (!msg)
8481		return -ENOMEM;
8482
8483	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
8484
8485	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
8486		    if_nametoindex(bss->ifname));
8487	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
8488
8489	/*
8490	 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
8491	 * can be removed eventually.
8492	 */
8493	flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS);
8494	if (!flags)
8495		goto nla_put_failure;
8496	if (total_flags & WPA_STA_AUTHORIZED)
8497		NLA_PUT_FLAG(msg, NL80211_STA_FLAG_AUTHORIZED);
8498
8499	if (total_flags & WPA_STA_WMM)
8500		NLA_PUT_FLAG(msg, NL80211_STA_FLAG_WME);
8501
8502	if (total_flags & WPA_STA_SHORT_PREAMBLE)
8503		NLA_PUT_FLAG(msg, NL80211_STA_FLAG_SHORT_PREAMBLE);
8504
8505	if (total_flags & WPA_STA_MFP)
8506		NLA_PUT_FLAG(msg, NL80211_STA_FLAG_MFP);
8507
8508	if (total_flags & WPA_STA_TDLS_PEER)
8509		NLA_PUT_FLAG(msg, NL80211_STA_FLAG_TDLS_PEER);
8510
8511	nla_nest_end(msg, flags);
8512
8513	os_memset(&upd, 0, sizeof(upd));
8514	upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
8515	upd.set = sta_flags_nl80211(flags_or);
8516	NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
8517
8518	return send_and_recv_msgs(drv, msg, NULL, NULL);
8519 nla_put_failure:
8520	nlmsg_free(msg);
8521	return -ENOBUFS;
8522}
8523
8524
8525static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
8526				 struct wpa_driver_associate_params *params)
8527{
8528	enum nl80211_iftype nlmode, old_mode;
8529	struct hostapd_freq_params freq = {
8530		.freq = params->freq,
8531	};
8532
8533	if (params->p2p) {
8534		wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P "
8535			   "group (GO)");
8536		nlmode = NL80211_IFTYPE_P2P_GO;
8537	} else
8538		nlmode = NL80211_IFTYPE_AP;
8539
8540	old_mode = drv->nlmode;
8541	if (wpa_driver_nl80211_set_mode(drv->first_bss, nlmode)) {
8542		nl80211_remove_monitor_interface(drv);
8543		return -1;
8544	}
8545
8546	if (nl80211_set_channel(drv->first_bss, &freq, 0)) {
8547		if (old_mode != nlmode)
8548			wpa_driver_nl80211_set_mode(drv->first_bss, old_mode);
8549		nl80211_remove_monitor_interface(drv);
8550		return -1;
8551	}
8552
8553	return 0;
8554}
8555
8556
8557static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
8558{
8559	struct nl_msg *msg;
8560	int ret = -1;
8561
8562	msg = nlmsg_alloc();
8563	if (!msg)
8564		return -1;
8565
8566	nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS);
8567	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
8568	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8569	msg = NULL;
8570	if (ret) {
8571		wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
8572			   "(%s)", ret, strerror(-ret));
8573		goto nla_put_failure;
8574	}
8575
8576	ret = 0;
8577	wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully");
8578
8579nla_put_failure:
8580	if (wpa_driver_nl80211_set_mode(drv->first_bss,
8581					NL80211_IFTYPE_STATION)) {
8582		wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
8583			   "station mode");
8584	}
8585
8586	nlmsg_free(msg);
8587	return ret;
8588}
8589
8590
8591static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
8592				   struct wpa_driver_associate_params *params)
8593{
8594	struct nl_msg *msg;
8595	int ret = -1;
8596	int count = 0;
8597
8598	wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
8599
8600	if (wpa_driver_nl80211_set_mode_ibss(drv->first_bss, params->freq)) {
8601		wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
8602			   "IBSS mode");
8603		return -1;
8604	}
8605
8606retry:
8607	msg = nlmsg_alloc();
8608	if (!msg)
8609		return -1;
8610
8611	nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS);
8612	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
8613
8614	if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
8615		goto nla_put_failure;
8616
8617	wpa_hexdump_ascii(MSG_DEBUG, "  * SSID",
8618			  params->ssid, params->ssid_len);
8619	NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
8620		params->ssid);
8621	os_memcpy(drv->ssid, params->ssid, params->ssid_len);
8622	drv->ssid_len = params->ssid_len;
8623
8624	wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq);
8625	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
8626
8627	if (params->beacon_int > 0) {
8628		wpa_printf(MSG_DEBUG, "  * beacon_int=%d", params->beacon_int);
8629		NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL,
8630			    params->beacon_int);
8631	}
8632
8633	ret = nl80211_set_conn_keys(params, msg);
8634	if (ret)
8635		goto nla_put_failure;
8636
8637	if (params->bssid && params->fixed_bssid) {
8638		wpa_printf(MSG_DEBUG, "  * BSSID=" MACSTR,
8639			   MAC2STR(params->bssid));
8640		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
8641	}
8642
8643	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
8644	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
8645	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
8646	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) {
8647		wpa_printf(MSG_DEBUG, "  * control port");
8648		NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
8649	}
8650
8651	if (params->wpa_ie) {
8652		wpa_hexdump(MSG_DEBUG,
8653			    "  * Extra IEs for Beacon/Probe Response frames",
8654			    params->wpa_ie, params->wpa_ie_len);
8655		NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
8656			params->wpa_ie);
8657	}
8658
8659	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8660	msg = NULL;
8661	if (ret) {
8662		wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
8663			   ret, strerror(-ret));
8664		count++;
8665		if (ret == -EALREADY && count == 1) {
8666			wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
8667				   "forced leave");
8668			nl80211_leave_ibss(drv);
8669			nlmsg_free(msg);
8670			goto retry;
8671		}
8672
8673		goto nla_put_failure;
8674	}
8675	ret = 0;
8676	wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully");
8677
8678nla_put_failure:
8679	nlmsg_free(msg);
8680	return ret;
8681}
8682
8683
8684static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
8685				  struct wpa_driver_associate_params *params,
8686				  struct nl_msg *msg)
8687{
8688	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
8689
8690	if (params->bssid) {
8691		wpa_printf(MSG_DEBUG, "  * bssid=" MACSTR,
8692			   MAC2STR(params->bssid));
8693		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
8694	}
8695
8696	if (params->bssid_hint) {
8697		wpa_printf(MSG_DEBUG, "  * bssid_hint=" MACSTR,
8698			   MAC2STR(params->bssid_hint));
8699		NLA_PUT(msg, NL80211_ATTR_MAC_HINT, ETH_ALEN,
8700			params->bssid_hint);
8701	}
8702
8703	if (params->freq) {
8704		wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq);
8705		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
8706		drv->assoc_freq = params->freq;
8707	} else
8708		drv->assoc_freq = 0;
8709
8710	if (params->freq_hint) {
8711		wpa_printf(MSG_DEBUG, "  * freq_hint=%d", params->freq_hint);
8712		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ_HINT,
8713			    params->freq_hint);
8714	}
8715
8716	if (params->bg_scan_period >= 0) {
8717		wpa_printf(MSG_DEBUG, "  * bg scan period=%d",
8718			   params->bg_scan_period);
8719		NLA_PUT_U16(msg, NL80211_ATTR_BG_SCAN_PERIOD,
8720			    params->bg_scan_period);
8721	}
8722
8723	if (params->ssid) {
8724		wpa_hexdump_ascii(MSG_DEBUG, "  * SSID",
8725				  params->ssid, params->ssid_len);
8726		NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
8727			params->ssid);
8728		if (params->ssid_len > sizeof(drv->ssid))
8729			goto nla_put_failure;
8730		os_memcpy(drv->ssid, params->ssid, params->ssid_len);
8731		drv->ssid_len = params->ssid_len;
8732	}
8733
8734	wpa_hexdump(MSG_DEBUG, "  * IEs", params->wpa_ie, params->wpa_ie_len);
8735	if (params->wpa_ie)
8736		NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
8737			params->wpa_ie);
8738
8739	if (params->wpa_proto) {
8740		enum nl80211_wpa_versions ver = 0;
8741
8742		if (params->wpa_proto & WPA_PROTO_WPA)
8743			ver |= NL80211_WPA_VERSION_1;
8744		if (params->wpa_proto & WPA_PROTO_RSN)
8745			ver |= NL80211_WPA_VERSION_2;
8746
8747		wpa_printf(MSG_DEBUG, "  * WPA Versions 0x%x", ver);
8748		NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
8749	}
8750
8751	if (params->pairwise_suite != WPA_CIPHER_NONE) {
8752		u32 cipher = wpa_cipher_to_cipher_suite(params->pairwise_suite);
8753		wpa_printf(MSG_DEBUG, "  * pairwise=0x%x", cipher);
8754		NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
8755	}
8756
8757	if (params->group_suite == WPA_CIPHER_GTK_NOT_USED &&
8758	    !(drv->capa.enc & WPA_DRIVER_CAPA_ENC_GTK_NOT_USED)) {
8759		/*
8760		 * This is likely to work even though many drivers do not
8761		 * advertise support for operations without GTK.
8762		 */
8763		wpa_printf(MSG_DEBUG, "  * skip group cipher configuration for GTK_NOT_USED due to missing driver support advertisement");
8764	} else if (params->group_suite != WPA_CIPHER_NONE) {
8765		u32 cipher = wpa_cipher_to_cipher_suite(params->group_suite);
8766		wpa_printf(MSG_DEBUG, "  * group=0x%x", cipher);
8767		NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
8768	}
8769
8770	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
8771	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
8772	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X ||
8773	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK ||
8774	    params->key_mgmt_suite == WPA_KEY_MGMT_CCKM ||
8775	    params->key_mgmt_suite == WPA_KEY_MGMT_OSEN ||
8776	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
8777	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) {
8778		int mgmt = WLAN_AKM_SUITE_PSK;
8779
8780		switch (params->key_mgmt_suite) {
8781		case WPA_KEY_MGMT_CCKM:
8782			mgmt = WLAN_AKM_SUITE_CCKM;
8783			break;
8784		case WPA_KEY_MGMT_IEEE8021X:
8785			mgmt = WLAN_AKM_SUITE_8021X;
8786			break;
8787		case WPA_KEY_MGMT_FT_IEEE8021X:
8788			mgmt = WLAN_AKM_SUITE_FT_8021X;
8789			break;
8790		case WPA_KEY_MGMT_FT_PSK:
8791			mgmt = WLAN_AKM_SUITE_FT_PSK;
8792			break;
8793		case WPA_KEY_MGMT_IEEE8021X_SHA256:
8794			mgmt = WLAN_AKM_SUITE_8021X_SHA256;
8795			break;
8796		case WPA_KEY_MGMT_PSK_SHA256:
8797			mgmt = WLAN_AKM_SUITE_PSK_SHA256;
8798			break;
8799		case WPA_KEY_MGMT_OSEN:
8800			mgmt = WLAN_AKM_SUITE_OSEN;
8801			break;
8802		case WPA_KEY_MGMT_PSK:
8803		default:
8804			mgmt = WLAN_AKM_SUITE_PSK;
8805			break;
8806		}
8807		wpa_printf(MSG_DEBUG, "  * akm=0x%x", mgmt);
8808		NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt);
8809	}
8810
8811	NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
8812
8813	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED)
8814		NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
8815
8816	if (params->disable_ht)
8817		NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT);
8818
8819	if (params->htcaps && params->htcaps_mask) {
8820		int sz = sizeof(struct ieee80211_ht_capabilities);
8821		wpa_hexdump(MSG_DEBUG, "  * htcaps", params->htcaps, sz);
8822		NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps);
8823		wpa_hexdump(MSG_DEBUG, "  * htcaps_mask",
8824			    params->htcaps_mask, sz);
8825		NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz,
8826			params->htcaps_mask);
8827	}
8828
8829#ifdef CONFIG_VHT_OVERRIDES
8830	if (params->disable_vht) {
8831		wpa_printf(MSG_DEBUG, "  * VHT disabled");
8832		NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_VHT);
8833	}
8834
8835	if (params->vhtcaps && params->vhtcaps_mask) {
8836		int sz = sizeof(struct ieee80211_vht_capabilities);
8837		wpa_hexdump(MSG_DEBUG, "  * vhtcaps", params->vhtcaps, sz);
8838		NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, sz, params->vhtcaps);
8839		wpa_hexdump(MSG_DEBUG, "  * vhtcaps_mask",
8840			    params->vhtcaps_mask, sz);
8841		NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz,
8842			params->vhtcaps_mask);
8843	}
8844#endif /* CONFIG_VHT_OVERRIDES */
8845
8846	if (params->p2p)
8847		wpa_printf(MSG_DEBUG, "  * P2P group");
8848
8849	return 0;
8850nla_put_failure:
8851	return -1;
8852}
8853
8854
8855static int wpa_driver_nl80211_try_connect(
8856	struct wpa_driver_nl80211_data *drv,
8857	struct wpa_driver_associate_params *params)
8858{
8859	struct nl_msg *msg;
8860	enum nl80211_auth_type type;
8861	int ret;
8862	int algs;
8863
8864	msg = nlmsg_alloc();
8865	if (!msg)
8866		return -1;
8867
8868	wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
8869	nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT);
8870
8871	ret = nl80211_connect_common(drv, params, msg);
8872	if (ret)
8873		goto nla_put_failure;
8874
8875	algs = 0;
8876	if (params->auth_alg & WPA_AUTH_ALG_OPEN)
8877		algs++;
8878	if (params->auth_alg & WPA_AUTH_ALG_SHARED)
8879		algs++;
8880	if (params->auth_alg & WPA_AUTH_ALG_LEAP)
8881		algs++;
8882	if (algs > 1) {
8883		wpa_printf(MSG_DEBUG, "  * Leave out Auth Type for automatic "
8884			   "selection");
8885		goto skip_auth_type;
8886	}
8887
8888	if (params->auth_alg & WPA_AUTH_ALG_OPEN)
8889		type = NL80211_AUTHTYPE_OPEN_SYSTEM;
8890	else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
8891		type = NL80211_AUTHTYPE_SHARED_KEY;
8892	else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
8893		type = NL80211_AUTHTYPE_NETWORK_EAP;
8894	else if (params->auth_alg & WPA_AUTH_ALG_FT)
8895		type = NL80211_AUTHTYPE_FT;
8896	else
8897		goto nla_put_failure;
8898
8899	wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
8900	NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
8901
8902skip_auth_type:
8903	ret = nl80211_set_conn_keys(params, msg);
8904	if (ret)
8905		goto nla_put_failure;
8906
8907	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8908	msg = NULL;
8909	if (ret) {
8910		wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
8911			   "(%s)", ret, strerror(-ret));
8912		goto nla_put_failure;
8913	}
8914	ret = 0;
8915	wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully");
8916
8917nla_put_failure:
8918	nlmsg_free(msg);
8919	return ret;
8920
8921}
8922
8923
8924static int wpa_driver_nl80211_connect(
8925	struct wpa_driver_nl80211_data *drv,
8926	struct wpa_driver_associate_params *params)
8927{
8928	int ret = wpa_driver_nl80211_try_connect(drv, params);
8929	if (ret == -EALREADY) {
8930		/*
8931		 * cfg80211 does not currently accept new connections if
8932		 * we are already connected. As a workaround, force
8933		 * disconnection and try again.
