1/*
2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009-2010, Atheros Communications
8 *
9 * This software may be distributed under the terms of the BSD license.
10 * See README for more details.
11 */
12
13#include "includes.h"
14#include <sys/ioctl.h>
15#include <sys/types.h>
16#include <sys/stat.h>
17#include <fcntl.h>
18#include <net/if.h>
19#include <netlink/genl/genl.h>
20#include <netlink/genl/family.h>
21#include <netlink/genl/ctrl.h>
22#ifdef CONFIG_LIBNL3_ROUTE
23#include <netlink/route/neighbour.h>
24#endif /* CONFIG_LIBNL3_ROUTE */
25#include <linux/rtnetlink.h>
26#include <netpacket/packet.h>
27#include <linux/filter.h>
28#include <linux/errqueue.h>
29#include "nl80211_copy.h"
30
31#include "common.h"
32#include "eloop.h"
33#include "utils/list.h"
34#include "common/qca-vendor.h"
35#include "common/qca-vendor-attr.h"
36#include "common/ieee802_11_defs.h"
37#include "common/ieee802_11_common.h"
38#include "l2_packet/l2_packet.h"
39#include "netlink.h"
40#include "linux_ioctl.h"
41#include "radiotap.h"
42#include "radiotap_iter.h"
43#include "rfkill.h"
44#include "driver.h"
45
46#ifndef SO_WIFI_STATUS
47# if defined(__sparc__)
48#  define SO_WIFI_STATUS	0x0025
49# elif defined(__parisc__)
50#  define SO_WIFI_STATUS	0x4022
51# else
52#  define SO_WIFI_STATUS	41
53# endif
54
55# define SCM_WIFI_STATUS	SO_WIFI_STATUS
56#endif
57
58#ifndef SO_EE_ORIGIN_TXSTATUS
59#define SO_EE_ORIGIN_TXSTATUS	4
60#endif
61
62#ifndef PACKET_TX_TIMESTAMP
63#define PACKET_TX_TIMESTAMP	16
64#endif
65
66#ifdef ANDROID
67#include "android_drv.h"
68#endif /* ANDROID */
69#ifdef CONFIG_LIBNL20
70/* libnl 2.0 compatibility code */
71#define nl_handle nl_sock
72#define nl80211_handle_alloc nl_socket_alloc_cb
73#define nl80211_handle_destroy nl_socket_free
74#else
75/*
76 * libnl 1.1 has a bug, it tries to allocate socket numbers densely
77 * but when you free a socket again it will mess up its bitmap and
78 * and use the wrong number the next time it needs a socket ID.
79 * Therefore, we wrap the handle alloc/destroy and add our own pid
80 * accounting.
81 */
82static uint32_t port_bitmap[32] = { 0 };
83
84static struct nl_handle *nl80211_handle_alloc(void *cb)
85{
86	struct nl_handle *handle;
87	uint32_t pid = getpid() & 0x3FFFFF;
88	int i;
89
90	handle = nl_handle_alloc_cb(cb);
91
92	for (i = 0; i < 1024; i++) {
93		if (port_bitmap[i / 32] & (1 << (i % 32)))
94			continue;
95		port_bitmap[i / 32] |= 1 << (i % 32);
96		pid += i << 22;
97		break;
98	}
99
100	nl_socket_set_local_port(handle, pid);
101
102	return handle;
103}
104
105static void nl80211_handle_destroy(struct nl_handle *handle)
106{
107	uint32_t port = nl_socket_get_local_port(handle);
108
109	port >>= 22;
110	port_bitmap[port / 32] &= ~(1 << (port % 32));
111
112	nl_handle_destroy(handle);
113}
114#endif /* CONFIG_LIBNL20 */
115
116
117#ifdef ANDROID
118/* system/core/libnl_2 does not include nl_socket_set_nonblocking() */
119static int android_nl_socket_set_nonblocking(struct nl_handle *handle)
120{
121	return fcntl(nl_socket_get_fd(handle), F_SETFL, O_NONBLOCK);
122}
123#undef nl_socket_set_nonblocking
124#define nl_socket_set_nonblocking(h) android_nl_socket_set_nonblocking(h)
125#endif /* ANDROID */
126
127
128static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg)
129{
130	struct nl_handle *handle;
131
132	handle = nl80211_handle_alloc(cb);
133	if (handle == NULL) {
134		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
135			   "callbacks (%s)", dbg);
136		return NULL;
137	}
138
139	if (genl_connect(handle)) {
140		wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
141			   "netlink (%s)", dbg);
142		nl80211_handle_destroy(handle);
143		return NULL;
144	}
145
146	return handle;
147}
148
149
150static void nl_destroy_handles(struct nl_handle **handle)
151{
152	if (*handle == NULL)
153		return;
154	nl80211_handle_destroy(*handle);
155	*handle = NULL;
156}
157
158
159#if __WORDSIZE == 64
160#define ELOOP_SOCKET_INVALID	(intptr_t) 0x8888888888888889ULL
161#else
162#define ELOOP_SOCKET_INVALID	(intptr_t) 0x88888889ULL
163#endif
164
165static void nl80211_register_eloop_read(struct nl_handle **handle,
166					eloop_sock_handler handler,
167					void *eloop_data)
168{
169	nl_socket_set_nonblocking(*handle);
170	eloop_register_read_sock(nl_socket_get_fd(*handle), handler,
171				 eloop_data, *handle);
172	*handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID);
173}
174
175
176static void nl80211_destroy_eloop_handle(struct nl_handle **handle)
177{
178	*handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID);
179	eloop_unregister_read_sock(nl_socket_get_fd(*handle));
180	nl_destroy_handles(handle);
181}
182
183
184#ifndef IFF_LOWER_UP
185#define IFF_LOWER_UP   0x10000         /* driver signals L1 up         */
186#endif
187#ifndef IFF_DORMANT
188#define IFF_DORMANT    0x20000         /* driver signals dormant       */
189#endif
190
191#ifndef IF_OPER_DORMANT
192#define IF_OPER_DORMANT 5
193#endif
194#ifndef IF_OPER_UP
195#define IF_OPER_UP 6
196#endif
197
198struct nl80211_global {
199	struct dl_list interfaces;
200	int if_add_ifindex;
201	u64 if_add_wdevid;
202	int if_add_wdevid_set;
203	struct netlink_data *netlink;
204	struct nl_cb *nl_cb;
205	struct nl_handle *nl;
206	int nl80211_id;
207	int ioctl_sock; /* socket for ioctl() use */
208
209	struct nl_handle *nl_event;
210};
211
212struct nl80211_wiphy_data {
213	struct dl_list list;
214	struct dl_list bsss;
215	struct dl_list drvs;
216
217	struct nl_handle *nl_beacons;
218	struct nl_cb *nl_cb;
219
220	int wiphy_idx;
221};
222
223static void nl80211_global_deinit(void *priv);
224
225struct i802_bss {
226	struct wpa_driver_nl80211_data *drv;
227	struct i802_bss *next;
228	int ifindex;
229	u64 wdev_id;
230	char ifname[IFNAMSIZ + 1];
231	char brname[IFNAMSIZ];
232	unsigned int beacon_set:1;
233	unsigned int added_if_into_bridge:1;
234	unsigned int added_bridge:1;
235	unsigned int in_deinit:1;
236	unsigned int wdev_id_set:1;
237	unsigned int added_if:1;
238	unsigned int static_ap:1;
239
240	u8 addr[ETH_ALEN];
241
242	int freq;
243	int bandwidth;
244	int if_dynamic;
245
246	void *ctx;
247	struct nl_handle *nl_preq, *nl_mgmt;
248	struct nl_cb *nl_cb;
249
250	struct nl80211_wiphy_data *wiphy_data;
251	struct dl_list wiphy_list;
252};
253
254struct wpa_driver_nl80211_data {
255	struct nl80211_global *global;
256	struct dl_list list;
257	struct dl_list wiphy_list;
258	char phyname[32];
259	u8 perm_addr[ETH_ALEN];
260	void *ctx;
261	int ifindex;
262	int if_removed;
263	int if_disabled;
264	int ignore_if_down_event;
265	struct rfkill_data *rfkill;
266	struct wpa_driver_capa capa;
267	u8 *extended_capa, *extended_capa_mask;
268	unsigned int extended_capa_len;
269	int has_capability;
270
271	int operstate;
272
273	int scan_complete_events;
274	enum scan_states {
275		NO_SCAN, SCAN_REQUESTED, SCAN_STARTED, SCAN_COMPLETED,
276		SCAN_ABORTED, SCHED_SCAN_STARTED, SCHED_SCAN_STOPPED,
277		SCHED_SCAN_RESULTS
278	} scan_state;
279
280	struct nl_cb *nl_cb;
281
282	u8 auth_bssid[ETH_ALEN];
283	u8 auth_attempt_bssid[ETH_ALEN];
284	u8 bssid[ETH_ALEN];
285	u8 prev_bssid[ETH_ALEN];
286	int associated;
287	u8 ssid[32];
288	size_t ssid_len;
289	enum nl80211_iftype nlmode;
290	enum nl80211_iftype ap_scan_as_station;
291	unsigned int assoc_freq;
292
293	int monitor_sock;
294	int monitor_ifidx;
295	int monitor_refcount;
296
297	unsigned int disabled_11b_rates:1;
298	unsigned int pending_remain_on_chan:1;
299	unsigned int in_interface_list:1;
300	unsigned int device_ap_sme:1;
301	unsigned int poll_command_supported:1;
302	unsigned int data_tx_status:1;
303	unsigned int scan_for_auth:1;
304	unsigned int retry_auth:1;
305	unsigned int use_monitor:1;
306	unsigned int ignore_next_local_disconnect:1;
307	unsigned int ignore_next_local_deauth:1;
308	unsigned int allow_p2p_device:1;
309	unsigned int hostapd:1;
310	unsigned int start_mode_ap:1;
311	unsigned int start_iface_up:1;
312	unsigned int test_use_roc_tx:1;
313	unsigned int ignore_deauth_event:1;
314	unsigned int roaming_vendor_cmd_avail:1;
315	unsigned int dfs_vendor_cmd_avail:1;
316	unsigned int have_low_prio_scan:1;
317	unsigned int force_connect_cmd:1;
318	unsigned int addr_changed:1;
319
320	u64 remain_on_chan_cookie;
321	u64 send_action_cookie;
322
323	unsigned int last_mgmt_freq;
324
325	struct wpa_driver_scan_filter *filter_ssids;
326	size_t num_filter_ssids;