8934		 */
8935		wpa_printf(MSG_DEBUG, "nl80211: Explicitly "
8936			   "disconnecting before reassociation "
8937			   "attempt");
8938		if (wpa_driver_nl80211_disconnect(
8939			    drv, WLAN_REASON_PREV_AUTH_NOT_VALID))
8940			return -1;
8941		ret = wpa_driver_nl80211_try_connect(drv, params);
8942	}
8943	return ret;
8944}
8945
8946
8947static int wpa_driver_nl80211_associate(
8948	void *priv, struct wpa_driver_associate_params *params)
8949{
8950	struct i802_bss *bss = priv;
8951	struct wpa_driver_nl80211_data *drv = bss->drv;
8952	int ret;
8953	struct nl_msg *msg;
8954
8955	if (params->mode == IEEE80211_MODE_AP)
8956		return wpa_driver_nl80211_ap(drv, params);
8957
8958	if (params->mode == IEEE80211_MODE_IBSS)
8959		return wpa_driver_nl80211_ibss(drv, params);
8960
8961	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
8962		enum nl80211_iftype nlmode = params->p2p ?
8963			NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
8964
8965		if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
8966			return -1;
8967		return wpa_driver_nl80211_connect(drv, params);
8968	}
8969
8970	nl80211_mark_disconnected(drv);
8971
8972	msg = nlmsg_alloc();
8973	if (!msg)
8974		return -1;
8975
8976	wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
8977		   drv->ifindex);
8978	nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE);
8979
8980	ret = nl80211_connect_common(drv, params, msg);
8981	if (ret)
8982		goto nla_put_failure;
8983
8984	if (params->prev_bssid) {
8985		wpa_printf(MSG_DEBUG, "  * prev_bssid=" MACSTR,
8986			   MAC2STR(params->prev_bssid));
8987		NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
8988			params->prev_bssid);
8989	}
8990
8991	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8992	msg = NULL;
8993	if (ret) {
8994		wpa_dbg(drv->ctx, MSG_DEBUG,
8995			"nl80211: MLME command failed (assoc): ret=%d (%s)",
8996			ret, strerror(-ret));
8997		nl80211_dump_scan(drv);
8998		goto nla_put_failure;
8999	}
9000	ret = 0;
9001	wpa_printf(MSG_DEBUG, "nl80211: Association request send "
9002		   "successfully");
9003
9004nla_put_failure:
9005	nlmsg_free(msg);
9006	return ret;
9007}
9008
9009
9010static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
9011			    int ifindex, enum nl80211_iftype mode)
9012{
9013	struct nl_msg *msg;
9014	int ret = -ENOBUFS;
9015
9016	wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)",
9017		   ifindex, mode, nl80211_iftype_str(mode));
9018
9019	msg = nlmsg_alloc();
9020	if (!msg)
9021		return -ENOMEM;
9022
9023	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE);
9024	if (nl80211_set_iface_id(msg, drv->first_bss) < 0)
9025		goto nla_put_failure;
9026	NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
9027
9028	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9029	msg = NULL;
9030	if (!ret)
9031		return 0;
9032nla_put_failure:
9033	nlmsg_free(msg);
9034	wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
9035		   " %d (%s)", ifindex, mode, ret, strerror(-ret));
9036	return ret;
9037}
9038
9039
9040static int wpa_driver_nl80211_set_mode_impl(
9041		struct i802_bss *bss,
9042		enum nl80211_iftype nlmode,
9043		struct hostapd_freq_params *desired_freq_params)
9044{
9045	struct wpa_driver_nl80211_data *drv = bss->drv;
9046	int ret = -1;
9047	int i;
9048	int was_ap = is_ap_interface(drv->nlmode);
9049	int res;
9050	int mode_switch_res;
9051
9052	mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode);
9053	if (mode_switch_res && nlmode == nl80211_get_ifmode(bss))
9054		mode_switch_res = 0;
9055
9056	if (mode_switch_res == 0) {
9057		drv->nlmode = nlmode;
9058		ret = 0;
9059		goto done;
9060	}
9061
9062	if (mode_switch_res == -ENODEV)
9063		return -1;
9064
9065	if (nlmode == drv->nlmode) {
9066		wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
9067			   "requested mode - ignore error");
9068		ret = 0;
9069		goto done; /* Already in the requested mode */
9070	}
9071
9072	/* mac80211 doesn't allow mode changes while the device is up, so
9073	 * take the device down, try to set the mode again, and bring the
9074	 * device back up.
9075	 */
9076	wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
9077		   "interface down");
9078	for (i = 0; i < 10; i++) {
9079		res = i802_set_iface_flags(bss, 0);
9080		if (res == -EACCES || res == -ENODEV)
9081			break;
9082		if (res != 0) {
9083			wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
9084				   "interface down");
9085			os_sleep(0, 100000);
9086			continue;
9087		}
9088
9089		/*
9090		 * Setting the mode will fail for some drivers if the phy is
9091		 * on a frequency that the mode is disallowed in.
9092		 */
9093		if (desired_freq_params) {
9094			res = i802_set_freq(bss, desired_freq_params);
9095			if (res) {
9096				wpa_printf(MSG_DEBUG,
9097					   "nl80211: Failed to set frequency on interface");
9098			}
9099		}
9100
9101		/* Try to set the mode again while the interface is down */
9102		mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode);
9103		if (mode_switch_res == -EBUSY) {
9104			wpa_printf(MSG_DEBUG,
9105				   "nl80211: Delaying mode set while interface going down");
9106			os_sleep(0, 100000);
9107			continue;
9108		}
9109		ret = mode_switch_res;
9110		break;
9111	}
9112
9113	if (!ret) {
9114		wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
9115			   "interface is down");
9116		drv->nlmode = nlmode;
9117		drv->ignore_if_down_event = 1;
9118	}
9119
9120	/* Bring the interface back up */
9121	res = linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1);
9122	if (res != 0) {
9123		wpa_printf(MSG_DEBUG,
9124			   "nl80211: Failed to set interface up after switching mode");
9125		ret = -1;
9126	}
9127
9128done:
9129	if (ret) {
9130		wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
9131			   "from %d failed", nlmode, drv->nlmode);
9132		return ret;
9133	}
9134
9135	if (is_p2p_net_interface(nlmode))
9136		nl80211_disable_11b_rates(drv, drv->ifindex, 1);
9137	else if (drv->disabled_11b_rates)
9138		nl80211_disable_11b_rates(drv, drv->ifindex, 0);
9139
9140	if (is_ap_interface(nlmode)) {
9141		nl80211_mgmt_unsubscribe(bss, "start AP");
9142		/* Setup additional AP mode functionality if needed */
9143		if (nl80211_setup_ap(bss))
9144			return -1;
9145	} else if (was_ap) {
9146		/* Remove additional AP mode functionality */
9147		nl80211_teardown_ap(bss);
9148	} else {
9149		nl80211_mgmt_unsubscribe(bss, "mode change");
9150	}
9151
9152	if (!bss->in_deinit && !is_ap_interface(nlmode) &&
9153	    nl80211_mgmt_subscribe_non_ap(bss) < 0)
9154		wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
9155			   "frame processing - ignore for now");
9156
9157	return 0;
9158}
9159
9160
9161static int dfs_info_handler(struct nl_msg *msg, void *arg)
9162{
9163	struct nlattr *tb[NL80211_ATTR_MAX + 1];
9164	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9165	int *dfs_capability_ptr = arg;
9166
9167	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
9168		  genlmsg_attrlen(gnlh, 0), NULL);
9169
9170	if (tb[NL80211_ATTR_VENDOR_DATA]) {
9171		struct nlattr *nl_vend = tb[NL80211_ATTR_VENDOR_DATA];
9172		struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1];
9173
9174		nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX,
9175			  nla_data(nl_vend), nla_len(nl_vend), NULL);
9176
9177		if (tb_vendor[QCA_WLAN_VENDOR_ATTR_DFS]) {
9178			u32 val;
9179			val = nla_get_u32(tb_vendor[QCA_WLAN_VENDOR_ATTR_DFS]);
9180			wpa_printf(MSG_DEBUG, "nl80211: DFS offload capability: %u",
9181				   val);
9182			*dfs_capability_ptr = val;
9183		}
9184	}
9185
9186	return NL_SKIP;
9187}
9188
9189
9190static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
9191				       enum nl80211_iftype nlmode)
9192{
9193	return wpa_driver_nl80211_set_mode_impl(bss, nlmode, NULL);
9194}
9195
9196
9197static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss, int freq)
9198{
9199	struct hostapd_freq_params freq_params;
9200	os_memset(&freq_params, 0, sizeof(freq_params));
9201	freq_params.freq = freq;
9202	return wpa_driver_nl80211_set_mode_impl(bss, NL80211_IFTYPE_ADHOC,
9203						&freq_params);
9204}
9205
9206
9207static int wpa_driver_nl80211_get_capa(void *priv,
9208				       struct wpa_driver_capa *capa)
9209{
9210	struct i802_bss *bss = priv;
9211	struct wpa_driver_nl80211_data *drv = bss->drv;
9212	struct nl_msg *msg;
9213	int dfs_capability = 0;
9214	int ret = 0;
9215
9216	if (!drv->has_capability)
9217		return -1;
9218	os_memcpy(capa, &drv->capa, sizeof(*capa));
9219	if (drv->extended_capa && drv->extended_capa_mask) {
9220		capa->extended_capa = drv->extended_capa;
9221		capa->extended_capa_mask = drv->extended_capa_mask;
9222		capa->extended_capa_len = drv->extended_capa_len;
9223	}
9224
9225	if ((capa->flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
9226	    !drv->allow_p2p_device) {
9227		wpa_printf(MSG_DEBUG, "nl80211: Do not indicate P2P_DEVICE support (p2p_device=1 driver param not specified)");
9228		capa->flags &= ~WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE;
9229	}
9230
9231	if (drv->dfs_vendor_cmd_avail == 1) {
9232		msg = nlmsg_alloc();
9233		if (!msg)
9234			return -ENOMEM;
9235
9236		nl80211_cmd(drv, msg, 0, NL80211_CMD_VENDOR);
9237
9238		NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
9239		NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA);
9240		NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_SUBCMD,
9241			    QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY);
9242
9243		ret = send_and_recv_msgs(drv, msg, dfs_info_handler,
9244					 &dfs_capability);
9245		if (!ret) {
9246			if (dfs_capability)
9247				capa->flags |= WPA_DRIVER_FLAGS_DFS_OFFLOAD;
9248		}
9249	}
9250
9251	return ret;
9252
9253 nla_put_failure:
9254	nlmsg_free(msg);
9255	return -ENOBUFS;
9256}
9257
9258
9259static int wpa_driver_nl80211_set_operstate(void *priv, int state)
9260{
9261	struct i802_bss *bss = priv;
9262	struct wpa_driver_nl80211_data *drv = bss->drv;
9263
9264	wpa_printf(MSG_DEBUG, "nl80211: Set %s operstate %d->%d (%s)",
9265		   bss->ifname, drv->operstate, state,
9266		   state ? "UP" : "DORMANT");
9267	drv->operstate = state;
9268	return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1,
9269				      state ? IF_OPER_UP : IF_OPER_DORMANT);
9270}
9271
9272
9273static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
9274{
9275	struct i802_bss *bss = priv;
9276	struct wpa_driver_nl80211_data *drv = bss->drv;
9277	struct nl_msg *msg;
9278	struct nl80211_sta_flag_update upd;
9279	int ret = -ENOBUFS;
9280
9281	if (!drv->associated && is_zero_ether_addr(drv->bssid) && !authorized) {
9282		wpa_printf(MSG_DEBUG, "nl80211: Skip set_supp_port(unauthorized) while not associated");
9283		return 0;
9284	}
9285
9286	wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for "
9287		   MACSTR, authorized ? "" : "un", MAC2STR(drv->bssid));
9288
9289	msg = nlmsg_alloc();
9290	if (!msg)
9291		return -ENOMEM;
9292
9293	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
9294
9295	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
9296		    if_nametoindex(bss->ifname));
9297	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
9298
9299	os_memset(&upd, 0, sizeof(upd));
9300	upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
9301	if (authorized)
9302		upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
9303	NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
9304
9305	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9306	msg = NULL;
9307	if (!ret)
9308		return 0;
9309 nla_put_failure:
9310	nlmsg_free(msg);
9311	wpa_printf(MSG_DEBUG, "nl80211: Failed to set STA flag: %d (%s)",
9312		   ret, strerror(-ret));
9313	return ret;
9314}
9315
9316
9317/* Set kernel driver on given frequency (MHz) */
9318static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
9319{
9320	struct i802_bss *bss = priv;
9321	return nl80211_set_channel(bss, freq, 0);
9322}
9323
9324
9325static inline int min_int(int a, int b)
9326{
9327	if (a < b)
9328		return a;
9329	return b;
9330}
9331
9332
9333static int get_key_handler(struct nl_msg *msg, void *arg)
9334{
9335	struct nlattr *tb[NL80211_ATTR_MAX + 1];
9336	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9337
9338	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
9339		  genlmsg_attrlen(gnlh, 0), NULL);
9340
9341	/*
9342	 * TODO: validate the key index and mac address!
9343	 * Otherwise, there's a race condition as soon as
9344	 * the kernel starts sending key notifications.
9345	 */
9346
9347	if (tb[NL80211_ATTR_KEY_SEQ])
9348		memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
9349		       min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
9350	return NL_SKIP;
9351}
9352
9353
9354static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
9355			   int idx, u8 *seq)
9356{
9357	struct i802_bss *bss = priv;
9358	struct wpa_driver_nl80211_data *drv = bss->drv;
9359	struct nl_msg *msg;
9360
9361	msg = nlmsg_alloc();
9362	if (!msg)
9363		return -ENOMEM;
9364
9365	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY);
9366
9367	if (addr)
9368		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
9369	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
9370	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
9371
9372	memset(seq, 0, 6);
9373
9374	return send_and_recv_msgs(drv, msg, get_key_handler, seq);
9375 nla_put_failure:
9376	nlmsg_free(msg);
9377	return -ENOBUFS;
9378}
9379
9380
9381static int i802_set_rts(void *priv, int rts)
9382{
9383	struct i802_bss *bss = priv;
9384	struct wpa_driver_nl80211_data *drv = bss->drv;
9385	struct nl_msg *msg;
9386	int ret = -ENOBUFS;
9387	u32 val;
9388
9389	msg = nlmsg_alloc();
9390	if (!msg)
9391		return -ENOMEM;
9392
9393	if (rts >= 2347)
9394		val = (u32) -1;
9395	else
9396		val = rts;
9397
9398	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
9399	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
9400	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val);
9401
9402	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9403	msg = NULL;
9404	if (!ret)
9405		return 0;
9406nla_put_failure:
9407	nlmsg_free(msg);
9408	wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
9409		   "%d (%s)", rts, ret, strerror(-ret));
9410	return ret;
9411}
9412
9413
9414static int i802_set_frag(void *priv, int frag)
9415{
9416	struct i802_bss *bss = priv;
9417	struct wpa_driver_nl80211_data *drv = bss->drv;
9418	struct nl_msg *msg;
9419	int ret = -ENOBUFS;
9420	u32 val;
9421
9422	msg = nlmsg_alloc();
9423	if (!msg)
9424		return -ENOMEM;
9425
9426	if (frag >= 2346)
9427		val = (u32) -1;
9428	else
9429		val = frag;
9430
9431	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
9432	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
9433	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val);
9434
9435	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9436	msg = NULL;
9437	if (!ret)
9438		return 0;
9439nla_put_failure:
9440	nlmsg_free(msg);
9441	wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
9442		   "%d: %d (%s)", frag, ret, strerror(-ret));
9443	return ret;
9444}
9445
9446
9447static int i802_flush(void *priv)
9448{
9449	struct i802_bss *bss = priv;
9450	struct wpa_driver_nl80211_data *drv = bss->drv;
9451	struct nl_msg *msg;
9452	int res;
9453
9454	msg = nlmsg_alloc();
9455	if (!msg)
9456		return -1;
9457
9458	wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)",
9459		   bss->ifname);
9460	nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION);
9461
9462	/*
9463	 * XXX: FIX! this needs to flush all VLANs too
9464	 */
9465	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
9466		    if_nametoindex(bss->ifname));
9467
9468	res = send_and_recv_msgs(drv, msg, NULL, NULL);
9469	if (res) {
9470		wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d "
9471			   "(%s)", res, strerror(-res));
9472	}
9473	return res;
9474 nla_put_failure:
9475	nlmsg_free(msg);
9476	return -ENOBUFS;
9477}
9478
9479
9480static int get_sta_handler(struct nl_msg *msg, void *arg)
9481{
9482	struct nlattr *tb[NL80211_ATTR_MAX + 1];
9483	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9484	struct hostap_sta_driver_data *data = arg;
9485	struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
9486	static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
9487		[NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
9488		[NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
9489		[NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
9490		[NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
9491		[NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
9492		[NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 },
9493	};
9494
9495	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
9496		  genlmsg_attrlen(gnlh, 0), NULL);
9497
9498	/*
9499	 * TODO: validate the interface and mac address!