327
328	struct i802_bss *first_bss;
329
330	int eapol_tx_sock;
331
332	int eapol_sock; /* socket for EAPOL frames */
333
334	struct nl_handle *rtnl_sk; /* nl_sock for NETLINK_ROUTE */
335
336	int default_if_indices[16];
337	int *if_indices;
338	int num_if_indices;
339
340	/* From failed authentication command */
341	int auth_freq;
342	u8 auth_bssid_[ETH_ALEN];
343	u8 auth_ssid[32];
344	size_t auth_ssid_len;
345	int auth_alg;
346	u8 *auth_ie;
347	size_t auth_ie_len;
348	u8 auth_wep_key[4][16];
349	size_t auth_wep_key_len[4];
350	int auth_wep_tx_keyidx;
351	int auth_local_state_change;
352	int auth_p2p;
353};
354
355
356static void wpa_driver_nl80211_deinit(struct i802_bss *bss);
357static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
358					    void *timeout_ctx);
359static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
360				       enum nl80211_iftype nlmode);
361static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss,
362					    struct hostapd_freq_params *freq);
363
364static int
365wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
366				   const u8 *set_addr, int first);
367static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
368				   const u8 *addr, int cmd, u16 reason_code,
369				   int local_state_change);
370static void nl80211_remove_monitor_interface(
371	struct wpa_driver_nl80211_data *drv);
372static int nl80211_send_frame_cmd(struct i802_bss *bss,
373				  unsigned int freq, unsigned int wait,
374				  const u8 *buf, size_t buf_len, u64 *cookie,
375				  int no_cck, int no_ack, int offchanok);
376static int nl80211_register_frame(struct i802_bss *bss,
377				  struct nl_handle *hl_handle,
378				  u16 type, const u8 *match, size_t match_len);
379static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss,
380					       int report);
381#ifdef ANDROID
382static int android_pno_start(struct i802_bss *bss,
383			     struct wpa_driver_scan_params *params);
384static int android_pno_stop(struct i802_bss *bss);
385extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf,
386					 size_t buf_len);
387#endif /* ANDROID */
388#ifdef ANDROID_P2P
389#ifdef ANDROID_P2P_STUB
390int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration) {
391	return 0;
392}
393int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len) {
394	return 0;
395}
396int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow) {
397	return -1;
398}
399int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon,
400				 const struct wpabuf *proberesp,
401				 const struct wpabuf *assocresp) {
402	return 0;
403}
404#else /* ANDROID_P2P_STUB */
405int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration);
406int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len);
407int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow);
408int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon,
409				 const struct wpabuf *proberesp,
410				 const struct wpabuf *assocresp);
411#endif /* ANDROID_P2P_STUB */
412#endif /* ANDROID_P2P */
413
414static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
415static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
416static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
417static int wpa_driver_nl80211_if_remove(struct i802_bss *bss,
418					enum wpa_driver_if_type type,
419					const char *ifname);
420
421static int nl80211_set_channel(struct i802_bss *bss,
422			       struct hostapd_freq_params *freq, int set_chan);
423static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
424				     int ifindex, int disabled);
425
426static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv);
427static int wpa_driver_nl80211_authenticate_retry(
428	struct wpa_driver_nl80211_data *drv);
429
430static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
431static int i802_set_iface_flags(struct i802_bss *bss, int up);
432
433
434static const char * nl80211_command_to_string(enum nl80211_commands cmd)
435{
436#define C2S(x) case x: return #x;
437	switch (cmd) {
438	C2S(NL80211_CMD_UNSPEC)
439	C2S(NL80211_CMD_GET_WIPHY)
440	C2S(NL80211_CMD_SET_WIPHY)
441	C2S(NL80211_CMD_NEW_WIPHY)
442	C2S(NL80211_CMD_DEL_WIPHY)
443	C2S(NL80211_CMD_GET_INTERFACE)
444	C2S(NL80211_CMD_SET_INTERFACE)
445	C2S(NL80211_CMD_NEW_INTERFACE)
446	C2S(NL80211_CMD_DEL_INTERFACE)
447	C2S(NL80211_CMD_GET_KEY)
448	C2S(NL80211_CMD_SET_KEY)
449	C2S(NL80211_CMD_NEW_KEY)
450	C2S(NL80211_CMD_DEL_KEY)
451	C2S(NL80211_CMD_GET_BEACON)
452	C2S(NL80211_CMD_SET_BEACON)
453	C2S(NL80211_CMD_START_AP)
454	C2S(NL80211_CMD_STOP_AP)
455	C2S(NL80211_CMD_GET_STATION)
456	C2S(NL80211_CMD_SET_STATION)
457	C2S(NL80211_CMD_NEW_STATION)
458	C2S(NL80211_CMD_DEL_STATION)
459	C2S(NL80211_CMD_GET_MPATH)
460	C2S(NL80211_CMD_SET_MPATH)
461	C2S(NL80211_CMD_NEW_MPATH)
462	C2S(NL80211_CMD_DEL_MPATH)
463	C2S(NL80211_CMD_SET_BSS)
464	C2S(NL80211_CMD_SET_REG)
465	C2S(NL80211_CMD_REQ_SET_REG)
466	C2S(NL80211_CMD_GET_MESH_CONFIG)
467	C2S(NL80211_CMD_SET_MESH_CONFIG)
468	C2S(NL80211_CMD_SET_MGMT_EXTRA_IE)
469	C2S(NL80211_CMD_GET_REG)
470	C2S(NL80211_CMD_GET_SCAN)
471	C2S(NL80211_CMD_TRIGGER_SCAN)
472	C2S(NL80211_CMD_NEW_SCAN_RESULTS)
473	C2S(NL80211_CMD_SCAN_ABORTED)
474	C2S(NL80211_CMD_REG_CHANGE)
475	C2S(NL80211_CMD_AUTHENTICATE)
476	C2S(NL80211_CMD_ASSOCIATE)
477	C2S(NL80211_CMD_DEAUTHENTICATE)
478	C2S(NL80211_CMD_DISASSOCIATE)
479	C2S(NL80211_CMD_MICHAEL_MIC_FAILURE)
480	C2S(NL80211_CMD_REG_BEACON_HINT)
481	C2S(NL80211_CMD_JOIN_IBSS)
482	C2S(NL80211_CMD_LEAVE_IBSS)
483	C2S(NL80211_CMD_TESTMODE)
484	C2S(NL80211_CMD_CONNECT)
485	C2S(NL80211_CMD_ROAM)
486	C2S(NL80211_CMD_DISCONNECT)
487	C2S(NL80211_CMD_SET_WIPHY_NETNS)
488	C2S(NL80211_CMD_GET_SURVEY)
489	C2S(NL80211_CMD_NEW_SURVEY_RESULTS)
490	C2S(NL80211_CMD_SET_PMKSA)
491	C2S(NL80211_CMD_DEL_PMKSA)
492	C2S(NL80211_CMD_FLUSH_PMKSA)
493	C2S(NL80211_CMD_REMAIN_ON_CHANNEL)
494	C2S(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL)
495	C2S(NL80211_CMD_SET_TX_BITRATE_MASK)
496	C2S(NL80211_CMD_REGISTER_FRAME)
497	C2S(NL80211_CMD_FRAME)
498	C2S(NL80211_CMD_FRAME_TX_STATUS)
499	C2S(NL80211_CMD_SET_POWER_SAVE)
500	C2S(NL80211_CMD_GET_POWER_SAVE)
501	C2S(NL80211_CMD_SET_CQM)
502	C2S(NL80211_CMD_NOTIFY_CQM)
503	C2S(NL80211_CMD_SET_CHANNEL)
504	C2S(NL80211_CMD_SET_WDS_PEER)
505	C2S(NL80211_CMD_FRAME_WAIT_CANCEL)
506	C2S(NL80211_CMD_JOIN_MESH)
507	C2S(NL80211_CMD_LEAVE_MESH)
508	C2S(NL80211_CMD_UNPROT_DEAUTHENTICATE)
509	C2S(NL80211_CMD_UNPROT_DISASSOCIATE)
510	C2S(NL80211_CMD_NEW_PEER_CANDIDATE)
511	C2S(NL80211_CMD_GET_WOWLAN)
512	C2S(NL80211_CMD_SET_WOWLAN)
513	C2S(NL80211_CMD_START_SCHED_SCAN)
514	C2S(NL80211_CMD_STOP_SCHED_SCAN)
515	C2S(NL80211_CMD_SCHED_SCAN_RESULTS)
516	C2S(NL80211_CMD_SCHED_SCAN_STOPPED)
517	C2S(NL80211_CMD_SET_REKEY_OFFLOAD)
518	C2S(NL80211_CMD_PMKSA_CANDIDATE)
519	C2S(NL80211_CMD_TDLS_OPER)
520	C2S(NL80211_CMD_TDLS_MGMT)
521	C2S(NL80211_CMD_UNEXPECTED_FRAME)
522	C2S(NL80211_CMD_PROBE_CLIENT)
523	C2S(NL80211_CMD_REGISTER_BEACONS)
524	C2S(NL80211_CMD_UNEXPECTED_4ADDR_FRAME)
525	C2S(NL80211_CMD_SET_NOACK_MAP)
526	C2S(NL80211_CMD_CH_SWITCH_NOTIFY)
527	C2S(NL80211_CMD_START_P2P_DEVICE)
528	C2S(NL80211_CMD_STOP_P2P_DEVICE)
529	C2S(NL80211_CMD_CONN_FAILED)
530	C2S(NL80211_CMD_SET_MCAST_RATE)
531	C2S(NL80211_CMD_SET_MAC_ACL)
532	C2S(NL80211_CMD_RADAR_DETECT)
533	C2S(NL80211_CMD_GET_PROTOCOL_FEATURES)
534	C2S(NL80211_CMD_UPDATE_FT_IES)
535	C2S(NL80211_CMD_FT_EVENT)
536	C2S(NL80211_CMD_CRIT_PROTOCOL_START)
537	C2S(NL80211_CMD_CRIT_PROTOCOL_STOP)
538	C2S(NL80211_CMD_GET_COALESCE)
539	C2S(NL80211_CMD_SET_COALESCE)
540	C2S(NL80211_CMD_CHANNEL_SWITCH)
541	C2S(NL80211_CMD_VENDOR)
542	C2S(NL80211_CMD_SET_QOS_MAP)
543	default:
544		return "NL80211_CMD_UNKNOWN";
545	}
546#undef C2S
547}
548
549
550/* Converts nl80211_chan_width to a common format */
551static enum chan_width convert2width(int width)
552{
553	switch (width) {
554	case NL80211_CHAN_WIDTH_20_NOHT:
555		return CHAN_WIDTH_20_NOHT;
556	case NL80211_CHAN_WIDTH_20:
557		return CHAN_WIDTH_20;
558	case NL80211_CHAN_WIDTH_40:
559		return CHAN_WIDTH_40;
560	case NL80211_CHAN_WIDTH_80:
561		return CHAN_WIDTH_80;
562	case NL80211_CHAN_WIDTH_80P80:
563		return CHAN_WIDTH_80P80;
564	case NL80211_CHAN_WIDTH_160:
565		return CHAN_WIDTH_160;
566	}
567	return CHAN_WIDTH_UNKNOWN;
568}
569
570
571static int is_ap_interface(enum nl80211_iftype nlmode)
572{
573	return nlmode == NL80211_IFTYPE_AP ||