9500	 * Otherwise, there's a race condition as soon as
9501	 * the kernel starts sending station notifications.
9502	 */
9503
9504	if (!tb[NL80211_ATTR_STA_INFO]) {
9505		wpa_printf(MSG_DEBUG, "sta stats missing!");
9506		return NL_SKIP;
9507	}
9508	if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
9509			     tb[NL80211_ATTR_STA_INFO],
9510			     stats_policy)) {
9511		wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
9512		return NL_SKIP;
9513	}
9514
9515	if (stats[NL80211_STA_INFO_INACTIVE_TIME])
9516		data->inactive_msec =
9517			nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
9518	if (stats[NL80211_STA_INFO_RX_BYTES])
9519		data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
9520	if (stats[NL80211_STA_INFO_TX_BYTES])
9521		data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
9522	if (stats[NL80211_STA_INFO_RX_PACKETS])
9523		data->rx_packets =
9524			nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
9525	if (stats[NL80211_STA_INFO_TX_PACKETS])
9526		data->tx_packets =
9527			nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
9528	if (stats[NL80211_STA_INFO_TX_FAILED])
9529		data->tx_retry_failed =
9530			nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]);
9531
9532	return NL_SKIP;
9533}
9534
9535static int i802_read_sta_data(struct i802_bss *bss,
9536			      struct hostap_sta_driver_data *data,
9537			      const u8 *addr)
9538{
9539	struct wpa_driver_nl80211_data *drv = bss->drv;
9540	struct nl_msg *msg;
9541
9542	os_memset(data, 0, sizeof(*data));
9543	msg = nlmsg_alloc();
9544	if (!msg)
9545		return -ENOMEM;
9546
9547	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
9548
9549	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
9550	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
9551
9552	return send_and_recv_msgs(drv, msg, get_sta_handler, data);
9553 nla_put_failure:
9554	nlmsg_free(msg);
9555	return -ENOBUFS;
9556}
9557
9558
9559static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
9560				    int cw_min, int cw_max, int burst_time)
9561{
9562	struct i802_bss *bss = priv;
9563	struct wpa_driver_nl80211_data *drv = bss->drv;
9564	struct nl_msg *msg;
9565	struct nlattr *txq, *params;
9566
9567	msg = nlmsg_alloc();
9568	if (!msg)
9569		return -1;
9570
9571	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
9572
9573	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
9574
9575	txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
9576	if (!txq)
9577		goto nla_put_failure;
9578
9579	/* We are only sending parameters for a single TXQ at a time */
9580	params = nla_nest_start(msg, 1);
9581	if (!params)
9582		goto nla_put_failure;
9583
9584	switch (queue) {
9585	case 0:
9586		NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO);
9587		break;
9588	case 1:
9589		NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI);
9590		break;
9591	case 2:
9592		NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE);
9593		break;
9594	case 3:
9595		NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK);
9596		break;
9597	}
9598	/* Burst time is configured in units of 0.1 msec and TXOP parameter in
9599	 * 32 usec, so need to convert the value here. */
9600	NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
9601	NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
9602	NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
9603	NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
9604
9605	nla_nest_end(msg, params);
9606
9607	nla_nest_end(msg, txq);
9608
9609	if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
9610		return 0;
9611	msg = NULL;
9612 nla_put_failure:
9613	nlmsg_free(msg);
9614	return -1;
9615}
9616
9617
9618static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr,
9619			     const char *ifname, int vlan_id)
9620{
9621	struct wpa_driver_nl80211_data *drv = bss->drv;
9622	struct nl_msg *msg;
9623	int ret = -ENOBUFS;
9624
9625	msg = nlmsg_alloc();
9626	if (!msg)
9627		return -ENOMEM;
9628
9629	wpa_printf(MSG_DEBUG, "nl80211: %s[%d]: set_sta_vlan(" MACSTR
9630		   ", ifname=%s[%d], vlan_id=%d)",
9631		   bss->ifname, if_nametoindex(bss->ifname),
9632		   MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id);
9633	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
9634
9635	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
9636		    if_nametoindex(bss->ifname));
9637	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
9638	NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN,
9639		    if_nametoindex(ifname));
9640
9641	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9642	msg = NULL;
9643	if (ret < 0) {
9644		wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
9645			   MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
9646			   MAC2STR(addr), ifname, vlan_id, ret,
9647			   strerror(-ret));
9648	}
9649 nla_put_failure:
9650	nlmsg_free(msg);
9651	return ret;
9652}
9653
9654
9655static int i802_get_inact_sec(void *priv, const u8 *addr)
9656{
9657	struct hostap_sta_driver_data data;
9658	int ret;
9659
9660	data.inactive_msec = (unsigned long) -1;
9661	ret = i802_read_sta_data(priv, &data, addr);
9662	if (ret || data.inactive_msec == (unsigned long) -1)
9663		return -1;
9664	return data.inactive_msec / 1000;
9665}
9666
9667
9668static int i802_sta_clear_stats(void *priv, const u8 *addr)
9669{
9670#if 0
9671	/* TODO */
9672#endif
9673	return 0;
9674}
9675
9676
9677static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
9678			   int reason)
9679{
9680	struct i802_bss *bss = priv;
9681	struct wpa_driver_nl80211_data *drv = bss->drv;
9682	struct ieee80211_mgmt mgmt;
9683
9684	if (drv->device_ap_sme)
9685		return wpa_driver_nl80211_sta_remove(bss, addr);
9686
9687	memset(&mgmt, 0, sizeof(mgmt));
9688	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
9689					  WLAN_FC_STYPE_DEAUTH);
9690	memcpy(mgmt.da, addr, ETH_ALEN);
9691	memcpy(mgmt.sa, own_addr, ETH_ALEN);
9692	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
9693	mgmt.u.deauth.reason_code = host_to_le16(reason);
9694	return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
9695					    IEEE80211_HDRLEN +
9696					    sizeof(mgmt.u.deauth), 0, 0, 0, 0,
9697					    0);
9698}
9699
9700
9701static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
9702			     int reason)
9703{
9704	struct i802_bss *bss = priv;
9705	struct wpa_driver_nl80211_data *drv = bss->drv;
9706	struct ieee80211_mgmt mgmt;
9707
9708	if (drv->device_ap_sme)
9709		return wpa_driver_nl80211_sta_remove(bss, addr);
9710
9711	memset(&mgmt, 0, sizeof(mgmt));
9712	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
9713					  WLAN_FC_STYPE_DISASSOC);
9714	memcpy(mgmt.da, addr, ETH_ALEN);
9715	memcpy(mgmt.sa, own_addr, ETH_ALEN);
9716	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
9717	mgmt.u.disassoc.reason_code = host_to_le16(reason);
9718	return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
9719					    IEEE80211_HDRLEN +
9720					    sizeof(mgmt.u.disassoc), 0, 0, 0, 0,
9721					    0);
9722}
9723
9724
9725static void dump_ifidx(struct wpa_driver_nl80211_data *drv)
9726{
9727	char buf[200], *pos, *end;
9728	int i, res;
9729
9730	pos = buf;
9731	end = pos + sizeof(buf);
9732
9733	for (i = 0; i < drv->num_if_indices; i++) {
9734		if (!drv->if_indices[i])
9735			continue;
9736		res = os_snprintf(pos, end - pos, " %d", drv->if_indices[i]);
9737		if (res < 0 || res >= end - pos)
9738			break;
9739		pos += res;
9740	}
9741	*pos = '\0';
9742
9743	wpa_printf(MSG_DEBUG, "nl80211: if_indices[%d]:%s",
9744		   drv->num_if_indices, buf);
9745}
9746
9747
9748static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
9749{
9750	int i;
9751	int *old;
9752
9753	wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
9754		   ifidx);
9755	if (have_ifidx(drv, ifidx)) {
9756		wpa_printf(MSG_DEBUG, "nl80211: ifindex %d already in the list",
9757			   ifidx);
9758		return;
9759	}
9760	for (i = 0; i < drv->num_if_indices; i++) {
9761		if (drv->if_indices[i] == 0) {
9762			drv->if_indices[i] = ifidx;
9763			dump_ifidx(drv);
9764			return;
9765		}
9766	}
9767
9768	if (drv->if_indices != drv->default_if_indices)
9769		old = drv->if_indices;
9770	else
9771		old = NULL;
9772
9773	drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1,
9774					   sizeof(int));
9775	if (!drv->if_indices) {
9776		if (!old)
9777			drv->if_indices = drv->default_if_indices;
9778		else
9779			drv->if_indices = old;
9780		wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
9781			   "interfaces");
9782		wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
9783		return;
9784	} else if (!old)
9785		os_memcpy(drv->if_indices, drv->default_if_indices,
9786			  sizeof(drv->default_if_indices));
9787	drv->if_indices[drv->num_if_indices] = ifidx;
9788	drv->num_if_indices++;
9789	dump_ifidx(drv);
9790}
9791
9792
9793static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
9794{
9795	int i;
9796
9797	for (i = 0; i < drv->num_if_indices; i++) {
9798		if (drv->if_indices[i] == ifidx) {
9799			drv->if_indices[i] = 0;
9800			break;
9801		}
9802	}
9803	dump_ifidx(drv);
9804}
9805
9806
9807static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
9808{
9809	int i;
9810
9811	for (i = 0; i < drv->num_if_indices; i++)
9812		if (drv->if_indices[i] == ifidx)
9813			return 1;
9814
9815	return 0;
9816}
9817
9818
9819static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val,
9820			    const char *bridge_ifname, char *ifname_wds)
9821{
9822	struct i802_bss *bss = priv;
9823	struct wpa_driver_nl80211_data *drv = bss->drv;
9824	char name[IFNAMSIZ + 1];
9825
9826	os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
9827	if (ifname_wds)
9828		os_strlcpy(ifname_wds, name, IFNAMSIZ + 1);
9829
9830	wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
9831		   " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
9832	if (val) {
9833		if (!if_nametoindex(name)) {
9834			if (nl80211_create_iface(drv, name,
9835						 NL80211_IFTYPE_AP_VLAN,
9836						 bss->addr, 1, NULL, NULL, 0) <
9837			    0)
9838				return -1;
9839			if (bridge_ifname &&
9840			    linux_br_add_if(drv->global->ioctl_sock,
9841					    bridge_ifname, name) < 0)
9842				return -1;
9843		}
9844		if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) {
9845			wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA "
9846				   "interface %s up", name);
9847		}
9848		return i802_set_sta_vlan(priv, addr, name, 0);
9849	} else {
9850		if (bridge_ifname)
9851			linux_br_del_if(drv->global->ioctl_sock, bridge_ifname,
9852					name);
9853
9854		i802_set_sta_vlan(priv, addr, bss->ifname, 0);
9855		nl80211_remove_iface(drv, if_nametoindex(name));
9856		return 0;
9857	}
9858}
9859
9860
9861static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
9862{
9863	struct wpa_driver_nl80211_data *drv = eloop_ctx;
9864	struct sockaddr_ll lladdr;
9865	unsigned char buf[3000];
9866	int len;
9867	socklen_t fromlen = sizeof(lladdr);
9868
9869	len = recvfrom(sock, buf, sizeof(buf), 0,
9870		       (struct sockaddr *)&lladdr, &fromlen);
9871	if (len < 0) {
9872		wpa_printf(MSG_ERROR, "nl80211: EAPOL recv failed: %s",
9873			   strerror(errno));
9874		return;
9875	}
9876
9877	if (have_ifidx(drv, lladdr.sll_ifindex))
9878		drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
9879}
9880
9881
9882static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
9883			     struct i802_bss *bss,
9884			     const char *brname, const char *ifname)
9885{
9886	int ifindex;
9887	char in_br[IFNAMSIZ];
9888
9889	os_strlcpy(bss->brname, brname, IFNAMSIZ);
9890	ifindex = if_nametoindex(brname);
9891	if (ifindex == 0) {
9892		/*
9893		 * Bridge was configured, but the bridge device does
9894		 * not exist. Try to add it now.