574		nlmode == NL80211_IFTYPE_P2P_GO;
575}
576
577
578static int is_sta_interface(enum nl80211_iftype nlmode)
579{
580	return nlmode == NL80211_IFTYPE_STATION ||
581		nlmode == NL80211_IFTYPE_P2P_CLIENT;
582}
583
584
585static int is_p2p_net_interface(enum nl80211_iftype nlmode)
586{
587	return nlmode == NL80211_IFTYPE_P2P_CLIENT ||
588		nlmode == NL80211_IFTYPE_P2P_GO;
589}
590
591
592static struct i802_bss * get_bss_ifindex(struct wpa_driver_nl80211_data *drv,
593					 int ifindex)
594{
595	struct i802_bss *bss;
596
597	for (bss = drv->first_bss; bss; bss = bss->next) {
598		if (bss->ifindex == ifindex)
599			return bss;
600	}
601
602	return NULL;
603}
604
605
606static void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv)
607{
608	if (drv->associated)
609		os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN);
610	drv->associated = 0;
611	os_memset(drv->bssid, 0, ETH_ALEN);
612}
613
614
615struct nl80211_bss_info_arg {
616	struct wpa_driver_nl80211_data *drv;
617	struct wpa_scan_results *res;
618	unsigned int assoc_freq;
619	unsigned int ibss_freq;
620	u8 assoc_bssid[ETH_ALEN];
621};
622
623static int bss_info_handler(struct nl_msg *msg, void *arg);
624
625
626/* nl80211 code */
627static int ack_handler(struct nl_msg *msg, void *arg)
628{
629	int *err = arg;
630	*err = 0;
631	return NL_STOP;
632}
633
634static int finish_handler(struct nl_msg *msg, void *arg)
635{
636	int *ret = arg;
637	*ret = 0;
638	return NL_SKIP;
639}
640
641static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
642			 void *arg)
643{
644	int *ret = arg;
645	*ret = err->error;
646	return NL_SKIP;
647}
648
649
650static int no_seq_check(struct nl_msg *msg, void *arg)
651{
652	return NL_OK;
653}
654
655
656static int send_and_recv(struct nl80211_global *global,
657			 struct nl_handle *nl_handle, struct nl_msg *msg,
658			 int (*valid_handler)(struct nl_msg *, void *),
659			 void *valid_data)
660{
661	struct nl_cb *cb;
662	int err = -ENOMEM;
663
664	cb = nl_cb_clone(global->nl_cb);
665	if (!cb)
666		goto out;
667
668	err = nl_send_auto_complete(nl_handle, msg);
669	if (err < 0)
670		goto out;
671
672	err = 1;
673
674	nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
675	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
676	nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
677
678	if (valid_handler)
679		nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
680			  valid_handler, valid_data);
681
682	while (err > 0) {
683		int res = nl_recvmsgs(nl_handle, cb);
684		if (res < 0) {
685			wpa_printf(MSG_INFO,
686				   "nl80211: %s->nl_recvmsgs failed: %d",
687				   __func__, res);
688		}
689	}
690 out:
691	nl_cb_put(cb);
692	nlmsg_free(msg);
693	return err;
694}
695
696
697static int send_and_recv_msgs_global(struct nl80211_global *global,
698				     struct nl_msg *msg,
699				     int (*valid_handler)(struct nl_msg *, void *),
700				     void *valid_data)
701{
702	return send_and_recv(global, global->nl, msg, valid_handler,
703			     valid_data);
704}
705
706
707static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
708			      struct nl_msg *msg,
709			      int (*valid_handler)(struct nl_msg *, void *),
710			      void *valid_data)
711{
712	return send_and_recv(drv->global, drv->global->nl, msg,
713			     valid_handler, valid_data);
714}
715
716
717struct family_data {
718	const char *group;
719	int id;
720};
721
722
723static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss)
724{
725	if (bss->wdev_id_set)
726		NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
727	else
728		NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
729	return 0;
730
731nla_put_failure:
732	return -1;
733}
734
735
736static int family_handler(struct nl_msg *msg, void *arg)
737{
738	struct family_data *res = arg;
739	struct nlattr *tb[CTRL_ATTR_MAX + 1];
740	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
741	struct nlattr *mcgrp;
742	int i;
743
744	nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
745		  genlmsg_attrlen(gnlh, 0), NULL);
746	if (!tb[CTRL_ATTR_MCAST_GROUPS])
747		return NL_SKIP;
748
749	nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
750		struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
751		nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
752			  nla_len(mcgrp), NULL);
753		if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
754		    !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
755		    os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
756			       res->group,
757			       nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
758			continue;
759		res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
760		break;
761	};
762
763	return NL_SKIP;
764}
765
766
767static int nl_get_multicast_id(struct nl80211_global *global,
768			       const char *family, const char *group)
769{
770	struct nl_msg *msg;
771	int ret = -1;
772	struct family_data res = { group, -ENOENT };
773
774	msg = nlmsg_alloc();
775	if (!msg)
776		return -ENOMEM;
777	genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"),
778		    0, 0, CTRL_CMD_GETFAMILY, 0);
779	NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
780
781	ret = send_and_recv_msgs_global(global, msg, family_handler, &res);
782	msg = NULL;
783	if (ret == 0)
784		ret = res.id;
785
786nla_put_failure:
787	nlmsg_free(msg);
788	return ret;
789}
790
791
792static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv,
793			  struct nl_msg *msg, int flags, uint8_t cmd)
794{
795	return genlmsg_put(msg, 0, 0, drv->global->nl80211_id,
796			   0, flags, cmd, 0);
797}
798
799
800struct wiphy_idx_data {
801	int wiphy_idx;
802	enum nl80211_iftype nlmode;
803	u8 *macaddr;
804};
805
806
807static int netdev_info_handler(struct nl_msg *msg, void *arg)
808{
809	struct nlattr *tb[NL80211_ATTR_MAX + 1];
810	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
811	struct wiphy_idx_data *info = arg;
812
813	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
814		  genlmsg_attrlen(gnlh, 0), NULL);
815
816	if (tb[NL80211_ATTR_WIPHY])
817		info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
818
819	if (tb[NL80211_ATTR_IFTYPE])
820		info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]);
821
822	if (tb[NL80211_ATTR_MAC] && info->macaddr)
823		os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
824			  ETH_ALEN);
825
826	return NL_SKIP;
827}
828
829
830static int nl80211_get_wiphy_index(struct i802_bss *bss)
831{
832	struct nl_msg *msg;
833	struct wiphy_idx_data data = {
834		.wiphy_idx = -1,
835		.macaddr = NULL,
836	};
837
838	msg = nlmsg_alloc();
839	if (!msg)
840		return NL80211_IFTYPE_UNSPECIFIED;
841
842	nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
843
844	if (nl80211_set_iface_id(msg, bss) < 0)
845		goto nla_put_failure;
846
847	if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0)
848		return data.wiphy_idx;
849	msg = NULL;
850nla_put_failure:
851	nlmsg_free(msg);
852	return -1;
853}
854
855
856static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss)
857{
858	struct nl_msg *msg;
859	struct wiphy_idx_data data = {
860		.nlmode = NL80211_IFTYPE_UNSPECIFIED,
861		.macaddr = NULL,
862	};
863
864	msg = nlmsg_alloc();
865	if (!msg)
866		return -1;
867
868	nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
869
870	if (nl80211_set_iface_id(msg, bss) < 0)
871		goto nla_put_failure;
872
873	if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0)
874		return data.nlmode;
875	msg = NULL;
876nla_put_failure:
877	nlmsg_free(msg);
878	return NL80211_IFTYPE_UNSPECIFIED;
879}
880
881
882static int nl80211_get_macaddr(struct i802_bss *bss)
883{
884	struct nl_msg *msg;
885	struct wiphy_idx_data data = {
886		.macaddr = bss->addr,
887	};
888
889	msg = nlmsg_alloc();
890	if (!msg)
891		return NL80211_IFTYPE_UNSPECIFIED;
892
893	nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
894	if (nl80211_set_iface_id(msg, bss) < 0)
895		goto nla_put_failure;
896
897	return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data);
898
899nla_put_failure:
900	nlmsg_free(msg);
901	return NL80211_IFTYPE_UNSPECIFIED;
902}
903
904
905static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv,
906				    struct nl80211_wiphy_data *w)
907{
908	struct nl_msg *msg;
909	int ret = -1;
910
911	msg = nlmsg_alloc();
912	if (!msg)
913		return -1;
914
915	nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS);
916
917	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx);
918
919	ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL);
920	msg = NULL;
921	if (ret) {
922		wpa_printf(MSG_DEBUG, "nl80211: Register beacons command "
923			   "failed: ret=%d (%s)",
924			   ret, strerror(-ret));
925		goto nla_put_failure;
926	}
927	ret = 0;
928nla_put_failure:
929	nlmsg_free(msg);
930	return ret;
931}
932
933
934static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle)
935{
936	struct nl80211_wiphy_data *w = eloop_ctx;
937	int res;
938
939	wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available");
940
941	res = nl_recvmsgs(handle, w->nl_cb);
942	if (res < 0) {
943		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
944			   __func__, res);
945	}
946}
947
948
949static int process_beacon_event(struct nl_msg *msg, void *arg)
950{
951	struct nl80211_wiphy_data *w = arg;
952	struct wpa_driver_nl80211_data *drv;
953	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
954	struct nlattr *tb[NL80211_ATTR_MAX + 1];
955	union wpa_event_data event;
956
957	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
958		  genlmsg_attrlen(gnlh, 0), NULL);
959
960	if (gnlh->cmd != NL80211_CMD_FRAME) {
961		wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)",
962			   gnlh->cmd);
963		return NL_SKIP;
964	}
965
966	if (!tb[NL80211_ATTR_FRAME])
967		return NL_SKIP;
968
969	dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data,
970			 wiphy_list) {
971		os_memset(&event, 0, sizeof(event));
972		event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]);
973		event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]);
974		wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
975	}
976
977	return NL_SKIP;
978}
979
980
981static struct nl80211_wiphy_data *
982nl80211_get_wiphy_data_ap(struct i802_bss *bss)
983{
984	static DEFINE_DL_LIST(nl80211_wiphys);
985	struct nl80211_wiphy_data *w;
986	int wiphy_idx, found = 0;
987	struct i802_bss *tmp_bss;
988
989	if (bss->wiphy_data != NULL)
990		return bss->wiphy_data;
991
992	wiphy_idx = nl80211_get_wiphy_index(bss);
993
994	dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) {
995		if (w->wiphy_idx == wiphy_idx)
996			goto add;
997	}
998
999	/* alloc new one */
1000	w = os_zalloc(sizeof(*w));
1001	if (w == NULL)
1002		return NULL;
1003	w->wiphy_idx = wiphy_idx;
1004	dl_list_init(&w->bsss);
1005	dl_list_init(&w->drvs);
1006
1007	w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1008	if (!w->nl_cb) {
1009		os_free(w);
1010		return NULL;
1011	}
1012	nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
1013	nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event,
1014		  w);
1015
1016	w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb,
1017					 "wiphy beacons");
1018	if (w->nl_beacons == NULL) {
1019		os_free(w);
1020		return NULL;
1021	}
1022
1023	if (nl80211_register_beacons(bss->drv, w)) {
1024		nl_destroy_handles(&w->nl_beacons);
1025		os_free(w);
1026		return NULL;
1027	}
1028
1029	nl80211_register_eloop_read(&w->nl_beacons, nl80211_recv_beacons, w);
1030
1031	dl_list_add(&nl80211_wiphys, &w->list);
1032
1033add:
1034	/* drv entry for this bss already there? */
1035	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
1036		if (tmp_bss->drv == bss->drv) {
1037			found = 1;
1038			break;
1039		}
1040	}
1041	/* if not add it */
1042	if (!found)
1043		dl_list_add(&w->drvs, &bss->drv->wiphy_list);
1044
1045	dl_list_add(&w->bsss, &bss->wiphy_list);
1046	bss->wiphy_data = w;
1047	return w;
1048}
1049
1050
1051static void nl80211_put_wiphy_data_ap(struct i802_bss *bss)
1052{
1053	struct nl80211_wiphy_data *w = bss->wiphy_data;
1054	struct i802_bss *tmp_bss;
1055	int found = 0;
1056
1057	if (w == NULL)
1058		return;
1059	bss->wiphy_data = NULL;
1060	dl_list_del(&bss->wiphy_list);
1061
1062	/* still any for this drv present? */
1063	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
1064		if (tmp_bss->drv == bss->drv) {
1065			found = 1;
1066			break;
1067		}
1068	}
1069	/* if not remove it */
1070	if (!found)
1071		dl_list_del(&bss->drv->wiphy_list);
1072
1073	if (!dl_list_empty(&w->bsss))
1074		return;
1075
1076	nl80211_destroy_eloop_handle(&w->nl_beacons);
1077
1078	nl_cb_put(w->nl_cb);
1079	dl_list_del(&w->list);
1080	os_free(w);
1081}
1082
1083
1084static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
1085{
1086	struct i802_bss *bss = priv;
1087	struct wpa_driver_nl80211_data *drv = bss->drv;
1088	if (!drv->associated)
1089		return -1;
1090	os_memcpy(bssid, drv->bssid, ETH_ALEN);
1091	return 0;
1092}
1093
1094
1095static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
1096{
1097	struct i802_bss *bss = priv;
1098	struct wpa_driver_nl80211_data *drv = bss->drv;
1099	if (!drv->associated)
1100		return -1;
1101	os_memcpy(ssid, drv->ssid, drv->ssid_len);
1102	return drv->ssid_len;
1103}
1104
1105
1106static void wpa_driver_nl80211_event_newlink(
1107	struct wpa_driver_nl80211_data *drv, char *ifname)
1108{
1109	union wpa_event_data event;
1110
1111	if (os_strcmp(drv->first_bss->ifname, ifname) == 0) {
1112		if (if_nametoindex(drv->first_bss->ifname) == 0) {
1113			wpa_printf(MSG_DEBUG, "nl80211: Interface %s does not exist - ignore RTM_NEWLINK",
1114				   drv->first_bss->ifname);
1115			return;
1116		}
1117		if (!drv->if_removed)
1118			return;
1119		wpa_printf(MSG_DEBUG, "nl80211: Mark if_removed=0 for %s based on RTM_NEWLINK event",
1120			   drv->first_bss->ifname);
1121		drv->if_removed = 0;
1122	}
1123
1124	os_memset(&event, 0, sizeof(event));
1125	os_strlcpy(event.interface_status.ifname, ifname,
1126		   sizeof(event.interface_status.ifname));
1127	event.interface_status.ievent = EVENT_INTERFACE_ADDED;
1128	wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
1129}
1130
1131
1132static void wpa_driver_nl80211_event_dellink(
1133	struct wpa_driver_nl80211_data *drv, char *ifname)
1134{
1135	union wpa_event_data event;
1136
1137	if (os_strcmp(drv->first_bss->ifname, ifname) == 0) {
1138		if (drv->if_removed) {
1139			wpa_printf(MSG_DEBUG, "nl80211: if_removed already set - ignore RTM_DELLINK event for %s",
1140				   ifname);
1141			return;
1142		}
1143		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed - mark if_removed=1",
1144			   ifname);
1145		drv->if_removed = 1;
1146	} else {
1147		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed",
1148			   ifname);
1149	}
1150
1151	os_memset(&event, 0, sizeof(event));
1152	os_strlcpy(event.interface_status.ifname, ifname,
1153		   sizeof(event.interface_status.ifname));
1154	event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
1155	wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
1156}
1157
1158
1159static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
1160					 u8 *buf, size_t len)
1161{
1162	int attrlen, rta_len;
1163	struct rtattr *attr;
1164
1165	attrlen = len;
1166	attr = (struct rtattr *) buf;
1167
1168	rta_len = RTA_ALIGN(sizeof(struct rtattr));
1169	while (RTA_OK(attr, attrlen)) {
1170		if (attr->rta_type == IFLA_IFNAME) {
1171			if (os_strcmp(((char *) attr) + rta_len,
1172				      drv->first_bss->ifname) == 0)
1173				return 1;
1174			else
1175				break;
1176		}
1177		attr = RTA_NEXT(attr, attrlen);
1178	}
1179
1180	return 0;
1181}
1182
1183
1184static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
1185					  int ifindex, u8 *buf, size_t len)
1186{
1187	if (drv->ifindex == ifindex)
1188		return 1;
1189
1190	if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
1191		wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
1192			   "interface");
1193		wpa_driver_nl80211_finish_drv_init(drv, NULL, 0);
1194		return 1;
1195	}
1196
1197	return 0;
1198}
1199
1200
1201static struct wpa_driver_nl80211_data *
1202nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len)
1203{
1204	struct wpa_driver_nl80211_data *drv;
1205	dl_list_for_each(drv, &global->interfaces,
1206			 struct wpa_driver_nl80211_data, list) {
1207		if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) ||
1208		    have_ifidx(drv, idx))
1209			return drv;
1210	}
1211	return NULL;
1212}
1213
1214
1215static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
1216						 struct ifinfomsg *ifi,
1217						 u8 *buf, size_t len)
1218{
1219	struct nl80211_global *global = ctx;
1220	struct wpa_driver_nl80211_data *drv;
1221	int attrlen;
1222	struct rtattr *attr;
1223	u32 brid = 0;