9895		 */
9896		if (linux_br_add(drv->global->ioctl_sock, brname) < 0) {
9897			wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
9898				   "bridge interface %s: %s",
9899				   brname, strerror(errno));
9900			return -1;
9901		}
9902		bss->added_bridge = 1;
9903		add_ifidx(drv, if_nametoindex(brname));
9904	}
9905
9906	if (linux_br_get(in_br, ifname) == 0) {
9907		if (os_strcmp(in_br, brname) == 0)
9908			return 0; /* already in the bridge */
9909
9910		wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
9911			   "bridge %s", ifname, in_br);
9912		if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) <
9913		    0) {
9914			wpa_printf(MSG_ERROR, "nl80211: Failed to "
9915				   "remove interface %s from bridge "
9916				   "%s: %s",
9917				   ifname, brname, strerror(errno));
9918			return -1;
9919		}
9920	}
9921
9922	wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
9923		   ifname, brname);
9924	if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) {
9925		wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s "
9926			   "into bridge %s: %s",
9927			   ifname, brname, strerror(errno));
9928		return -1;
9929	}
9930	bss->added_if_into_bridge = 1;
9931
9932	return 0;
9933}
9934
9935
9936static void *i802_init(struct hostapd_data *hapd,
9937		       struct wpa_init_params *params)
9938{
9939	struct wpa_driver_nl80211_data *drv;
9940	struct i802_bss *bss;
9941	size_t i;
9942	char brname[IFNAMSIZ];
9943	int ifindex, br_ifindex;
9944	int br_added = 0;
9945
9946	bss = wpa_driver_nl80211_drv_init(hapd, params->ifname,
9947					  params->global_priv, 1,
9948					  params->bssid);
9949	if (bss == NULL)
9950		return NULL;
9951
9952	drv = bss->drv;
9953
9954	if (linux_br_get(brname, params->ifname) == 0) {
9955		wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
9956			   params->ifname, brname);
9957		br_ifindex = if_nametoindex(brname);
9958	} else {
9959		brname[0] = '\0';
9960		br_ifindex = 0;
9961	}
9962
9963	for (i = 0; i < params->num_bridge; i++) {
9964		if (params->bridge[i]) {
9965			ifindex = if_nametoindex(params->bridge[i]);
9966			if (ifindex)
9967				add_ifidx(drv, ifindex);
9968			if (ifindex == br_ifindex)
9969				br_added = 1;
9970		}
9971	}
9972	if (!br_added && br_ifindex &&
9973	    (params->num_bridge == 0 || !params->bridge[0]))
9974		add_ifidx(drv, br_ifindex);
9975
9976	/* start listening for EAPOL on the default AP interface */
9977	add_ifidx(drv, drv->ifindex);
9978
9979	if (params->num_bridge && params->bridge[0] &&
9980	    i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0)
9981		goto failed;
9982
9983	drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
9984	if (drv->eapol_sock < 0) {
9985		wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s",
9986			   strerror(errno));
9987		goto failed;
9988	}
9989
9990	if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
9991	{
9992		wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol");
9993		goto failed;
9994	}
9995
9996	if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
9997			       params->own_addr))
9998		goto failed;
9999
10000	memcpy(bss->addr, params->own_addr, ETH_ALEN);
10001
10002	return bss;
10003
10004failed:
10005	wpa_driver_nl80211_deinit(bss);
10006	return NULL;
10007}
10008
10009
10010static void i802_deinit(void *priv)
10011{
10012	struct i802_bss *bss = priv;
10013	wpa_driver_nl80211_deinit(bss);
10014}
10015
10016
10017static enum nl80211_iftype wpa_driver_nl80211_if_type(
10018	enum wpa_driver_if_type type)
10019{
10020	switch (type) {
10021	case WPA_IF_STATION:
10022		return NL80211_IFTYPE_STATION;
10023	case WPA_IF_P2P_CLIENT:
10024	case WPA_IF_P2P_GROUP:
10025		return NL80211_IFTYPE_P2P_CLIENT;
10026	case WPA_IF_AP_VLAN:
10027		return NL80211_IFTYPE_AP_VLAN;
10028	case WPA_IF_AP_BSS:
10029		return NL80211_IFTYPE_AP;
10030	case WPA_IF_P2P_GO:
10031		return NL80211_IFTYPE_P2P_GO;
10032	case WPA_IF_P2P_DEVICE:
10033		return NL80211_IFTYPE_P2P_DEVICE;
10034	}
10035	return -1;
10036}
10037
10038
10039#ifdef CONFIG_P2P
10040
10041static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
10042{
10043	struct wpa_driver_nl80211_data *drv;
10044	dl_list_for_each(drv, &global->interfaces,
10045			 struct wpa_driver_nl80211_data, list) {
10046		if (os_memcmp(addr, drv->first_bss->addr, ETH_ALEN) == 0)
10047			return 1;
10048	}
10049	return 0;
10050}
10051
10052
10053static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv,
10054				      u8 *new_addr)
10055{
10056	unsigned int idx;
10057
10058	if (!drv->global)
10059		return -1;
10060
10061	os_memcpy(new_addr, drv->first_bss->addr, ETH_ALEN);
10062	for (idx = 0; idx < 64; idx++) {
10063		new_addr[0] = drv->first_bss->addr[0] | 0x02;
10064		new_addr[0] ^= idx << 2;
10065		if (!nl80211_addr_in_use(drv->global, new_addr))
10066			break;
10067	}
10068	if (idx == 64)
10069		return -1;
10070
10071	wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address "
10072		   MACSTR, MAC2STR(new_addr));
10073
10074	return 0;
10075}
10076
10077#endif /* CONFIG_P2P */
10078
10079
10080struct wdev_info {
10081	u64 wdev_id;
10082	int wdev_id_set;
10083	u8 macaddr[ETH_ALEN];
10084};
10085
10086static int nl80211_wdev_handler(struct nl_msg *msg, void *arg)
10087{
10088	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
10089	struct nlattr *tb[NL80211_ATTR_MAX + 1];
10090	struct wdev_info *wi = arg;
10091
10092	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
10093		  genlmsg_attrlen(gnlh, 0), NULL);
10094	if (tb[NL80211_ATTR_WDEV]) {
10095		wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
10096		wi->wdev_id_set = 1;
10097	}
10098
10099	if (tb[NL80211_ATTR_MAC])
10100		os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
10101			  ETH_ALEN);
10102
10103	return NL_SKIP;
10104}
10105
10106
10107static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
10108				     const char *ifname, const u8 *addr,
10109				     void *bss_ctx, void **drv_priv,
10110				     char *force_ifname, u8 *if_addr,
10111				     const char *bridge, int use_existing)
10112{
10113	enum nl80211_iftype nlmode;
10114	struct i802_bss *bss = priv;
10115	struct wpa_driver_nl80211_data *drv = bss->drv;
10116	int ifidx;
10117	int added = 1;
10118
10119	if (addr)
10120		os_memcpy(if_addr, addr, ETH_ALEN);
10121	nlmode = wpa_driver_nl80211_if_type(type);
10122	if (nlmode == NL80211_IFTYPE_P2P_DEVICE) {
10123		struct wdev_info p2pdev_info;
10124
10125		os_memset(&p2pdev_info, 0, sizeof(p2pdev_info));
10126		ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
10127					     0, nl80211_wdev_handler,
10128					     &p2pdev_info, use_existing);
10129		if (!p2pdev_info.wdev_id_set || ifidx != 0) {
10130			wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s",
10131				   ifname);
10132			return -1;
10133		}
10134
10135		drv->global->if_add_wdevid = p2pdev_info.wdev_id;
10136		drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set;
10137		if (!is_zero_ether_addr(p2pdev_info.macaddr))
10138			os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN);
10139		wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created",
10140			   ifname,
10141			   (long long unsigned int) p2pdev_info.wdev_id);
10142	} else {
10143		ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
10144					     0, NULL, NULL, use_existing);
10145		if (use_existing && ifidx == -ENFILE) {
10146			added = 0;
10147			ifidx = if_nametoindex(ifname);
10148		} else if (ifidx < 0) {
10149			return -1;
10150		}
10151	}
10152
10153	if (!addr) {
10154		if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
10155			os_memcpy(if_addr, bss->addr, ETH_ALEN);
10156		else if (linux_get_ifhwaddr(drv->global->ioctl_sock,
10157					    bss->ifname, if_addr) < 0) {
10158			if (added)
10159				nl80211_remove_iface(drv, ifidx);
10160			return -1;
10161		}
10162	}
10163
10164#ifdef CONFIG_P2P
10165	if (!addr &&
10166	    (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
10167	     type == WPA_IF_P2P_GO)) {
10168		/* Enforce unique P2P Interface Address */
10169		u8 new_addr[ETH_ALEN];
10170
10171		if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname,
10172				       new_addr) < 0) {
10173			if (added)
10174				nl80211_remove_iface(drv, ifidx);
10175			return -1;
10176		}
10177		if (nl80211_addr_in_use(drv->global, new_addr)) {
10178			wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
10179				   "for P2P group interface");
10180			if (nl80211_p2p_interface_addr(drv, new_addr) < 0) {
10181				if (added)
10182					nl80211_remove_iface(drv, ifidx);
10183				return -1;
10184			}
10185			if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
10186					       new_addr) < 0) {
10187				if (added)
10188					nl80211_remove_iface(drv, ifidx);
10189				return -1;
10190			}
10191		}
10192		os_memcpy(if_addr, new_addr, ETH_ALEN);
10193	}
10194#endif /* CONFIG_P2P */
10195
10196	if (type == WPA_IF_AP_BSS) {
10197		struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss));
10198		if (new_bss == NULL) {
10199			if (added)
10200				nl80211_remove_iface(drv, ifidx);
10201			return -1;
10202		}
10203
10204		if (bridge &&
10205		    i802_check_bridge(drv, new_bss, bridge, ifname) < 0) {
10206			wpa_printf(MSG_ERROR, "nl80211: Failed to add the new "
10207				   "interface %s to a bridge %s",
10208				   ifname, bridge);
10209			if (added)
10210				nl80211_remove_iface(drv, ifidx);
10211			os_free(new_bss);
10212			return -1;
10213		}
10214
10215		if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1))
10216		{
10217			if (added)
10218				nl80211_remove_iface(drv, ifidx);
10219			os_free(new_bss);
10220			return -1;
10221		}
10222		os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
10223		os_memcpy(new_bss->addr, if_addr, ETH_ALEN);
10224		new_bss->ifindex = ifidx;
10225		new_bss->drv = drv;
10226		new_bss->next = drv->first_bss->next;
10227		new_bss->freq = drv->first_bss->freq;
10228		new_bss->ctx = bss_ctx;
10229		new_bss->added_if = added;
10230		drv->first_bss->next = new_bss;
10231		if (drv_priv)
10232			*drv_priv = new_bss;
10233		nl80211_init_bss(new_bss);
10234
10235		/* Subscribe management frames for this WPA_IF_AP_BSS */
10236		if (nl80211_setup_ap(new_bss))
10237			return -1;
10238	}
10239
10240	if (drv->global)
10241		drv->global->if_add_ifindex = ifidx;
10242
10243	/*
10244	 * Some virtual interfaces need to process EAPOL packets and events on
10245	 * the parent interface. This is used mainly with hostapd.
10246	 */
10247	if (ifidx > 0 &&
10248	    (drv->hostapd ||
10249	     nlmode == NL80211_IFTYPE_AP_VLAN ||
10250	     nlmode == NL80211_IFTYPE_WDS ||
10251	     nlmode == NL80211_IFTYPE_MONITOR))
10252		add_ifidx(drv, ifidx);
10253
10254	return 0;
10255}
10256
10257
10258static int wpa_driver_nl80211_if_remove(struct i802_bss *bss,
10259					enum wpa_driver_if_type type,
10260					const char *ifname)
10261{
10262	struct wpa_driver_nl80211_data *drv = bss->drv;
10263	int ifindex = if_nametoindex(ifname);
10264
10265	wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d added_if=%d",
10266		   __func__, type, ifname, ifindex, bss->added_if);
10267	if (ifindex > 0 && (bss->added_if || bss->ifindex != ifindex))
10268		nl80211_remove_iface(drv, ifindex);
10269	else if (ifindex > 0 && !bss->added_if) {
10270		struct wpa_driver_nl80211_data *drv2;
10271		dl_list_for_each(drv2, &drv->global->interfaces,
10272				 struct wpa_driver_nl80211_data, list)
10273			del_ifidx(drv2, ifindex);
10274	}
10275
10276	if (type != WPA_IF_AP_BSS)
10277		return 0;
10278
10279	if (bss->added_if_into_bridge) {
10280		if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
10281				    bss->ifname) < 0)
10282			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
10283				   "interface %s from bridge %s: %s",
10284				   bss->ifname, bss->brname, strerror(errno));
10285	}
10286	if (bss->added_bridge) {
10287		if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
10288			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
10289				   "bridge %s: %s",
10290				   bss->brname, strerror(errno));
10291	}
10292
10293	if (bss != drv->first_bss) {
10294		struct i802_bss *tbss;
10295
10296		wpa_printf(MSG_DEBUG, "nl80211: Not the first BSS - remove it");
10297		for (tbss = drv->first_bss; tbss; tbss = tbss->next) {
10298			if (tbss->next == bss) {
10299				tbss->next = bss->next;
10300				/* Unsubscribe management frames */
10301				nl80211_teardown_ap(bss);
10302				nl80211_destroy_bss(bss);
10303				if (!bss->added_if)
10304					i802_set_iface_flags(bss, 0);
10305				os_free(bss);
10306				bss = NULL;
10307				break;
10308			}
10309		}
10310		if (bss)
10311			wpa_printf(MSG_INFO, "nl80211: %s - could not find "
10312				   "BSS %p in the list", __func__, bss);
10313	} else {
10314		wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
10315		nl80211_teardown_ap(bss);
10316		if (!bss->added_if && !drv->first_bss->next)
10317			wpa_driver_nl80211_del_beacon(drv);
10318		nl80211_destroy_bss(bss);
10319		if (!bss->added_if)
10320			i802_set_iface_flags(bss, 0);
10321		if (drv->first_bss->next) {
10322			drv->first_bss = drv->first_bss->next;
10323			drv->ctx = drv->first_bss->ctx;
10324			os_free(bss);
10325		} else {
10326			wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to");
10327		}
10328	}
10329
10330	return 0;
10331}
10332
10333
10334static int cookie_handler(struct nl_msg *msg, void *arg)
10335{
10336	struct nlattr *tb[NL80211_ATTR_MAX + 1];
10337	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
10338	u64 *cookie = arg;
10339	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
10340		  genlmsg_attrlen(gnlh, 0), NULL);
10341	if (tb[NL80211_ATTR_COOKIE])
10342		*cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
10343	return NL_SKIP;
10344}
10345
10346
10347static int nl80211_send_frame_cmd(struct i802_bss *bss,
10348				  unsigned int freq, unsigned int wait,
10349				  const u8 *buf, size_t buf_len,
10350				  u64 *cookie_out, int no_cck, int no_ack,
10351				  int offchanok)
10352{
10353	struct wpa_driver_nl80211_data *drv = bss->drv;
10354	struct nl_msg *msg;
10355	u64 cookie;
10356	int ret = -1;
10357
10358	msg = nlmsg_alloc();
10359	if (!msg)
10360		return -1;
10361
10362	wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d "
10363		   "no_ack=%d offchanok=%d",
10364		   freq, wait, no_cck, no_ack, offchanok);
10365	wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len);
10366	nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME);
10367
10368	if (nl80211_set_iface_id(msg, bss) < 0)
10369		goto nla_put_failure;
10370	if (freq)
10371		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
10372	if (wait)
10373		NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait);
10374	if (offchanok && ((drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
10375			  drv->test_use_roc_tx))
10376		NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
10377	if (no_cck)
10378		NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
10379	if (no_ack)
10380		NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK);
10381
10382	NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf);
10383
10384	cookie = 0;
10385	ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
10386	msg = NULL;
10387	if (ret) {
10388		wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d "
10389			   "(%s) (freq=%u wait=%u)", ret, strerror(-ret),
10390			   freq, wait);
10391		goto nla_put_failure;
10392	}
10393	wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; "
10394		   "cookie 0x%llx", no_ack ? " (no ACK)" : "",
10395		   (long long unsigned int) cookie);
10396
10397	if (cookie_out)
10398		*cookie_out = no_ack ? (u64) -1 : cookie;
10399
10400nla_put_failure:
10401	nlmsg_free(msg);
10402	return ret;
10403}
10404
10405
10406static int wpa_driver_nl80211_send_action(struct i802_bss *bss,
10407					  unsigned int freq,
10408					  unsigned int wait_time,
10409					  const u8 *dst, const u8 *src,
10410					  const u8 *bssid,
10411					  const u8 *data, size_t data_len,
10412					  int no_cck)
10413{
10414	struct wpa_driver_nl80211_data *drv = bss->drv;
10415	int ret = -1;
10416	u8 *buf;
10417	struct ieee80211_hdr *hdr;
10418
10419	wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
10420		   "freq=%u MHz wait=%d ms no_cck=%d)",
10421		   drv->ifindex, freq, wait_time, no_cck);
10422
10423	buf = os_zalloc(24 + data_len);
10424	if (buf == NULL)
10425		return ret;
10426	os_memcpy(buf + 24, data, data_len);
10427	hdr = (struct ieee80211_hdr *) buf;
10428	hdr->frame_control =
10429		IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
10430	os_memcpy(hdr->addr1, dst, ETH_ALEN);
10431	os_memcpy(hdr->addr2, src, ETH_ALEN);
10432	os_memcpy(hdr->addr3, bssid, ETH_ALEN);
10433
10434	if (is_ap_interface(drv->nlmode) &&
10435	    (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
10436	     (int) freq == bss->freq || drv->device_ap_sme ||
10437	     !drv->use_monitor))
10438		ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len,
10439						   0, freq, no_cck, 1,
10440						   wait_time);
10441	else
10442		ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
10443					     24 + data_len,
10444					     &drv->send_action_cookie,
10445					     no_cck, 0, 1);
10446
10447	os_free(buf);
10448	return ret;
10449}
10450
10451
10452static void wpa_driver_nl80211_send_action_cancel_wait(void *priv)
10453{
10454	struct i802_bss *bss = priv;
10455	struct wpa_driver_nl80211_data *drv = bss->drv;
10456	struct nl_msg *msg;
10457	int ret;
10458
10459	msg = nlmsg_alloc();
10460	if (!msg)
10461		return;
10462
10463	wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx",
10464		   (long long unsigned int) drv->send_action_cookie);
10465	nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL);
10466
10467	if (nl80211_set_iface_id(msg, bss) < 0)
10468		goto nla_put_failure;
10469	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie);
10470
10471	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
10472	msg = NULL;
10473	if (ret)
10474		wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d "
10475			   "(%s)", ret, strerror(-ret));
10476
10477 nla_put_failure:
10478	nlmsg_free(msg);
10479}
10480
10481
10482static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
10483						unsigned int duration)
10484{
10485	struct i802_bss *bss = priv;
10486	struct wpa_driver_nl80211_data *drv = bss->drv;
10487	struct nl_msg *msg;
10488	int ret;
10489	u64 cookie;
10490
10491	msg = nlmsg_alloc();
10492	if (!msg)
10493		return -1;
10494
10495	nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL);
10496
10497	if (nl80211_set_iface_id(msg, bss) < 0)
10498		goto nla_put_failure;
10499
10500	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
10501	NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
10502
10503	cookie = 0;
10504	ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
10505	msg = NULL;
10506	if (ret == 0) {
10507		wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
10508			   "0x%llx for freq=%u MHz duration=%u",
10509			   (long long unsigned int) cookie, freq, duration);
10510		drv->remain_on_chan_cookie = cookie;
10511		drv->pending_remain_on_chan = 1;
10512		return 0;
10513	}
10514	wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
10515		   "(freq=%d duration=%u): %d (%s)",
10516		   freq, duration, ret, strerror(-ret));
10517nla_put_failure:
10518	nlmsg_free(msg);
10519	return -1;
10520}
10521
10522
10523static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
10524{
10525	struct i802_bss *bss = priv;
10526	struct wpa_driver_nl80211_data *drv = bss->drv;
10527	struct nl_msg *msg;
10528	int ret;
10529
10530	if (!drv->pending_remain_on_chan) {
10531		wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
10532			   "to cancel");
10533		return -1;
10534	}
10535
10536	wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
10537		   "0x%llx",
10538		   (long long unsigned int) drv->remain_on_chan_cookie);
10539
10540	msg = nlmsg_alloc();
10541	if (!msg)
10542		return -1;
10543
10544	nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL);
10545
10546	if (nl80211_set_iface_id(msg, bss) < 0)
10547		goto nla_put_failure;
10548
10549	NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie);
10550
10551	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
10552	msg = NULL;
10553	if (ret == 0)
10554		return 0;
10555	wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
10556		   "%d (%s)", ret, strerror(-ret));
10557nla_put_failure:
10558	nlmsg_free(msg);
10559	return -1;
10560}
10561
10562
10563static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report)
10564{
10565	struct wpa_driver_nl80211_data *drv = bss->drv;
10566
10567	if (!report) {
10568		if (bss->nl_preq && drv->device_ap_sme &&
10569		    is_ap_interface(drv->nlmode) && !bss->in_deinit) {
10570			/*
10571			 * Do not disable Probe Request reporting that was
10572			 * enabled in nl80211_setup_ap().