1224	char namebuf[IFNAMSIZ];
1225	char ifname[IFNAMSIZ + 1];
1226	char extra[100], *pos, *end;
1227
1228	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
1229	if (!drv) {
1230		wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_NEWLINK event for foreign ifindex %d",
1231			   ifi->ifi_index);
1232		return;
1233	}
1234
1235	extra[0] = '\0';
1236	pos = extra;
1237	end = pos + sizeof(extra);
1238	ifname[0] = '\0';
1239
1240	attrlen = len;
1241	attr = (struct rtattr *) buf;
1242	while (RTA_OK(attr, attrlen)) {
1243		switch (attr->rta_type) {
1244		case IFLA_IFNAME:
1245			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
1246				break;
1247			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
1248			ifname[RTA_PAYLOAD(attr)] = '\0';
1249			break;
1250		case IFLA_MASTER:
1251			brid = nla_get_u32((struct nlattr *) attr);
1252			pos += os_snprintf(pos, end - pos, " master=%u", brid);
1253			break;
1254		case IFLA_WIRELESS:
1255			pos += os_snprintf(pos, end - pos, " wext");
1256			break;
1257		case IFLA_OPERSTATE:
1258			pos += os_snprintf(pos, end - pos, " operstate=%u",
1259					   nla_get_u32((struct nlattr *) attr));
1260			break;
1261		case IFLA_LINKMODE:
1262			pos += os_snprintf(pos, end - pos, " linkmode=%u",
1263					   nla_get_u32((struct nlattr *) attr));
1264			break;
1265		}
1266		attr = RTA_NEXT(attr, attrlen);
1267	}
1268	extra[sizeof(extra) - 1] = '\0';
1269
1270	wpa_printf(MSG_DEBUG, "RTM_NEWLINK: ifi_index=%d ifname=%s%s ifi_family=%d ifi_flags=0x%x (%s%s%s%s)",
1271		   ifi->ifi_index, ifname, extra, ifi->ifi_family,
1272		   ifi->ifi_flags,
1273		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
1274		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
1275		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
1276		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
1277
1278	if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
1279		if (if_indextoname(ifi->ifi_index, namebuf) &&
1280		    linux_iface_up(drv->global->ioctl_sock,
1281				   drv->first_bss->ifname) > 0) {
1282			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1283				   "event since interface %s is up", namebuf);
1284			return;
1285		}
1286		wpa_printf(MSG_DEBUG, "nl80211: Interface down");
1287		if (drv->ignore_if_down_event) {
1288			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1289				   "event generated by mode change");
1290			drv->ignore_if_down_event = 0;
1291		} else {
1292			drv->if_disabled = 1;
1293			wpa_supplicant_event(drv->ctx,
1294					     EVENT_INTERFACE_DISABLED, NULL);
1295
1296			/*
1297			 * Try to get drv again, since it may be removed as
1298			 * part of the EVENT_INTERFACE_DISABLED handling for
1299			 * dynamic interfaces
1300			 */
1301			drv = nl80211_find_drv(global, ifi->ifi_index,
1302					       buf, len);
1303			if (!drv)
1304				return;
1305		}
1306	}
1307
1308	if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
1309		if (if_indextoname(ifi->ifi_index, namebuf) &&
1310		    linux_iface_up(drv->global->ioctl_sock,
1311				   drv->first_bss->ifname) == 0) {
1312			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1313				   "event since interface %s is down",
1314				   namebuf);
1315		} else if (if_nametoindex(drv->first_bss->ifname) == 0) {
1316			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1317				   "event since interface %s does not exist",
1318				   drv->first_bss->ifname);
1319		} else if (drv->if_removed) {
1320			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1321				   "event since interface %s is marked "
1322				   "removed", drv->first_bss->ifname);
1323		} else {
1324			struct i802_bss *bss;
1325			u8 addr[ETH_ALEN];
1326
1327			/* Re-read MAC address as it may have changed */
1328			bss = get_bss_ifindex(drv, ifi->ifi_index);
1329			if (bss &&
1330			    linux_get_ifhwaddr(drv->global->ioctl_sock,
1331					       bss->ifname, addr) < 0) {
1332				wpa_printf(MSG_DEBUG,
1333					   "nl80211: %s: failed to re-read MAC address",
1334					   bss->ifname);
1335			} else if (bss &&
1336				   os_memcmp(addr, bss->addr, ETH_ALEN) != 0) {
1337				wpa_printf(MSG_DEBUG,
1338					   "nl80211: Own MAC address on ifindex %d (%s) changed from "
1339					   MACSTR " to " MACSTR,
1340					   ifi->ifi_index, bss->ifname,
1341					   MAC2STR(bss->addr),
1342					   MAC2STR(addr));
1343				os_memcpy(bss->addr, addr, ETH_ALEN);
1344			}
1345
1346			wpa_printf(MSG_DEBUG, "nl80211: Interface up");
1347			drv->if_disabled = 0;
1348			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
1349					     NULL);
1350		}
1351	}
1352
1353	/*
1354	 * Some drivers send the association event before the operup event--in
1355	 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
1356	 * fails. This will hit us when wpa_supplicant does not need to do
1357	 * IEEE 802.1X authentication
1358	 */
1359	if (drv->operstate == 1 &&
1360	    (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
1361	    !(ifi->ifi_flags & IFF_RUNNING)) {
1362		wpa_printf(MSG_DEBUG, "nl80211: Set IF_OPER_UP again based on ifi_flags and expected operstate");
1363		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
1364				       -1, IF_OPER_UP);
1365	}
1366
1367	if (ifname[0])
1368		wpa_driver_nl80211_event_newlink(drv, ifname);
1369
1370	if (ifi->ifi_family == AF_BRIDGE && brid) {
1371		/* device has been added to bridge */
1372		if_indextoname(brid, namebuf);
1373		wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
1374			   brid, namebuf);
1375		add_ifidx(drv, brid);
1376	}
1377}
1378
1379
1380static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
1381						 struct ifinfomsg *ifi,
1382						 u8 *buf, size_t len)
1383{
1384	struct nl80211_global *global = ctx;
1385	struct wpa_driver_nl80211_data *drv;
1386	int attrlen;
1387	struct rtattr *attr;
1388	u32 brid = 0;
1389	char ifname[IFNAMSIZ + 1];
1390	char extra[100], *pos, *end;
1391
1392	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
1393	if (!drv) {
1394		wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_DELLINK event for foreign ifindex %d",
1395			   ifi->ifi_index);
1396		return;
1397	}
1398
1399	extra[0] = '\0';
1400	pos = extra;
1401	end = pos + sizeof(extra);
1402	ifname[0] = '\0';
1403
1404	attrlen = len;
1405	attr = (struct rtattr *) buf;
1406	while (RTA_OK(attr, attrlen)) {
1407		switch (attr->rta_type) {
1408		case IFLA_IFNAME:
1409			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
1410				break;
1411			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
1412			ifname[RTA_PAYLOAD(attr)] = '\0';
1413			break;
1414		case IFLA_MASTER:
1415			brid = nla_get_u32((struct nlattr *) attr);
1416			pos += os_snprintf(pos, end - pos, " master=%u", brid);
1417			break;
1418		case IFLA_OPERSTATE:
1419			pos += os_snprintf(pos, end - pos, " operstate=%u",
1420					   nla_get_u32((struct nlattr *) attr));
1421			break;
1422		case IFLA_LINKMODE:
1423			pos += os_snprintf(pos, end - pos, " linkmode=%u",
1424					   nla_get_u32((struct nlattr *) attr));
1425			break;
1426		}
1427		attr = RTA_NEXT(attr, attrlen);
1428	}
1429	extra[sizeof(extra) - 1] = '\0';
1430
1431	wpa_printf(MSG_DEBUG, "RTM_DELLINK: ifi_index=%d ifname=%s%s ifi_family=%d ifi_flags=0x%x (%s%s%s%s)",
1432		   ifi->ifi_index, ifname, extra, ifi->ifi_family,
1433		   ifi->ifi_flags,
1434		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
1435		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
1436		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
1437		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
1438
1439	if (ifname[0] && (ifi->ifi_family != AF_BRIDGE || !brid))
1440		wpa_driver_nl80211_event_dellink(drv, ifname);
1441
1442	if (ifi->ifi_family == AF_BRIDGE && brid) {
1443		/* device has been removed from bridge */
1444		char namebuf[IFNAMSIZ];
1445		if_indextoname(brid, namebuf);
1446		wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
1447			   "%s", brid, namebuf);
1448		del_ifidx(drv, brid);
1449	}
1450}
1451
1452
1453static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
1454			    const u8 *frame, size_t len)
1455{
1456	const struct ieee80211_mgmt *mgmt;
1457	union wpa_event_data event;
1458
1459	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME) &&
1460	    drv->force_connect_cmd) {
1461		/*
1462		 * Avoid reporting two association events that would confuse
1463		 * the core code.
1464		 */
1465		wpa_printf(MSG_DEBUG,
1466			   "nl80211: Ignore auth event when using driver SME");
1467		return;
1468	}
1469
1470	wpa_printf(MSG_DEBUG, "nl80211: Authenticate event");
1471	mgmt = (const struct ieee80211_mgmt *) frame;
1472	if (len < 24 + sizeof(mgmt->u.auth)) {
1473		wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1474			   "frame");
1475		return;
1476	}
1477
1478	os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
1479	os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
1480	os_memset(&event, 0, sizeof(event));
1481	os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
1482	event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
1483	event.auth.auth_transaction =
1484		le_to_host16(mgmt->u.auth.auth_transaction);
1485	event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
1486	if (len > 24 + sizeof(mgmt->u.auth)) {
1487		event.auth.ies = mgmt->u.auth.variable;
1488		event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
1489	}
1490
1491	wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
1492}
1493
1494
1495static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
1496{
1497	struct nl_msg *msg;
1498	int ret;
1499	struct nl80211_bss_info_arg arg;
1500
1501	os_memset(&arg, 0, sizeof(arg));
1502	msg = nlmsg_alloc();
1503	if (!msg)
1504		goto nla_put_failure;
1505
1506	nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1507	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1508
1509	arg.drv = drv;
1510	ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
1511	msg = NULL;
1512	if (ret == 0) {
1513		unsigned int freq = drv->nlmode == NL80211_IFTYPE_ADHOC ?
1514			arg.ibss_freq : arg.assoc_freq;
1515		wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
1516			   "associated BSS from scan results: %u MHz", freq);
1517		if (freq)
1518			drv->assoc_freq = freq;
1519		return drv->assoc_freq;
1520	}
1521	wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1522		   "(%s)", ret, strerror(-ret));
1523nla_put_failure:
1524	nlmsg_free(msg);
1525	return drv->assoc_freq;
1526}
1527
1528
1529static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
1530			    const u8 *frame, size_t len)
1531{
1532	const struct ieee80211_mgmt *mgmt;
1533	union wpa_event_data event;
1534	u16 status;
1535
1536	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME) &&
1537	    drv->force_connect_cmd) {
1538		/*
1539		 * Avoid reporting two association events that would confuse
1540		 * the core code.
1541		 */
1542		wpa_printf(MSG_DEBUG,
1543			   "nl80211: Ignore assoc event when using driver SME");
1544		return;
1545	}
1546
1547	wpa_printf(MSG_DEBUG, "nl80211: Associate event");
1548	mgmt = (const struct ieee80211_mgmt *) frame;
1549	if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
1550		wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1551			   "frame");
1552		return;
1553	}
1554
1555	status = le_to_host16(mgmt->u.assoc_resp.status_code);
1556	if (status != WLAN_STATUS_SUCCESS) {
1557		os_memset(&event, 0, sizeof(event));
1558		event.assoc_reject.bssid = mgmt->bssid;
1559		if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1560			event.assoc_reject.resp_ies =
1561				(u8 *) mgmt->u.assoc_resp.variable;
1562			event.assoc_reject.resp_ies_len =
1563				len - 24 - sizeof(mgmt->u.assoc_resp);
1564		}
1565		event.assoc_reject.status_code = status;
1566
1567		wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1568		return;
1569	}
1570
1571	drv->associated = 1;
1572	os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
1573	os_memcpy(drv->prev_bssid, mgmt->sa, ETH_ALEN);
1574
1575	os_memset(&event, 0, sizeof(event));
1576	if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1577		event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
1578		event.assoc_info.resp_ies_len =
1579			len - 24 - sizeof(mgmt->u.assoc_resp);
1580	}
1581
1582	event.assoc_info.freq = drv->assoc_freq;
1583
1584	wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1585}
1586
1587
1588static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
1589			       enum nl80211_commands cmd, struct nlattr *status,
1590			       struct nlattr *addr, struct nlattr *req_ie,
1591			       struct nlattr *resp_ie)
1592{
1593	union wpa_event_data event;
1594	u16 status_code;
1595
1596	if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1597		/*
1598		 * Avoid reporting two association events that would confuse
1599		 * the core code.
1600		 */
1601		wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
1602			   "when using userspace SME", cmd);
1603		return;
1604	}
1605
1606	status_code = status ? nla_get_u16(status) : WLAN_STATUS_SUCCESS;
1607
1608	if (cmd == NL80211_CMD_CONNECT) {
1609		wpa_printf(MSG_DEBUG,
1610			   "nl80211: Connect event (status=%u ignore_next_local_disconnect=%d)",
1611			   status_code, drv->ignore_next_local_disconnect);
1612	} else if (cmd == NL80211_CMD_ROAM) {
1613		wpa_printf(MSG_DEBUG, "nl80211: Roam event");
1614	}
1615
1616	os_memset(&event, 0, sizeof(event));
1617	if (cmd == NL80211_CMD_CONNECT && status_code != WLAN_STATUS_SUCCESS) {
1618		if (addr)
1619			event.assoc_reject.bssid = nla_data(addr);
1620		if (drv->ignore_next_local_disconnect) {
1621			drv->ignore_next_local_disconnect = 0;
1622			if (!event.assoc_reject.bssid ||
1623			    (os_memcmp(event.assoc_reject.bssid,
1624				       drv->auth_attempt_bssid,
1625				       ETH_ALEN) != 0)) {
1626				/*
1627				 * Ignore the event that came without a BSSID or
1628				 * for the old connection since this is likely
1629				 * not relevant to the new Connect command.
1630				 */
1631				wpa_printf(MSG_DEBUG,
1632					   "nl80211: Ignore connection failure event triggered during reassociation");
1633				return;
1634			}
1635		}
1636		if (resp_ie) {
1637			event.assoc_reject.resp_ies = nla_data(resp_ie);
1638			event.assoc_reject.resp_ies_len = nla_len(resp_ie);
1639		}
1640		event.assoc_reject.status_code = status_code;
1641		wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1642		return;
1643	}
1644
1645	drv->associated = 1;
1646	if (addr) {
1647		os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
1648		os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN);
1649	}
1650
1651	if (req_ie) {
1652		event.assoc_info.req_ies = nla_data(req_ie);
1653		event.assoc_info.req_ies_len = nla_len(req_ie);
1654	}
1655	if (resp_ie) {
1656		event.assoc_info.resp_ies = nla_data(resp_ie);
1657		event.assoc_info.resp_ies_len = nla_len(resp_ie);
1658	}
1659
1660	event.assoc_info.freq = nl80211_get_assoc_freq(drv);
1661
1662	wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1663}
1664
1665
1666static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv,
1667				  struct nlattr *reason, struct nlattr *addr,
1668				  struct nlattr *by_ap)
1669{
1670	union wpa_event_data data;
1671	unsigned int locally_generated = by_ap == NULL;
1672
1673	if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1674		/*
1675		 * Avoid reporting two disassociation events that could
1676		 * confuse the core code.