10573			 */
10574			wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of "
10575				   "Probe Request reporting nl_preq=%p while "
10576				   "in AP mode", bss->nl_preq);
10577		} else if (bss->nl_preq) {
10578			wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request "
10579				   "reporting nl_preq=%p", bss->nl_preq);
10580			nl80211_destroy_eloop_handle(&bss->nl_preq);
10581		}
10582		return 0;
10583	}
10584
10585	if (bss->nl_preq) {
10586		wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting "
10587			   "already on! nl_preq=%p", bss->nl_preq);
10588		return 0;
10589	}
10590
10591	bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq");
10592	if (bss->nl_preq == NULL)
10593		return -1;
10594	wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request "
10595		   "reporting nl_preq=%p", bss->nl_preq);
10596
10597	if (nl80211_register_frame(bss, bss->nl_preq,
10598				   (WLAN_FC_TYPE_MGMT << 2) |
10599				   (WLAN_FC_STYPE_PROBE_REQ << 4),
10600				   NULL, 0) < 0)
10601		goto out_err;
10602
10603	nl80211_register_eloop_read(&bss->nl_preq,
10604				    wpa_driver_nl80211_event_receive,
10605				    bss->nl_cb);
10606
10607	return 0;
10608
10609 out_err:
10610	nl_destroy_handles(&bss->nl_preq);
10611	return -1;
10612}
10613
10614
10615static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
10616				     int ifindex, int disabled)
10617{
10618	struct nl_msg *msg;
10619	struct nlattr *bands, *band;
10620	int ret;
10621
10622	msg = nlmsg_alloc();
10623	if (!msg)
10624		return -1;
10625
10626	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK);
10627	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
10628
10629	bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
10630	if (!bands)
10631		goto nla_put_failure;
10632
10633	/*
10634	 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
10635	 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
10636	 * rates. All 5 GHz rates are left enabled.
10637	 */
10638	band = nla_nest_start(msg, NL80211_BAND_2GHZ);
10639	if (!band)
10640		goto nla_put_failure;
10641	if (disabled) {
10642		NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8,
10643			"\x0c\x12\x18\x24\x30\x48\x60\x6c");
10644	}
10645	nla_nest_end(msg, band);
10646
10647	nla_nest_end(msg, bands);
10648
10649	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
10650	msg = NULL;
10651	if (ret) {
10652		wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
10653			   "(%s)", ret, strerror(-ret));
10654	} else
10655		drv->disabled_11b_rates = disabled;
10656
10657	return ret;
10658
10659nla_put_failure:
10660	nlmsg_free(msg);
10661	return -1;
10662}
10663
10664
10665static int wpa_driver_nl80211_deinit_ap(void *priv)
10666{
10667	struct i802_bss *bss = priv;
10668	struct wpa_driver_nl80211_data *drv = bss->drv;
10669	if (!is_ap_interface(drv->nlmode))
10670		return -1;
10671	wpa_driver_nl80211_del_beacon(drv);
10672
10673	/*
10674	 * If the P2P GO interface was dynamically added, then it is
10675	 * possible that the interface change to station is not possible.
10676	 */
10677	if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic)
10678		return 0;
10679
10680	return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
10681}
10682
10683
10684static int wpa_driver_nl80211_stop_ap(void *priv)
10685{
10686	struct i802_bss *bss = priv;
10687	struct wpa_driver_nl80211_data *drv = bss->drv;
10688	if (!is_ap_interface(drv->nlmode))
10689		return -1;
10690	wpa_driver_nl80211_del_beacon(drv);
10691	bss->beacon_set = 0;
10692	return 0;
10693}
10694
10695
10696static int wpa_driver_nl80211_deinit_p2p_cli(void *priv)
10697{
10698	struct i802_bss *bss = priv;
10699	struct wpa_driver_nl80211_data *drv = bss->drv;
10700	if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT)
10701		return -1;
10702
10703	/*
10704	 * If the P2P Client interface was dynamically added, then it is
10705	 * possible that the interface change to station is not possible.
10706	 */
10707	if (bss->if_dynamic)
10708		return 0;
10709
10710	return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
10711}
10712
10713
10714static void wpa_driver_nl80211_resume(void *priv)
10715{
10716	struct i802_bss *bss = priv;
10717
10718	if (i802_set_iface_flags(bss, 1))
10719		wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event");
10720}
10721
10722
10723static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap,
10724				  const u8 *ies, size_t ies_len)
10725{
10726	struct i802_bss *bss = priv;
10727	struct wpa_driver_nl80211_data *drv = bss->drv;
10728	int ret;
10729	u8 *data, *pos;
10730	size_t data_len;
10731	const u8 *own_addr = bss->addr;
10732
10733	if (action != 1) {
10734		wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action "
10735			   "action %d", action);
10736		return -1;
10737	}
10738
10739	/*
10740	 * Action frame payload:
10741	 * Category[1] = 6 (Fast BSS Transition)
10742	 * Action[1] = 1 (Fast BSS Transition Request)
10743	 * STA Address
10744	 * Target AP Address
10745	 * FT IEs
10746	 */
10747
10748	data_len = 2 + 2 * ETH_ALEN + ies_len;
10749	data = os_malloc(data_len);
10750	if (data == NULL)
10751		return -1;
10752	pos = data;
10753	*pos++ = 0x06; /* FT Action category */
10754	*pos++ = action;
10755	os_memcpy(pos, own_addr, ETH_ALEN);
10756	pos += ETH_ALEN;
10757	os_memcpy(pos, target_ap, ETH_ALEN);
10758	pos += ETH_ALEN;
10759	os_memcpy(pos, ies, ies_len);
10760
10761	ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0,
10762					     drv->bssid, own_addr, drv->bssid,
10763					     data, data_len, 0);
10764	os_free(data);
10765
10766	return ret;
10767}
10768
10769
10770static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
10771{
10772	struct i802_bss *bss = priv;
10773	struct wpa_driver_nl80211_data *drv = bss->drv;
10774	struct nl_msg *msg;
10775	struct nlattr *cqm;
10776	int ret = -1;
10777
10778	wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
10779		   "hysteresis=%d", threshold, hysteresis);
10780
10781	msg = nlmsg_alloc();
10782	if (!msg)
10783		return -1;
10784
10785	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM);
10786
10787	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
10788
10789	cqm = nla_nest_start(msg, NL80211_ATTR_CQM);
10790	if (cqm == NULL)
10791		goto nla_put_failure;
10792
10793	NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold);
10794	NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis);
10795	nla_nest_end(msg, cqm);
10796
10797	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
10798	msg = NULL;
10799
10800nla_put_failure:
10801	nlmsg_free(msg);
10802	return ret;
10803}
10804
10805
10806static int get_channel_width(struct nl_msg *msg, void *arg)
10807{
10808	struct nlattr *tb[NL80211_ATTR_MAX + 1];
10809	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
10810	struct wpa_signal_info *sig_change = arg;
10811
10812	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
10813		  genlmsg_attrlen(gnlh, 0), NULL);
10814
10815	sig_change->center_frq1 = -1;
10816	sig_change->center_frq2 = -1;
10817	sig_change->chanwidth = CHAN_WIDTH_UNKNOWN;
10818
10819	if (tb[NL80211_ATTR_CHANNEL_WIDTH]) {
10820		sig_change->chanwidth = convert2width(
10821			nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH]));
10822		if (tb[NL80211_ATTR_CENTER_FREQ1])
10823			sig_change->center_frq1 =
10824				nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
10825		if (tb[NL80211_ATTR_CENTER_FREQ2])
10826			sig_change->center_frq2 =
10827				nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
10828	}
10829
10830	return NL_SKIP;
10831}
10832
10833
10834static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv,
10835				     struct wpa_signal_info *sig)
10836{
10837	struct nl_msg *msg;
10838
10839	msg = nlmsg_alloc();
10840	if (!msg)
10841		return -ENOMEM;
10842
10843	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_INTERFACE);
10844	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
10845
10846	return send_and_recv_msgs(drv, msg, get_channel_width, sig);
10847
10848nla_put_failure:
10849	nlmsg_free(msg);
10850	return -ENOBUFS;
10851}
10852
10853
10854static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si)
10855{
10856	struct i802_bss *bss = priv;
10857	struct wpa_driver_nl80211_data *drv = bss->drv;
10858	int res;
10859
10860	os_memset(si, 0, sizeof(*si));
10861	res = nl80211_get_link_signal(drv, si);
10862	if (res != 0)
10863		return res;
10864
10865	res = nl80211_get_channel_width(drv, si);
10866	if (res != 0)
10867		return res;
10868
10869	return nl80211_get_link_noise(drv, si);
10870}
10871
10872
10873static int wpa_driver_nl80211_shared_freq(void *priv)
10874{
10875	struct i802_bss *bss = priv;
10876	struct wpa_driver_nl80211_data *drv = bss->drv;
10877	struct wpa_driver_nl80211_data *driver;
10878	int freq = 0;
10879
10880	/*
10881	 * If the same PHY is in connected state with some other interface,
10882	 * then retrieve the assoc freq.