1677		 */
1678		wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1679			   "event when using userspace SME");
1680		return;
1681	}
1682
1683	if (drv->ignore_next_local_disconnect) {
1684		drv->ignore_next_local_disconnect = 0;
1685		if (locally_generated) {
1686			wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1687				   "event triggered during reassociation");
1688			return;
1689		}
1690		wpa_printf(MSG_WARNING, "nl80211: Was expecting local "
1691			   "disconnect but got another disconnect "
1692			   "event first");
1693	}
1694
1695	wpa_printf(MSG_DEBUG, "nl80211: Disconnect event");
1696	nl80211_mark_disconnected(drv);
1697	os_memset(&data, 0, sizeof(data));
1698	if (reason)
1699		data.deauth_info.reason_code = nla_get_u16(reason);
1700	data.deauth_info.locally_generated = by_ap == NULL;
1701	wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, &data);
1702}
1703
1704
1705static int calculate_chan_offset(int width, int freq, int cf1, int cf2)
1706{
1707	int freq1 = 0;
1708
1709	switch (convert2width(width)) {
1710	case CHAN_WIDTH_20_NOHT:
1711	case CHAN_WIDTH_20:
1712		return 0;
1713	case CHAN_WIDTH_40:
1714		freq1 = cf1 - 10;
1715		break;
1716	case CHAN_WIDTH_80:
1717		freq1 = cf1 - 30;
1718		break;
1719	case CHAN_WIDTH_160:
1720		freq1 = cf1 - 70;
1721		break;
1722	case CHAN_WIDTH_UNKNOWN:
1723	case CHAN_WIDTH_80P80:
1724		/* FIXME: implement this */
1725		return 0;
1726	}
1727
1728	return (abs(freq - freq1) / 20) % 2 == 0 ? 1 : -1;
1729}
1730
1731
1732static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv,
1733				 struct nlattr *ifindex, struct nlattr *freq,
1734				 struct nlattr *type, struct nlattr *bw,
1735				 struct nlattr *cf1, struct nlattr *cf2)
1736{
1737	struct i802_bss *bss;
1738	union wpa_event_data data;
1739	int ht_enabled = 1;
1740	int chan_offset = 0;
1741	int ifidx;
1742
1743	wpa_printf(MSG_DEBUG, "nl80211: Channel switch event");
1744
1745	if (!freq)
1746		return;
1747
1748	ifidx = nla_get_u32(ifindex);
1749	bss = get_bss_ifindex(drv, ifidx);
1750	if (bss == NULL) {
1751		wpa_printf(MSG_WARNING, "nl80211: Unknown ifindex (%d) for channel switch, ignoring",
1752			   ifidx);
1753		return;
1754	}
1755
1756	if (type) {
1757		switch (nla_get_u32(type)) {
1758		case NL80211_CHAN_NO_HT:
1759			ht_enabled = 0;
1760			break;
1761		case NL80211_CHAN_HT20:
1762			break;
1763		case NL80211_CHAN_HT40PLUS:
1764			chan_offset = 1;
1765			break;
1766		case NL80211_CHAN_HT40MINUS:
1767			chan_offset = -1;
1768			break;
1769		}
1770	} else if (bw && cf1) {
1771		/* This can happen for example with VHT80 ch switch */
1772		chan_offset = calculate_chan_offset(nla_get_u32(bw),
1773						    nla_get_u32(freq),
1774						    nla_get_u32(cf1),
1775						    cf2 ? nla_get_u32(cf2) : 0);
1776	} else {
1777		wpa_printf(MSG_WARNING, "nl80211: Unknown secondary channel information - following channel definition calculations may fail");
1778	}
1779
1780	os_memset(&data, 0, sizeof(data));
1781	data.ch_switch.freq = nla_get_u32(freq);
1782	data.ch_switch.ht_enabled = ht_enabled;
1783	data.ch_switch.ch_offset = chan_offset;
1784	if (bw)
1785		data.ch_switch.ch_width = convert2width(nla_get_u32(bw));
1786	if (cf1)
1787		data.ch_switch.cf1 = nla_get_u32(cf1);
1788	if (cf2)
1789		data.ch_switch.cf2 = nla_get_u32(cf2);
1790
1791	bss->freq = data.ch_switch.freq;
1792
1793	wpa_supplicant_event(bss->ctx, EVENT_CH_SWITCH, &data);
1794}
1795
1796
1797static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
1798			       enum nl80211_commands cmd, struct nlattr *addr)
1799{
1800	union wpa_event_data event;
1801	enum wpa_event_type ev;
1802
1803	if (nla_len(addr) != ETH_ALEN)
1804		return;
1805
1806	wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
1807		   cmd, MAC2STR((u8 *) nla_data(addr)));
1808
1809	if (cmd == NL80211_CMD_AUTHENTICATE)
1810		ev = EVENT_AUTH_TIMED_OUT;
1811	else if (cmd == NL80211_CMD_ASSOCIATE)
1812		ev = EVENT_ASSOC_TIMED_OUT;
1813	else
1814		return;
1815
1816	os_memset(&event, 0, sizeof(event));
1817	os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
1818	wpa_supplicant_event(drv->ctx, ev, &event);
1819}
1820
1821
1822static void mlme_event_mgmt(struct i802_bss *bss,
1823			    struct nlattr *freq, struct nlattr *sig,
1824			    const u8 *frame, size_t len)
1825{
1826	struct wpa_driver_nl80211_data *drv = bss->drv;
1827	const struct ieee80211_mgmt *mgmt;
1828	union wpa_event_data event;
1829	u16 fc, stype;
1830	int ssi_signal = 0;
1831	int rx_freq = 0;
1832
1833	wpa_printf(MSG_MSGDUMP, "nl80211: Frame event");
1834	mgmt = (const struct ieee80211_mgmt *) frame;
1835	if (len < 24) {
1836		wpa_printf(MSG_DEBUG, "nl80211: Too short management frame");
1837		return;
1838	}
1839
1840	fc = le_to_host16(mgmt->frame_control);
1841	stype = WLAN_FC_GET_STYPE(fc);
1842
1843	if (sig)
1844		ssi_signal = (s32) nla_get_u32(sig);
1845
1846	os_memset(&event, 0, sizeof(event));
1847	if (freq) {
1848		event.rx_mgmt.freq = nla_get_u32(freq);
1849		rx_freq = drv->last_mgmt_freq = event.rx_mgmt.freq;
1850	}
1851	wpa_printf(MSG_DEBUG,
1852		   "nl80211: RX frame sa=" MACSTR
1853		   " freq=%d ssi_signal=%d stype=%u (%s) len=%u",
1854		   MAC2STR(mgmt->sa), rx_freq, ssi_signal, stype, fc2str(fc),
1855		   (unsigned int) len);
1856	event.rx_mgmt.frame = frame;
1857	event.rx_mgmt.frame_len = len;
1858	event.rx_mgmt.ssi_signal = ssi_signal;
1859	event.rx_mgmt.drv_priv = bss;
1860	wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
1861}
1862
1863
1864static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv,
1865				      struct nlattr *cookie, const u8 *frame,
1866				      size_t len, struct nlattr *ack)
1867{
1868	union wpa_event_data event;
1869	const struct ieee80211_hdr *hdr;
1870	u16 fc;
1871
1872	wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event");
1873	if (!is_ap_interface(drv->nlmode)) {
1874		u64 cookie_val;
1875
1876		if (!cookie)
1877			return;
1878
1879		cookie_val = nla_get_u64(cookie);
1880		wpa_printf(MSG_DEBUG, "nl80211: Action TX status:"
1881			   " cookie=0%llx%s (ack=%d)",
1882			   (long long unsigned int) cookie_val,
1883			   cookie_val == drv->send_action_cookie ?
1884			   " (match)" : " (unknown)", ack != NULL);
1885		if (cookie_val != drv->send_action_cookie)
1886			return;
1887	}
1888
1889	hdr = (const struct ieee80211_hdr *) frame;
1890	fc = le_to_host16(hdr->frame_control);
1891
1892	os_memset(&event, 0, sizeof(event));
1893	event.tx_status.type = WLAN_FC_GET_TYPE(fc);
1894	event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
1895	event.tx_status.dst = hdr->addr1;
1896	event.tx_status.data = frame;
1897	event.tx_status.data_len = len;
1898	event.tx_status.ack = ack != NULL;
1899	wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
1900}
1901
1902
1903static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
1904				       enum wpa_event_type type,
1905				       const u8 *frame, size_t len)
1906{
1907	const struct ieee80211_mgmt *mgmt;
1908	union wpa_event_data event;
1909	const u8 *bssid = NULL;
1910	u16 reason_code = 0;
1911
1912	if (type == EVENT_DEAUTH)
1913		wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event");
1914	else
1915		wpa_printf(MSG_DEBUG, "nl80211: Disassociate event");
1916
1917	mgmt = (const struct ieee80211_mgmt *) frame;
1918	if (len >= 24) {
1919		bssid = mgmt->bssid;
1920
1921		if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) &&
1922		    !drv->associated &&
1923		    os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0 &&
1924		    os_memcmp(bssid, drv->auth_attempt_bssid, ETH_ALEN) != 0 &&
1925		    os_memcmp(bssid, drv->prev_bssid, ETH_ALEN) == 0) {
1926			/*
1927			 * Avoid issues with some roaming cases where
1928			 * disconnection event for the old AP may show up after
1929			 * we have started connection with the new AP.
1930			 */
1931			wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth/disassoc event from old AP " MACSTR " when already authenticating with " MACSTR,
1932				   MAC2STR(bssid),
1933				   MAC2STR(drv->auth_attempt_bssid));
1934			return;
1935		}
1936
1937		if (drv->associated != 0 &&
1938		    os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
1939		    os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
1940			/*
1941			 * We have presumably received this deauth as a
1942			 * response to a clear_state_mismatch() outgoing
1943			 * deauth.  Don't let it take us offline!