10883	 */
10884	wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s",
10885		   drv->phyname);
10886
10887	dl_list_for_each(driver, &drv->global->interfaces,
10888			 struct wpa_driver_nl80211_data, list) {
10889		if (drv == driver ||
10890		    os_strcmp(drv->phyname, driver->phyname) != 0 ||
10891		    !driver->associated)
10892			continue;
10893
10894		wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s "
10895			   MACSTR,
10896			   driver->phyname, driver->first_bss->ifname,
10897			   MAC2STR(driver->first_bss->addr));
10898		if (is_ap_interface(driver->nlmode))
10899			freq = driver->first_bss->freq;
10900		else
10901			freq = nl80211_get_assoc_freq(driver);
10902		wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d",
10903			   drv->phyname, freq);
10904	}
10905
10906	if (!freq)
10907		wpa_printf(MSG_DEBUG, "nl80211: No shared interface for "
10908			   "PHY (%s) in associated state", drv->phyname);
10909
10910	return freq;
10911}
10912
10913
10914static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len,
10915			      int encrypt)
10916{
10917	struct i802_bss *bss = priv;
10918	return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0,
10919					     0, 0, 0, 0);
10920}
10921
10922
10923static int nl80211_set_param(void *priv, const char *param)
10924{
10925	wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param);
10926	if (param == NULL)
10927		return 0;
10928
10929#ifdef CONFIG_P2P
10930	if (os_strstr(param, "use_p2p_group_interface=1")) {
10931		struct i802_bss *bss = priv;
10932		struct wpa_driver_nl80211_data *drv = bss->drv;
10933
10934		wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
10935			   "interface");
10936		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
10937		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
10938	}
10939
10940	if (os_strstr(param, "p2p_device=1")) {
10941		struct i802_bss *bss = priv;
10942		struct wpa_driver_nl80211_data *drv = bss->drv;
10943		drv->allow_p2p_device = 1;
10944	}
10945#endif /* CONFIG_P2P */
10946
10947	if (os_strstr(param, "use_monitor=1")) {
10948		struct i802_bss *bss = priv;
10949		struct wpa_driver_nl80211_data *drv = bss->drv;
10950		drv->use_monitor = 1;
10951	}
10952
10953	if (os_strstr(param, "force_connect_cmd=1")) {
10954		struct i802_bss *bss = priv;
10955		struct wpa_driver_nl80211_data *drv = bss->drv;
10956		drv->capa.flags &= ~WPA_DRIVER_FLAGS_SME;
10957	}
10958
10959	if (os_strstr(param, "no_offchannel_tx=1")) {
10960		struct i802_bss *bss = priv;
10961		struct wpa_driver_nl80211_data *drv = bss->drv;
10962		drv->capa.flags &= ~WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
10963		drv->test_use_roc_tx = 1;
10964	}
10965
10966	return 0;
10967}
10968
10969
10970static void * nl80211_global_init(void)
10971{
10972	struct nl80211_global *global;
10973	struct netlink_config *cfg;
10974
10975	global = os_zalloc(sizeof(*global));
10976	if (global == NULL)
10977		return NULL;
10978	global->ioctl_sock = -1;
10979	dl_list_init(&global->interfaces);
10980	global->if_add_ifindex = -1;
10981
10982	cfg = os_zalloc(sizeof(*cfg));
10983	if (cfg == NULL)
10984		goto err;
10985
10986	cfg->ctx = global;
10987	cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
10988	cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
10989	global->netlink = netlink_init(cfg);
10990	if (global->netlink == NULL) {
10991		os_free(cfg);
10992		goto err;
10993	}
10994
10995	if (wpa_driver_nl80211_init_nl_global(global) < 0)
10996		goto err;
10997
10998	global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
10999	if (global->ioctl_sock < 0) {
11000		wpa_printf(MSG_ERROR, "nl80211: socket(PF_INET,SOCK_DGRAM) failed: %s",
11001			   strerror(errno));
11002		goto err;
11003	}
11004
11005	return global;
11006
11007err:
11008	nl80211_global_deinit(global);
11009	return NULL;
11010}
11011
11012
11013static void nl80211_global_deinit(void *priv)
11014{
11015	struct nl80211_global *global = priv;
11016	if (global == NULL)
11017		return;
11018	if (!dl_list_empty(&global->interfaces)) {
11019		wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at "
11020			   "nl80211_global_deinit",
11021			   dl_list_len(&global->interfaces));
11022	}
11023
11024	if (global->netlink)
11025		netlink_deinit(global->netlink);
11026
11027	nl_destroy_handles(&global->nl);
11028
11029	if (global->nl_event)
11030		nl80211_destroy_eloop_handle(&global->nl_event);
11031
11032	nl_cb_put(global->nl_cb);
11033
11034	if (global->ioctl_sock >= 0)
11035		close(global->ioctl_sock);
11036
11037	os_free(global);
11038}
11039
11040
11041static const char * nl80211_get_radio_name(void *priv)
11042{
11043	struct i802_bss *bss = priv;
11044	struct wpa_driver_nl80211_data *drv = bss->drv;
11045	return drv->phyname;
11046}
11047
11048
11049static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid,
11050			 const u8 *pmkid)
11051{
11052	struct nl_msg *msg;
11053
11054	msg = nlmsg_alloc();
11055	if (!msg)
11056		return -ENOMEM;
11057
11058	nl80211_cmd(bss->drv, msg, 0, cmd);
11059
11060	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
11061	if (pmkid)
11062		NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid);
11063	if (bssid)
11064		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
11065
11066	return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
11067 nla_put_failure:
11068	nlmsg_free(msg);
11069	return -ENOBUFS;
11070}
11071
11072
11073static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
11074{
11075	struct i802_bss *bss = priv;
11076	wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid));
11077	return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid);
11078}
11079
11080
11081static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
11082{
11083	struct i802_bss *bss = priv;
11084	wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR,
11085		   MAC2STR(bssid));
11086	return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid);
11087}
11088
11089
11090static int nl80211_flush_pmkid(void *priv)
11091{
11092	struct i802_bss *bss = priv;
11093	wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs");
11094	return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL);
11095}
11096
11097
11098static void clean_survey_results(struct survey_results *survey_results)
11099{
11100	struct freq_survey *survey, *tmp;
11101
11102	if (dl_list_empty(&survey_results->survey_list))
11103		return;
11104
11105	dl_list_for_each_safe(survey, tmp, &survey_results->survey_list,
11106			      struct freq_survey, list) {
11107		dl_list_del(&survey->list);
11108		os_free(survey);
11109	}
11110}
11111
11112
11113static void add_survey(struct nlattr **sinfo, u32 ifidx,
11114		       struct dl_list *survey_list)
11115{
11116	struct freq_survey *survey;
11117
11118	survey = os_zalloc(sizeof(struct freq_survey));
11119	if  (!survey)
11120		return;
11121
11122	survey->ifidx = ifidx;
11123	survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
11124	survey->filled = 0;
11125
11126	if (sinfo[NL80211_SURVEY_INFO_NOISE]) {
11127		survey->nf = (int8_t)
11128			nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
11129		survey->filled |= SURVEY_HAS_NF;
11130	}
11131
11132	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) {
11133		survey->channel_time =
11134			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]);
11135		survey->filled |= SURVEY_HAS_CHAN_TIME;
11136	}
11137
11138	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) {
11139		survey->channel_time_busy =
11140			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]);
11141		survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY;
11142	}
11143
11144	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) {
11145		survey->channel_time_rx =
11146			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]);
11147		survey->filled |= SURVEY_HAS_CHAN_TIME_RX;
11148	}
11149
11150	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) {
11151		survey->channel_time_tx =
11152			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]);
11153		survey->filled |= SURVEY_HAS_CHAN_TIME_TX;
11154	}
11155
11156	wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)",
11157		   survey->freq,
11158		   survey->nf,
11159		   (unsigned long int) survey->channel_time,
11160		   (unsigned long int) survey->channel_time_busy,
11161		   (unsigned long int) survey->channel_time_tx,
11162		   (unsigned long int) survey->channel_time_rx,
11163		   survey->filled);
11164
11165	dl_list_add_tail(survey_list, &survey->list);
11166}
11167
11168
11169static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq,
11170			   unsigned int freq_filter)
11171{
11172	if (!freq_filter)
11173		return 1;
11174
11175	return freq_filter == surveyed_freq;
11176}
11177
11178
11179static int survey_handler(struct nl_msg *msg, void *arg)
11180{
11181	struct nlattr *tb[NL80211_ATTR_MAX + 1];
11182	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
11183	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
11184	struct survey_results *survey_results;
11185	u32 surveyed_freq = 0;
11186	u32 ifidx;
11187
11188	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
11189		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
11190		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
11191	};
11192
11193	survey_results = (struct survey_results *) arg;
11194
11195	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
11196		  genlmsg_attrlen(gnlh, 0), NULL);
11197
11198	if (!tb[NL80211_ATTR_IFINDEX])
11199		return NL_SKIP;
11200
11201	ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
11202
11203	if (!tb[NL80211_ATTR_SURVEY_INFO])
11204		return NL_SKIP;
11205
11206	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
11207			     tb[NL80211_ATTR_SURVEY_INFO],
11208			     survey_policy))
11209		return NL_SKIP;
11210
11211	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) {
11212		wpa_printf(MSG_ERROR, "nl80211: Invalid survey data");
11213		return NL_SKIP;
11214	}
11215
11216	surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
11217
11218	if (!check_survey_ok(sinfo, surveyed_freq,
11219			     survey_results->freq_filter))
11220		return NL_SKIP;
11221
11222	if (survey_results->freq_filter &&
11223	    survey_results->freq_filter != surveyed_freq) {
11224		wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz",
11225			   surveyed_freq);
11226		return NL_SKIP;
11227	}
11228
11229	add_survey(sinfo, ifidx, &survey_results->survey_list);
11230
11231	return NL_SKIP;
11232}
11233
11234
11235static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq)
11236{
11237	struct i802_bss *bss = priv;
11238	struct wpa_driver_nl80211_data *drv = bss->drv;
11239	struct nl_msg *msg;
11240	int err = -ENOBUFS;
11241	union wpa_event_data data;
11242	struct survey_results *survey_results;
11243
11244	os_memset(&data, 0, sizeof(data));
11245	survey_results = &data.survey_results;
11246
11247	dl_list_init(&survey_results->survey_list);
11248
11249	msg = nlmsg_alloc();
11250	if (!msg)
11251		goto nla_put_failure;
11252
11253	nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
11254
11255	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
11256
11257	if (freq)
11258		data.survey_results.freq_filter = freq;
11259
11260	do {
11261		wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data");
11262		err = send_and_recv_msgs(drv, msg, survey_handler,
11263					 survey_results);
11264	} while (err > 0);
11265
11266	if (err) {
11267		wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data");
11268		goto out_clean;
11269	}
11270
11271	wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data);
11272
11273out_clean:
11274	clean_survey_results(survey_results);
11275nla_put_failure:
11276	return err;
11277}
11278
11279
11280static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck,
11281				   const u8 *replay_ctr)
11282{
11283	struct i802_bss *bss = priv;
11284	struct wpa_driver_nl80211_data *drv = bss->drv;
11285	struct nlattr *replay_nested;
11286	struct nl_msg *msg;
11287
11288	msg = nlmsg_alloc();
11289	if (!msg)
11290		return;
11291
11292	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
11293
11294	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
11295
11296	replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
11297	if (!replay_nested)
11298		goto nla_put_failure;
11299
11300	NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek);
11301	NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck);
11302	NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN,
11303		replay_ctr);
11304
11305	nla_nest_end(msg, replay_nested);
11306
11307	send_and_recv_msgs(drv, msg, NULL, NULL);
11308	return;
11309 nla_put_failure:
11310	nlmsg_free(msg);
11311}
11312
11313
11314static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr,
11315				    const u8 *addr, int qos)
11316{
11317	/* send data frame to poll STA and check whether
11318	 * this frame is ACKed */
11319	struct {
11320		struct ieee80211_hdr hdr;
11321		u16 qos_ctl;
11322	} STRUCT_PACKED nulldata;
11323	size_t size;
11324
11325	/* Send data frame to poll STA and check whether this frame is ACKed */
11326
11327	os_memset(&nulldata, 0, sizeof(nulldata));
11328
11329	if (qos) {
11330		nulldata.hdr.frame_control =
11331			IEEE80211_FC(WLAN_FC_TYPE_DATA,
11332				     WLAN_FC_STYPE_QOS_NULL);
11333		size = sizeof(nulldata);
11334	} else {
11335		nulldata.hdr.frame_control =
11336			IEEE80211_FC(WLAN_FC_TYPE_DATA,
11337				     WLAN_FC_STYPE_NULLFUNC);
11338		size = sizeof(struct ieee80211_hdr);
11339	}
11340
11341	nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS);
11342	os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN);
11343	os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
11344	os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
11345
11346	if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0,
11347					 0, 0) < 0)
11348		wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to "
11349			   "send poll frame");
11350}
11351
11352static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr,
11353				int qos)
11354{
11355	struct i802_bss *bss = priv;
11356	struct wpa_driver_nl80211_data *drv = bss->drv;
11357	struct nl_msg *msg;
11358
11359	if (!drv->poll_command_supported) {
11360		nl80211_send_null_frame(bss, own_addr, addr, qos);
11361		return;
11362	}
11363
11364	msg = nlmsg_alloc();
11365	if (!msg)
11366		return;
11367
11368	nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT);
11369
11370	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
11371	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
11372
11373	send_and_recv_msgs(drv, msg, NULL, NULL);
11374	return;
11375 nla_put_failure:
11376	nlmsg_free(msg);
11377}
11378
11379
11380static int nl80211_set_power_save(struct i802_bss *bss, int enabled)
11381{
11382	struct nl_msg *msg;
11383
11384	msg = nlmsg_alloc();
11385	if (!msg)
11386		return -ENOMEM;
11387
11388	nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE);
11389	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
11390	NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE,
11391		    enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED);
11392	return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
11393nla_put_failure:
11394	nlmsg_free(msg);
11395	return -ENOBUFS;
11396}
11397
11398
11399static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps,
11400				     int ctwindow)
11401{
11402	struct i802_bss *bss = priv;
11403
11404	wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d "
11405		   "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow);
11406
11407	if (opp_ps != -1 || ctwindow != -1) {
11408#ifdef ANDROID_P2P
11409		wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow);
11410#else /* ANDROID_P2P */
11411		return -1; /* Not yet supported */
11412#endif /* ANDROID_P2P */
11413	}
11414
11415	if (legacy_ps == -1)
11416		return 0;
11417	if (legacy_ps != 0 && legacy_ps != 1)
11418		return -1; /* Not yet supported */
11419
11420	return nl80211_set_power_save(bss, legacy_ps);
11421}
11422
11423
11424static int nl80211_start_radar_detection(void *priv,
11425					 struct hostapd_freq_params *freq)
11426{
11427	struct i802_bss *bss = priv;
11428	struct wpa_driver_nl80211_data *drv = bss->drv;
11429	struct nl_msg *msg;
11430	int ret;
11431
11432	wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
11433		   freq->freq, freq->ht_enabled, freq->vht_enabled,
11434		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
11435
11436	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) {
11437		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar "
11438			   "detection");
11439		return -1;
11440	}
11441
11442	msg = nlmsg_alloc();
11443	if (!msg)
11444		return -1;
11445
11446	nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_RADAR_DETECT);
11447	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
11448	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq);
11449
11450	if (freq->vht_enabled) {
11451		switch (freq->bandwidth) {
11452		case 20:
11453			NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
11454				    NL80211_CHAN_WIDTH_20);
11455			break;
11456		case 40:
11457			NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
11458				    NL80211_CHAN_WIDTH_40);
11459			break;
11460		case 80:
11461			if (freq->center_freq2)
11462				NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
11463					    NL80211_CHAN_WIDTH_80P80);
11464			else
11465				NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
11466					    NL80211_CHAN_WIDTH_80);
11467			break;
11468		case 160:
11469			NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
11470				    NL80211_CHAN_WIDTH_160);
11471			break;
11472		default:
11473			return -1;
11474		}
11475		NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1);
11476		if (freq->center_freq2)
11477			NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2,
11478				    freq->center_freq2);
11479	} else if (freq->ht_enabled) {
11480		switch (freq->sec_channel_offset) {
11481		case -1:
11482			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
11483				    NL80211_CHAN_HT40MINUS);
11484			break;
11485		case 1:
11486			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
11487				    NL80211_CHAN_HT40PLUS);
11488			break;
11489		default:
11490			NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
11491				    NL80211_CHAN_HT20);
11492			break;
11493		}
11494	}
11495
11496	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
11497	if (ret == 0)
11498		return 0;
11499	wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: "
11500		   "%d (%s)", ret, strerror(-ret));
11501nla_put_failure:
11502	return -1;
11503}
11504
11505#ifdef CONFIG_TDLS
11506
11507static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code,
11508				  u8 dialog_token, u16 status_code,
11509				  u32 peer_capab, const u8 *buf, size_t len)
11510{
11511	struct i802_bss *bss = priv;
11512	struct wpa_driver_nl80211_data *drv = bss->drv;
11513	struct nl_msg *msg;
11514
11515	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
11516		return -EOPNOTSUPP;
11517
11518	if (!dst)
11519		return -EINVAL;
11520
11521	msg = nlmsg_alloc();
11522	if (!msg)
11523		return -ENOMEM;
11524
11525	nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT);
11526	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
11527	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
11528	NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code);
11529	NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token);
11530	NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code);
11531	if (peer_capab) {
11532		/*
11533		 * The internal enum tdls_peer_capability definition is
11534		 * currently identical with the nl80211 enum
11535		 * nl80211_tdls_peer_capability, so no conversion is needed
11536		 * here.
11537		 */
11538		NLA_PUT_U32(msg, NL80211_ATTR_TDLS_PEER_CAPABILITY, peer_capab);
11539	}
11540	NLA_PUT(msg, NL80211_ATTR_IE, len, buf);
11541
11542	return send_and_recv_msgs(drv, msg, NULL, NULL);
11543
11544nla_put_failure:
11545	nlmsg_free(msg);
11546	return -ENOBUFS;
11547}
11548
11549
11550static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer)
11551{
11552	struct i802_bss *bss = priv;
11553	struct wpa_driver_nl80211_data *drv = bss->drv;
11554	struct nl_msg *msg;
11555	enum nl80211_tdls_operation nl80211_oper;
11556
11557	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
11558		return -EOPNOTSUPP;
11559
11560	switch (oper) {
11561	case TDLS_DISCOVERY_REQ:
11562		nl80211_oper = NL80211_TDLS_DISCOVERY_REQ;
11563		break;
11564	case TDLS_SETUP:
11565		nl80211_oper = NL80211_TDLS_SETUP;
11566		break;
11567	case TDLS_TEARDOWN:
11568		nl80211_oper = NL80211_TDLS_TEARDOWN;
11569		break;
11570	case TDLS_ENABLE_LINK:
11571		nl80211_oper = NL80211_TDLS_ENABLE_LINK;
11572		break;
11573	case TDLS_DISABLE_LINK:
11574		nl80211_oper = NL80211_TDLS_DISABLE_LINK;
11575		break;
11576	case TDLS_ENABLE:
11577		return 0;
11578	case TDLS_DISABLE:
11579		return 0;
11580	default:
11581		return -EINVAL;
11582	}
11583
11584	msg = nlmsg_alloc();
11585	if (!msg)
11586		return -ENOMEM;
11587
11588	nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER);
11589	NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper);
11590	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
11591	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer);
11592
11593	return send_and_recv_msgs(drv, msg, NULL, NULL);
11594
11595nla_put_failure:
11596	nlmsg_free(msg);
11597	return -ENOBUFS;
11598}
11599
11600#endif /* CONFIG TDLS */
11601
11602
11603#ifdef ANDROID
11604
11605typedef struct android_wifi_priv_cmd {
11606	char *buf;
11607	int used_len;
11608	int total_len;
11609} android_wifi_priv_cmd;
11610
11611static int drv_errors = 0;
11612
11613static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv)
11614{
11615	drv_errors++;
11616	if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) {
11617		drv_errors = 0;
11618		wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED");
11619	}
11620}
11621
11622
11623static int android_priv_cmd(struct i802_bss *bss, const char *cmd)
11624{
11625	struct wpa_driver_nl80211_data *drv = bss->drv;
11626	struct ifreq ifr;
11627	android_wifi_priv_cmd priv_cmd;
11628	char buf[MAX_DRV_CMD_SIZE];
11629	int ret;
11630
11631	os_memset(&ifr, 0, sizeof(ifr));
11632	os_memset(&priv_cmd, 0, sizeof(priv_cmd));
11633	os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ);
11634
11635	os_memset(buf, 0, sizeof(buf));
11636	os_strlcpy(buf, cmd, sizeof(buf));
11637
11638	priv_cmd.buf = buf;
11639	priv_cmd.used_len = sizeof(buf);
11640	priv_cmd.total_len = sizeof(buf);
11641	ifr.ifr_data = &priv_cmd;
11642
11643	ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr);
11644	if (ret < 0) {
11645		wpa_printf(MSG_ERROR, "%s: failed to issue private commands",
11646			   __func__);
11647		wpa_driver_send_hang_msg(drv);
11648		return ret;
11649	}
11650
11651	drv_errors = 0;
11652	return 0;
11653}
11654
11655
11656static int android_pno_start(struct i802_bss *bss,
11657			     struct wpa_driver_scan_params *params)
11658{
11659	struct wpa_driver_nl80211_data *drv = bss->drv;
11660	struct ifreq ifr;
11661	android_wifi_priv_cmd priv_cmd;
11662	int ret = 0, i = 0, bp;
11663	char buf[WEXT_PNO_MAX_COMMAND_SIZE];
11664
11665	bp = WEXT_PNOSETUP_HEADER_SIZE;
11666	os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp);
11667	buf[bp++] = WEXT_PNO_TLV_PREFIX;
11668	buf[bp++] = WEXT_PNO_TLV_VERSION;
11669	buf[bp++] = WEXT_PNO_TLV_SUBVERSION;
11670	buf[bp++] = WEXT_PNO_TLV_RESERVED;
11671
11672	while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) {
11673		/* Check that there is enough space needed for 1 more SSID, the
11674		 * other sections and null termination */
11675		if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN +
11676		     WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf))
11677			break;
11678		wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan",
11679				  params->ssids[i].ssid,
11680				  params->ssids[i].ssid_len);
11681		buf[bp++] = WEXT_PNO_SSID_SECTION;
11682		buf[bp++] = params->ssids[i].ssid_len;
11683		os_memcpy(&buf[bp], params->ssids[i].ssid,
11684			  params->ssids[i].ssid_len);
11685		bp += params->ssids[i].ssid_len;
11686		i++;
11687	}
11688
11689	buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION;
11690	os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x",
11691		    WEXT_PNO_SCAN_INTERVAL);
11692	bp += WEXT_PNO_SCAN_INTERVAL_LENGTH;
11693
11694	buf[bp++] = WEXT_PNO_REPEAT_SECTION;
11695	os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x",
11696		    WEXT_PNO_REPEAT);
11697	bp += WEXT_PNO_REPEAT_LENGTH;
11698
11699	buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION;
11700	os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x",
11701		    WEXT_PNO_MAX_REPEAT);
11702	bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1;
11703
11704	memset(&ifr, 0, sizeof(ifr));
11705	memset(&priv_cmd, 0, sizeof(priv_cmd));
11706	os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ);
11707
11708	priv_cmd.buf = buf;
11709	priv_cmd.used_len = bp;
11710	priv_cmd.total_len = bp;
11711	ifr.ifr_data = &priv_cmd;
11712
11713	ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr);
11714
11715	if (ret < 0) {
11716		wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d",
11717			   ret);
11718		wpa_driver_send_hang_msg(drv);
11719		return ret;
11720	}
11721
11722	drv_errors = 0;
11723
11724	return android_priv_cmd(bss, "PNOFORCE 1");
11725}
11726
11727
11728static int android_pno_stop(struct i802_bss *bss)
11729{
11730	return android_priv_cmd(bss, "PNOFORCE 0");
11731}
11732
11733#endif /* ANDROID */
11734
11735
11736static int driver_nl80211_set_key(const char *ifname, void *priv,
11737				  enum wpa_alg alg, const u8 *addr,
11738				  int key_idx, int set_tx,
11739				  const u8 *seq, size_t seq_len,
11740				  const u8 *key, size_t key_len)
11741{
11742	struct i802_bss *bss = priv;
11743	return wpa_driver_nl80211_set_key(ifname, bss, alg, addr, key_idx,
11744					  set_tx, seq, seq_len, key, key_len);
11745}
11746
11747
11748static int driver_nl80211_scan2(void *priv,
11749				struct wpa_driver_scan_params *params)
11750{
11751	struct i802_bss *bss = priv;
11752	return wpa_driver_nl80211_scan(bss, params);
11753}
11754
11755
11756static int driver_nl80211_deauthenticate(void *priv, const u8 *addr,
11757					 int reason_code)
11758{
11759	struct i802_bss *bss = priv;
11760	return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code);
11761}
11762
11763
11764static int driver_nl80211_authenticate(void *priv,
11765				       struct wpa_driver_auth_params *params)
11766{
11767	struct i802_bss *bss = priv;
11768	return wpa_driver_nl80211_authenticate(bss, params);
11769}
11770
11771
11772static void driver_nl80211_deinit(void *priv)
11773{
11774	struct i802_bss *bss = priv;
11775	wpa_driver_nl80211_deinit(bss);
11776}
11777
11778
11779static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type,
11780				    const char *ifname)
11781{
11782	struct i802_bss *bss = priv;
11783	return wpa_driver_nl80211_if_remove(bss, type, ifname);
11784}
11785
11786
11787static int driver_nl80211_send_mlme(void *priv, const u8 *data,
11788				    size_t data_len, int noack)
11789{
11790	struct i802_bss *bss = priv;
11791	return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack,
11792					    0, 0, 0, 0);
11793}
11794
11795
11796static int driver_nl80211_sta_remove(void *priv, const u8 *addr)
11797{
11798	struct i802_bss *bss = priv;
11799	return wpa_driver_nl80211_sta_remove(bss, addr);
11800}
11801
11802
11803static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr,
11804				       const char *ifname, int vlan_id)
11805{
11806	struct i802_bss *bss = priv;
11807	return i802_set_sta_vlan(bss, addr, ifname, vlan_id);
11808}
11809
11810
11811static int driver_nl80211_read_sta_data(void *priv,
11812					struct hostap_sta_driver_data *data,
11813					const u8 *addr)
11814{
11815	struct i802_bss *bss = priv;
11816	return i802_read_sta_data(bss, data, addr);
11817}
11818
11819
11820static int driver_nl80211_send_action(void *priv, unsigned int freq,
11821				      unsigned int wait_time,
11822				      const u8 *dst, const u8 *src,
11823				      const u8 *bssid,
11824				      const u8 *data, size_t data_len,
11825				      int no_cck)
11826{
11827	struct i802_bss *bss = priv;
11828	return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src,
11829					      bssid, data, data_len, no_cck);
11830}
11831
11832
11833static int driver_nl80211_probe_req_report(void *priv, int report)
11834{
11835	struct i802_bss *bss = priv;
11836	return wpa_driver_nl80211_probe_req_report(bss, report);
11837}
11838
11839
11840static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md,
11841					    const u8 *ies, size_t ies_len)
11842{
11843	int ret;
11844	struct nl_msg *msg;
11845	struct i802_bss *bss = priv;
11846	struct wpa_driver_nl80211_data *drv = bss->drv;
11847	u16 mdid = WPA_GET_LE16(md);
11848
11849	msg = nlmsg_alloc();
11850	if (!msg)
11851		return -ENOMEM;
11852
11853	wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs");
11854	nl80211_cmd(drv, msg, 0, NL80211_CMD_UPDATE_FT_IES);
11855	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
11856	NLA_PUT(msg, NL80211_ATTR_IE, ies_len, ies);
11857	NLA_PUT_U16(msg, NL80211_ATTR_MDID, mdid);
11858
11859	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
11860	if (ret) {
11861		wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed "
11862			   "err=%d (%s)", ret, strerror(-ret));
11863	}
11864
11865	return ret;
11866
11867nla_put_failure:
11868	nlmsg_free(msg);
11869	return -ENOBUFS;
11870}
11871
11872
11873const u8 * wpa_driver_nl80211_get_macaddr(void *priv)
11874{
11875	struct i802_bss *bss = priv;
11876	struct wpa_driver_nl80211_data *drv = bss->drv;
11877
11878	if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE)
11879		return NULL;
11880
11881	return bss->addr;
11882}
11883
11884
11885static const char * scan_state_str(enum scan_states scan_state)
11886{
11887	switch (scan_state) {
11888	case NO_SCAN:
11889		return "NO_SCAN";
11890	case SCAN_REQUESTED:
11891		return "SCAN_REQUESTED";
11892	case SCAN_STARTED:
11893		return "SCAN_STARTED";
11894	case SCAN_COMPLETED:
11895		return "SCAN_COMPLETED";
11896	case SCAN_ABORTED:
11897		return "SCAN_ABORTED";
11898	case SCHED_SCAN_STARTED:
11899		return "SCHED_SCAN_STARTED";
11900	case SCHED_SCAN_STOPPED:
11901		return "SCHED_SCAN_STOPPED";
11902	case SCHED_SCAN_RESULTS:
11903		return "SCHED_SCAN_RESULTS";
11904	}
11905
11906	return "??";
11907}
11908
11909
11910static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen)
11911{
11912	struct i802_bss *bss = priv;
11913	struct wpa_driver_nl80211_data *drv = bss->drv;
11914	int res;
11915	char *pos, *end;
11916
11917	pos = buf;
11918	end = buf + buflen;
11919
11920	res = os_snprintf(pos, end - pos,
11921			  "ifindex=%d\n"
11922			  "ifname=%s\n"
11923			  "brname=%s\n"
11924			  "addr=" MACSTR "\n"
11925			  "freq=%d\n"
11926			  "%s%s%s%s%s",
11927			  bss->ifindex,
11928			  bss->ifname,
11929			  bss->brname,
11930			  MAC2STR(bss->addr),
11931			  bss->freq,
11932			  bss->beacon_set ? "beacon_set=1\n" : "",
11933			  bss->added_if_into_bridge ?
11934			  "added_if_into_bridge=1\n" : "",
11935			  bss->added_bridge ? "added_bridge=1\n" : "",
11936			  bss->in_deinit ? "in_deinit=1\n" : "",
11937			  bss->if_dynamic ? "if_dynamic=1\n" : "");
11938	if (res < 0 || res >= end - pos)
11939		return pos - buf;
11940	pos += res;
11941
11942	if (bss->wdev_id_set) {
11943		res = os_snprintf(pos, end - pos, "wdev_id=%llu\n",
11944				  (unsigned long long) bss->wdev_id);
11945		if (res < 0 || res >= end - pos)
11946			return pos - buf;
11947		pos += res;
11948	}
11949
11950	res = os_snprintf(pos, end - pos,
11951			  "phyname=%s\n"
11952			  "drv_ifindex=%d\n"
11953			  "operstate=%d\n"
11954			  "scan_state=%s\n"
11955			  "auth_bssid=" MACSTR "\n"
11956			  "auth_attempt_bssid=" MACSTR "\n"
11957			  "bssid=" MACSTR "\n"
11958			  "prev_bssid=" MACSTR "\n"
11959			  "associated=%d\n"
11960			  "assoc_freq=%u\n"
11961			  "monitor_sock=%d\n"
11962			  "monitor_ifidx=%d\n"
11963			  "monitor_refcount=%d\n"
11964			  "last_mgmt_freq=%u\n"
11965			  "eapol_tx_sock=%d\n"
11966			  "%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
11967			  drv->phyname,
11968			  drv->ifindex,
11969			  drv->operstate,
11970			  scan_state_str(drv->scan_state),
11971			  MAC2STR(drv->auth_bssid),
11972			  MAC2STR(drv->auth_attempt_bssid),
11973			  MAC2STR(drv->bssid),
11974			  MAC2STR(drv->prev_bssid),
11975			  drv->associated,
11976			  drv->assoc_freq,
11977			  drv->monitor_sock,
11978			  drv->monitor_ifidx,
11979			  drv->monitor_refcount,
11980			  drv->last_mgmt_freq,
11981			  drv->eapol_tx_sock,
11982			  drv->ignore_if_down_event ?
11983			  "ignore_if_down_event=1\n" : "",
11984			  drv->scan_complete_events ?
11985			  "scan_complete_events=1\n" : "",
11986			  drv->disabled_11b_rates ?
11987			  "disabled_11b_rates=1\n" : "",
11988			  drv->pending_remain_on_chan ?
11989			  "pending_remain_on_chan=1\n" : "",
11990			  drv->in_interface_list ? "in_interface_list=1\n" : "",
11991			  drv->device_ap_sme ? "device_ap_sme=1\n" : "",
11992			  drv->poll_command_supported ?
11993			  "poll_command_supported=1\n" : "",
11994			  drv->data_tx_status ? "data_tx_status=1\n" : "",
11995			  drv->scan_for_auth ? "scan_for_auth=1\n" : "",
11996			  drv->retry_auth ? "retry_auth=1\n" : "",
11997			  drv->use_monitor ? "use_monitor=1\n" : "",
11998			  drv->ignore_next_local_disconnect ?
11999			  "ignore_next_local_disconnect=1\n" : "",
12000			  drv->ignore_next_local_deauth ?
12001			  "ignore_next_local_deauth=1\n" : "",
12002			  drv->allow_p2p_device ? "allow_p2p_device=1\n" : "");
12003	if (res < 0 || res >= end - pos)
12004		return pos - buf;
12005	pos += res;
12006
12007	if (drv->has_capability) {
12008		res = os_snprintf(pos, end - pos,
12009				  "capa.key_mgmt=0x%x\n"
12010				  "capa.enc=0x%x\n"
12011				  "capa.auth=0x%x\n"
12012				  "capa.flags=0x%x\n"
12013				  "capa.max_scan_ssids=%d\n"
12014				  "capa.max_sched_scan_ssids=%d\n"
12015				  "capa.sched_scan_supported=%d\n"
12016				  "capa.max_match_sets=%d\n"
12017				  "capa.max_remain_on_chan=%u\n"
12018				  "capa.max_stations=%u\n"
12019				  "capa.probe_resp_offloads=0x%x\n"
12020				  "capa.max_acl_mac_addrs=%u\n"
12021				  "capa.num_multichan_concurrent=%u\n",
12022				  drv->capa.key_mgmt,
12023				  drv->capa.enc,
12024				  drv->capa.auth,
12025				  drv->capa.flags,
12026				  drv->capa.max_scan_ssids,
12027				  drv->capa.max_sched_scan_ssids,
12028				  drv->capa.sched_scan_supported,
12029				  drv->capa.max_match_sets,
12030				  drv->capa.max_remain_on_chan,
12031				  drv->capa.max_stations,
12032				  drv->capa.probe_resp_offloads,
12033				  drv->capa.max_acl_mac_addrs,
12034				  drv->capa.num_multichan_concurrent);
12035		if (res < 0 || res >= end - pos)
12036			return pos - buf;
12037		pos += res;
12038	}
12039
12040	return pos - buf;
12041}
12042
12043
12044static int set_beacon_data(struct nl_msg *msg, struct beacon_data *settings)
12045{
12046	if (settings->head)
12047		NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD,
12048			settings->head_len, settings->head);
12049
12050	if (settings->tail)
12051		NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL,
12052			settings->tail_len, settings->tail);
12053
12054	if (settings->beacon_ies)
12055		NLA_PUT(msg, NL80211_ATTR_IE,
12056			settings->beacon_ies_len, settings->beacon_ies);
12057
12058	if (settings->proberesp_ies)
12059		NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP,
12060			settings->proberesp_ies_len, settings->proberesp_ies);
12061
12062	if (settings->assocresp_ies)
12063		NLA_PUT(msg,
12064			NL80211_ATTR_IE_ASSOC_RESP,
12065			settings->assocresp_ies_len, settings->assocresp_ies);
12066
12067	if (settings->probe_resp)
12068		NLA_PUT(msg, NL80211_ATTR_PROBE_RESP,
12069			settings->probe_resp_len, settings->probe_resp);
12070
12071	return 0;
12072
12073nla_put_failure:
12074	return -ENOBUFS;
12075}
12076
12077
12078static int nl80211_switch_channel(void *priv, struct csa_settings *settings)
12079{
12080	struct nl_msg *msg;
12081	struct i802_bss *bss = priv;
12082	struct wpa_driver_nl80211_data *drv = bss->drv;
12083	struct nlattr *beacon_csa;
12084	int ret = -ENOBUFS;
12085
12086	wpa_printf(MSG_DEBUG, "nl80211: Channel switch request (cs_count=%u block_tx=%u freq=%d width=%d cf1=%d cf2=%d)",
12087		   settings->cs_count, settings->block_tx,
12088		   settings->freq_params.freq, settings->freq_params.bandwidth,
12089		   settings->freq_params.center_freq1,
12090		   settings->freq_params.center_freq2);
12091
12092	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_AP_CSA)) {
12093		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support channel switch command");
12094		return -EOPNOTSUPP;
12095	}
12096
12097	if ((drv->nlmode != NL80211_IFTYPE_AP) &&
12098	    (drv->nlmode != NL80211_IFTYPE_P2P_GO))
12099		return -EOPNOTSUPP;
12100
12101	/* check settings validity */
12102	if (!settings->beacon_csa.tail ||
12103	    ((settings->beacon_csa.tail_len <=
12104	      settings->counter_offset_beacon) ||
12105	     (settings->beacon_csa.tail[settings->counter_offset_beacon] !=
12106	      settings->cs_count)))
12107		return -EINVAL;
12108
12109	if (settings->beacon_csa.probe_resp &&
12110	    ((settings->beacon_csa.probe_resp_len <=
12111	      settings->counter_offset_presp) ||
12112	     (settings->beacon_csa.probe_resp[settings->counter_offset_presp] !=
12113	      settings->cs_count)))
12114		return -EINVAL;
12115
12116	msg = nlmsg_alloc();
12117	if (!msg)
12118		return -ENOMEM;
12119
12120	nl80211_cmd(drv, msg, 0, NL80211_CMD_CHANNEL_SWITCH);
12121	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
12122	NLA_PUT_U32(msg, NL80211_ATTR_CH_SWITCH_COUNT, settings->cs_count);
12123	ret = nl80211_put_freq_params(msg, &settings->freq_params);
12124	if (ret)
12125		goto error;
12126
12127	if (settings->block_tx)
12128		NLA_PUT_FLAG(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX);
12129
12130	/* beacon_after params */
12131	ret = set_beacon_data(msg, &settings->beacon_after);
12132	if (ret)
12133		goto error;
12134
12135	/* beacon_csa params */
12136	beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES);
12137	if (!beacon_csa)
12138		goto nla_put_failure;
12139
12140	ret = set_beacon_data(msg, &settings->beacon_csa);
12141	if (ret)
12142		goto error;
12143
12144	NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_BEACON,
12145		    settings->counter_offset_beacon);
12146
12147	if (settings->beacon_csa.probe_resp)
12148		NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_PRESP,
12149			    settings->counter_offset_presp);
12150
12151	nla_nest_end(msg, beacon_csa);
12152	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
12153	if (ret) {
12154		wpa_printf(MSG_DEBUG, "nl80211: switch_channel failed err=%d (%s)",
12155			   ret, strerror(-ret));
12156	}
12157	return ret;
12158
12159nla_put_failure:
12160	ret = -ENOBUFS;
12161error:
12162	nlmsg_free(msg);
12163	wpa_printf(MSG_DEBUG, "nl80211: Could not build channel switch request");
12164	return ret;
12165}
12166
12167
12168#ifdef CONFIG_TESTING_OPTIONS
12169static int cmd_reply_handler(struct nl_msg *msg, void *arg)
12170{
12171	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
12172	struct wpabuf *buf = arg;
12173
12174	if (!buf)
12175		return NL_SKIP;
12176
12177	if ((size_t) genlmsg_attrlen(gnlh, 0) > wpabuf_tailroom(buf)) {
12178		wpa_printf(MSG_INFO, "nl80211: insufficient buffer space for reply");
12179		return NL_SKIP;
12180	}
12181
12182	wpabuf_put_data(buf, genlmsg_attrdata(gnlh, 0),
12183			genlmsg_attrlen(gnlh, 0));
12184
12185	return NL_SKIP;
12186}
12187#endif /* CONFIG_TESTING_OPTIONS */
12188
12189
12190static int vendor_reply_handler(struct nl_msg *msg, void *arg)
12191{
12192	struct nlattr *tb[NL80211_ATTR_MAX + 1];
12193	struct nlattr *nl_vendor_reply, *nl;
12194	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
12195	struct wpabuf *buf = arg;
12196	int rem;
12197
12198	if (!buf)
12199		return NL_SKIP;
12200
12201	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
12202		  genlmsg_attrlen(gnlh, 0), NULL);
12203	nl_vendor_reply = tb[NL80211_ATTR_VENDOR_DATA];
12204
12205	if (!nl_vendor_reply)
12206		return NL_SKIP;
12207
12208	if ((size_t) nla_len(nl_vendor_reply) > wpabuf_tailroom(buf)) {
12209		wpa_printf(MSG_INFO, "nl80211: Vendor command: insufficient buffer space for reply");
12210		return NL_SKIP;
12211	}
12212
12213	nla_for_each_nested(nl, nl_vendor_reply, rem) {
12214		wpabuf_put_data(buf, nla_data(nl), nla_len(nl));
12215	}
12216
12217	return NL_SKIP;
12218}
12219
12220
12221static int nl80211_vendor_cmd(void *priv, unsigned int vendor_id,
12222			      unsigned int subcmd, const u8 *data,
12223			      size_t data_len, struct wpabuf *buf)
12224{
12225	struct i802_bss *bss = priv;
12226	struct wpa_driver_nl80211_data *drv = bss->drv;
12227	struct nl_msg *msg;
12228	int ret;
12229
12230	msg = nlmsg_alloc();
12231	if (!msg)
12232		return -ENOMEM;
12233
12234#ifdef CONFIG_TESTING_OPTIONS
12235	if (vendor_id == 0xffffffff) {
12236		nl80211_cmd(drv, msg, 0, subcmd);
12237		if (nlmsg_append(msg, (void *) data, data_len, NLMSG_ALIGNTO) <
12238		    0)
12239			goto nla_put_failure;
12240		ret = send_and_recv_msgs(drv, msg, cmd_reply_handler, buf);
12241		if (ret)
12242			wpa_printf(MSG_DEBUG, "nl80211: command failed err=%d",
12243				   ret);
12244		return ret;
12245	}
12246#endif /* CONFIG_TESTING_OPTIONS */
12247
12248	nl80211_cmd(drv, msg, 0, NL80211_CMD_VENDOR);
12249	if (nl80211_set_iface_id(msg, bss) < 0)
12250		goto nla_put_failure;
12251	NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_ID, vendor_id);
12252	NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_SUBCMD, subcmd);
12253	if (data)
12254		NLA_PUT(msg, NL80211_ATTR_VENDOR_DATA, data_len, data);
12255
12256	ret = send_and_recv_msgs(drv, msg, vendor_reply_handler, buf);
12257	if (ret)
12258		wpa_printf(MSG_DEBUG, "nl80211: vendor command failed err=%d",
12259			   ret);
12260	return ret;
12261
12262nla_put_failure:
12263	nlmsg_free(msg);
12264	return -ENOBUFS;
12265}
12266
12267
12268static int nl80211_set_qos_map(void *priv, const u8 *qos_map_set,
12269			       u8 qos_map_set_len)
12270{
12271	struct i802_bss *bss = priv;
12272	struct wpa_driver_nl80211_data *drv = bss->drv;
12273	struct nl_msg *msg;
12274	int ret;
12275
12276	msg = nlmsg_alloc();
12277	if (!msg)
12278		return -ENOMEM;
12279
12280	wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map",
12281		    qos_map_set, qos_map_set_len);
12282
12283	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_QOS_MAP);
12284	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
12285	NLA_PUT(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set);
12286
12287	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
12288	if (ret)
12289		wpa_printf(MSG_DEBUG, "nl80211: Setting QoS Map failed");
12290
12291	return ret;
12292
12293nla_put_failure:
12294	nlmsg_free(msg);
12295	return -ENOBUFS;
12296}
12297
12298
12299static int nl80211_set_wowlan(void *priv,
12300			      const struct wowlan_triggers *triggers)
12301{
12302	struct i802_bss *bss = priv;
12303	struct wpa_driver_nl80211_data *drv = bss->drv;
12304	struct nl_msg *msg;
12305	struct nlattr *wowlan_triggers;
12306	int ret;
12307
12308	msg = nlmsg_alloc();
12309	if (!msg)
12310		return -ENOMEM;
12311
12312	wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan");
12313
12314	nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WOWLAN);
12315	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
12316
12317	wowlan_triggers = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
12318	if (!wowlan_triggers)
12319		goto nla_put_failure;
12320
12321	if (triggers->any)
12322		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
12323	if (triggers->disconnect)
12324		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
12325	if (triggers->magic_pkt)
12326		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
12327	if (triggers->gtk_rekey_failure)
12328		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE);
12329	if (triggers->eap_identity_req)
12330		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST);
12331	if (triggers->four_way_handshake)
12332		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE);
12333	if (triggers->rfkill_release)
12334		NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE);
12335
12336	nla_nest_end(msg, wowlan_triggers);
12337
12338	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
12339	if (ret)
12340		wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan failed");
12341
12342	return ret;
12343
12344nla_put_failure:
12345	nlmsg_free(msg);
12346	return -ENOBUFS;
12347}
12348
12349
12350const struct wpa_driver_ops wpa_driver_nl80211_ops = {
12351	.name = "nl80211",
12352	.desc = "Linux nl80211/cfg80211",
12353	.get_bssid = wpa_driver_nl80211_get_bssid,
12354	.get_ssid = wpa_driver_nl80211_get_ssid,
12355	.set_key = driver_nl80211_set_key,
12356	.scan2 = driver_nl80211_scan2,
12357	.sched_scan = wpa_driver_nl80211_sched_scan,
12358	.stop_sched_scan = wpa_driver_nl80211_stop_sched_scan,
12359	.get_scan_results2 = wpa_driver_nl80211_get_scan_results,
12360	.deauthenticate = driver_nl80211_deauthenticate,
12361	.authenticate = driver_nl80211_authenticate,
12362	.associate = wpa_driver_nl80211_associate,
12363	.global_init = nl80211_global_init,
12364	.global_deinit = nl80211_global_deinit,
12365	.init2 = wpa_driver_nl80211_init,
12366	.deinit = driver_nl80211_deinit,
12367	.get_capa = wpa_driver_nl80211_get_capa,
12368	.set_operstate = wpa_driver_nl80211_set_operstate,
12369	.set_supp_port = wpa_driver_nl80211_set_supp_port,
12370	.set_country = wpa_driver_nl80211_set_country,
12371	.get_country = wpa_driver_nl80211_get_country,
12372	.set_ap = wpa_driver_nl80211_set_ap,
12373	.set_acl = wpa_driver_nl80211_set_acl,
12374	.if_add = wpa_driver_nl80211_if_add,
12375	.if_remove = driver_nl80211_if_remove,
12376	.send_mlme = driver_nl80211_send_mlme,
12377	.get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
12378	.sta_add = wpa_driver_nl80211_sta_add,
12379	.sta_remove = driver_nl80211_sta_remove,
12380	.hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
12381	.sta_set_flags = wpa_driver_nl80211_sta_set_flags,
12382	.hapd_init = i802_init,
12383	.hapd_deinit = i802_deinit,
12384	.set_wds_sta = i802_set_wds_sta,
12385	.get_seqnum = i802_get_seqnum,
12386	.flush = i802_flush,
12387	.get_inact_sec = i802_get_inact_sec,
12388	.sta_clear_stats = i802_sta_clear_stats,
12389	.set_rts = i802_set_rts,
12390	.set_frag = i802_set_frag,
12391	.set_tx_queue_params = i802_set_tx_queue_params,
12392	.set_sta_vlan = driver_nl80211_set_sta_vlan,
12393	.sta_deauth = i802_sta_deauth,
12394	.sta_disassoc = i802_sta_disassoc,
12395	.read_sta_data = driver_nl80211_read_sta_data,
12396	.set_freq = i802_set_freq,
12397	.send_action = driver_nl80211_send_action,
12398	.send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait,
12399	.remain_on_channel = wpa_driver_nl80211_remain_on_channel,
12400	.cancel_remain_on_channel =
12401	wpa_driver_nl80211_cancel_remain_on_channel,
12402	.probe_req_report = driver_nl80211_probe_req_report,
12403	.deinit_ap = wpa_driver_nl80211_deinit_ap,
12404	.deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli,
12405	.resume = wpa_driver_nl80211_resume,
12406	.send_ft_action = nl80211_send_ft_action,
12407	.signal_monitor = nl80211_signal_monitor,
12408	.signal_poll = nl80211_signal_poll,
12409	.send_frame = nl80211_send_frame,
12410	.shared_freq = wpa_driver_nl80211_shared_freq,
12411	.set_param = nl80211_set_param,
12412	.get_radio_name = nl80211_get_radio_name,
12413	.add_pmkid = nl80211_add_pmkid,
12414	.remove_pmkid = nl80211_remove_pmkid,
12415	.flush_pmkid = nl80211_flush_pmkid,
12416	.set_rekey_info = nl80211_set_rekey_info,
12417	.poll_client = nl80211_poll_client,
12418	.set_p2p_powersave = nl80211_set_p2p_powersave,
12419	.start_dfs_cac = nl80211_start_radar_detection,
12420	.stop_ap = wpa_driver_nl80211_stop_ap,
12421#ifdef CONFIG_TDLS
12422	.send_tdls_mgmt = nl80211_send_tdls_mgmt,
12423	.tdls_oper = nl80211_tdls_oper,
12424#endif /* CONFIG_TDLS */
12425	.update_ft_ies = wpa_driver_nl80211_update_ft_ies,
12426	.get_mac_addr = wpa_driver_nl80211_get_macaddr,
12427	.get_survey = wpa_driver_nl80211_get_survey,
12428	.status = wpa_driver_nl80211_status,
12429	.switch_channel = nl80211_switch_channel,
12430#ifdef ANDROID_P2P
12431	.set_noa = wpa_driver_set_p2p_noa,
12432	.get_noa = wpa_driver_get_p2p_noa,
12433	.set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie,
12434#endif /* ANDROID_P2P */
12435#ifdef ANDROID
12436	.driver_cmd = wpa_driver_nl80211_driver_cmd,
12437#endif /* ANDROID */
12438	.vendor_cmd = nl80211_vendor_cmd,
12439	.set_qos_map = nl80211_set_qos_map,
12440	.set_wowlan = nl80211_set_wowlan,
12441};
12442