1944			 */
1945			wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
1946				   "from Unknown BSSID " MACSTR " -- ignoring",
1947				   MAC2STR(bssid));
1948			return;
1949		}
1950	}
1951
1952	nl80211_mark_disconnected(drv);
1953	os_memset(&event, 0, sizeof(event));
1954
1955	/* Note: Same offset for Reason Code in both frame subtypes */
1956	if (len >= 24 + sizeof(mgmt->u.deauth))
1957		reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1958
1959	if (type == EVENT_DISASSOC) {
1960		event.disassoc_info.locally_generated =
1961			!os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN);
1962		event.disassoc_info.addr = bssid;
1963		event.disassoc_info.reason_code = reason_code;
1964		if (frame + len > mgmt->u.disassoc.variable) {
1965			event.disassoc_info.ie = mgmt->u.disassoc.variable;
1966			event.disassoc_info.ie_len = frame + len -
1967				mgmt->u.disassoc.variable;
1968		}
1969	} else {
1970		if (drv->ignore_deauth_event) {
1971			wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event due to previous forced deauth-during-auth");
1972			drv->ignore_deauth_event = 0;
1973			return;
1974		}
1975		event.deauth_info.locally_generated =
1976			!os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN);
1977		if (drv->ignore_next_local_deauth) {
1978			drv->ignore_next_local_deauth = 0;
1979			if (event.deauth_info.locally_generated) {
1980				wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event triggered due to own deauth request");
1981				return;
1982			}
1983			wpa_printf(MSG_WARNING, "nl80211: Was expecting local deauth but got another disconnect event first");
1984		}
1985		event.deauth_info.addr = bssid;
1986		event.deauth_info.reason_code = reason_code;
1987		if (frame + len > mgmt->u.deauth.variable) {
1988			event.deauth_info.ie = mgmt->u.deauth.variable;
1989			event.deauth_info.ie_len = frame + len -
1990				mgmt->u.deauth.variable;
1991		}
1992	}
1993
1994	wpa_supplicant_event(drv->ctx, type, &event);
1995}
1996
1997
1998static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv,
1999					 enum wpa_event_type type,
2000					 const u8 *frame, size_t len)
2001{
2002	const struct ieee80211_mgmt *mgmt;
2003	union wpa_event_data event;
2004	u16 reason_code = 0;
2005
2006	if (type == EVENT_UNPROT_DEAUTH)
2007		wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event");
2008	else
2009		wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event");
2010
2011	if (len < 24)
2012		return;
2013
2014	mgmt = (const struct ieee80211_mgmt *) frame;
2015
2016	os_memset(&event, 0, sizeof(event));
2017	/* Note: Same offset for Reason Code in both frame subtypes */
2018	if (len >= 24 + sizeof(mgmt->u.deauth))
2019		reason_code = le_to_host16(mgmt->u.deauth.reason_code);
2020
2021	if (type == EVENT_UNPROT_DISASSOC) {
2022		event.unprot_disassoc.sa = mgmt->sa;
2023		event.unprot_disassoc.da = mgmt->da;
2024		event.unprot_disassoc.reason_code = reason_code;
2025	} else {
2026		event.unprot_deauth.sa = mgmt->sa;
2027		event.unprot_deauth.da = mgmt->da;
2028		event.unprot_deauth.reason_code = reason_code;
2029	}
2030
2031	wpa_supplicant_event(drv->ctx, type, &event);
2032}
2033
2034
2035static void mlme_event(struct i802_bss *bss,
2036		       enum nl80211_commands cmd, struct nlattr *frame,
2037		       struct nlattr *addr, struct nlattr *timed_out,
2038		       struct nlattr *freq, struct nlattr *ack,
2039		       struct nlattr *cookie, struct nlattr *sig)
2040{
2041	struct wpa_driver_nl80211_data *drv = bss->drv;
2042	const u8 *data;
2043	size_t len;
2044
2045	if (timed_out && addr) {
2046		mlme_timeout_event(drv, cmd, addr);
2047		return;
2048	}
2049
2050	if (frame == NULL) {
2051		wpa_printf(MSG_DEBUG,
2052			   "nl80211: MLME event %d (%s) without frame data",
2053			   cmd, nl80211_command_to_string(cmd));
2054		return;
2055	}
2056
2057	data = nla_data(frame);
2058	len = nla_len(frame);
2059	if (len < 4 + 2 * ETH_ALEN) {
2060		wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s("
2061			   MACSTR ") - too short",
2062			   cmd, nl80211_command_to_string(cmd), bss->ifname,
2063			   MAC2STR(bss->addr));
2064		return;
2065	}
2066	wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" MACSTR
2067		   ") A1=" MACSTR " A2=" MACSTR, cmd,
2068		   nl80211_command_to_string(cmd), bss->ifname,
2069		   MAC2STR(bss->addr), MAC2STR(data + 4),
2070		   MAC2STR(data + 4 + ETH_ALEN));
2071	if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) &&
2072	    os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 &&
2073	    os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) {
2074		wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event "
2075			   "for foreign address", bss->ifname);
2076		return;
2077	}
2078	wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
2079		    nla_data(frame), nla_len(frame));
2080
2081	switch (cmd) {
2082	case NL80211_CMD_AUTHENTICATE:
2083		mlme_event_auth(drv, nla_data(frame), nla_len(frame));
2084		break;
2085	case NL80211_CMD_ASSOCIATE:
2086		mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
2087		break;
2088	case NL80211_CMD_DEAUTHENTICATE:
2089		mlme_event_deauth_disassoc(drv, EVENT_DEAUTH,
2090					   nla_data(frame), nla_len(frame));
2091		break;
2092	case NL80211_CMD_DISASSOCIATE:
2093		mlme_event_deauth_disassoc(drv, EVENT_DISASSOC,
2094					   nla_data(frame), nla_len(frame));
2095		break;
2096	case NL80211_CMD_FRAME:
2097		mlme_event_mgmt(bss, freq, sig, nla_data(frame),
2098				nla_len(frame));
2099		break;
2100	case NL80211_CMD_FRAME_TX_STATUS:
2101		mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame),
2102					  nla_len(frame), ack);
2103		break;
2104	case NL80211_CMD_UNPROT_DEAUTHENTICATE:
2105		mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH,
2106					     nla_data(frame), nla_len(frame));
2107		break;
2108	case NL80211_CMD_UNPROT_DISASSOCIATE:
2109		mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC,
2110					     nla_data(frame), nla_len(frame));
2111		break;
2112	default:
2113		break;
2114	}
2115}
2116
2117
2118static void mlme_event_michael_mic_failure(struct i802_bss *bss,
2119					   struct nlattr *tb[])
2120{
2121	union wpa_event_data data;
2122
2123	wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
2124	os_memset(&data, 0, sizeof(data));
2125	if (tb[NL80211_ATTR_MAC]) {
2126		wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
2127			    nla_data(tb[NL80211_ATTR_MAC]),
2128			    nla_len(tb[NL80211_ATTR_MAC]));
2129		data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
2130	}
2131	if (tb[NL80211_ATTR_KEY_SEQ]) {
2132		wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
2133			    nla_data(tb[NL80211_ATTR_KEY_SEQ]),
2134			    nla_len(tb[NL80211_ATTR_KEY_SEQ]));
2135	}
2136	if (tb[NL80211_ATTR_KEY_TYPE]) {
2137		enum nl80211_key_type key_type =
2138			nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
2139		wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
2140		if (key_type == NL80211_KEYTYPE_PAIRWISE)
2141			data.michael_mic_failure.unicast = 1;
2142	} else
2143		data.michael_mic_failure.unicast = 1;
2144
2145	if (tb[NL80211_ATTR_KEY_IDX]) {
2146		u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
2147		wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
2148	}
2149
2150	wpa_supplicant_event(bss->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
2151}
2152
2153
2154static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
2155				 struct nlattr *tb[])
2156{
2157	unsigned int freq;
2158
2159	if (tb[NL80211_ATTR_MAC] == NULL) {
2160		wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
2161			   "event");
2162		return;
2163	}
2164	os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2165
2166	drv->associated = 1;
2167	wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
2168		   MAC2STR(drv->bssid));
2169
2170	freq = nl80211_get_assoc_freq(drv);
2171	if (freq) {
2172		wpa_printf(MSG_DEBUG, "nl80211: IBSS on frequency %u MHz",
2173			   freq);
2174		drv->first_bss->freq = freq;
2175	}
2176
2177	wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
2178}
2179
2180
2181static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
2182					 int cancel_event, struct nlattr *tb[])
2183{
2184	unsigned int freq, chan_type, duration;
2185	union wpa_event_data data;
2186	u64 cookie;
2187
2188	if (tb[NL80211_ATTR_WIPHY_FREQ])
2189		freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
2190	else
2191		freq = 0;
2192
2193	if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
2194		chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2195	else
2196		chan_type = 0;
2197
2198	if (tb[NL80211_ATTR_DURATION])
2199		duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
2200	else
2201		duration = 0;
2202
2203	if (tb[NL80211_ATTR_COOKIE])
2204		cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
2205	else
2206		cookie = 0;
2207
2208	wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
2209		   "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
2210		   cancel_event, freq, chan_type, duration,
2211		   (long long unsigned int) cookie,
2212		   cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
2213
2214	if (cookie != drv->remain_on_chan_cookie)
2215		return; /* not for us */
2216
2217	if (cancel_event)
2218		drv->pending_remain_on_chan = 0;
2219
2220	os_memset(&data, 0, sizeof(data));
2221	data.remain_on_channel.freq = freq;
2222	data.remain_on_channel.duration = duration;
2223	wpa_supplicant_event(drv->ctx, cancel_event ?
2224			     EVENT_CANCEL_REMAIN_ON_CHANNEL :
2225			     EVENT_REMAIN_ON_CHANNEL, &data);
2226}
2227
2228
2229static void mlme_event_ft_event(struct wpa_driver_nl80211_data *drv,
2230				struct nlattr *tb[])
2231{
2232	union wpa_event_data data;
2233
2234	os_memset(&data, 0, sizeof(data));
2235
2236	if (tb[NL80211_ATTR_IE]) {
2237		data.ft_ies.ies = nla_data(tb[NL80211_ATTR_IE]);
2238		data.ft_ies.ies_len = nla_len(tb[NL80211_ATTR_IE]);
2239	}
2240
2241	if (tb[NL80211_ATTR_IE_RIC]) {
2242		data.ft_ies.ric_ies = nla_data(tb[NL80211_ATTR_IE_RIC]);
2243		data.ft_ies.ric_ies_len = nla_len(tb[NL80211_ATTR_IE_RIC]);
2244	}
2245
2246	if (tb[NL80211_ATTR_MAC])
2247		os_memcpy(data.ft_ies.target_ap,
2248			  nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2249
2250	wpa_printf(MSG_DEBUG, "nl80211: FT event target_ap " MACSTR,
2251		   MAC2STR(data.ft_ies.target_ap));
2252
2253	wpa_supplicant_event(drv->ctx, EVENT_FT_RESPONSE, &data);
2254}
2255
2256
2257static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
2258			    struct nlattr *tb[])
2259{
2260	union wpa_event_data event;
2261	struct nlattr *nl;
2262	int rem;
2263	struct scan_info *info;
2264#define MAX_REPORT_FREQS 50
2265	int freqs[MAX_REPORT_FREQS];
2266	int num_freqs = 0;
2267
2268	if (drv->scan_for_auth) {
2269		drv->scan_for_auth = 0;
2270		wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing "
2271			   "cfg80211 BSS entry");
2272		wpa_driver_nl80211_authenticate_retry(drv);
2273		return;
2274	}
2275
2276	os_memset(&event, 0, sizeof(event));
2277	info = &event.scan_info;
2278	info->aborted = aborted;
2279
2280	if (tb[NL80211_ATTR_SCAN_SSIDS]) {
2281		nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
2282			struct wpa_driver_scan_ssid *s =
2283				&info->ssids[info->num_ssids];
2284			s->ssid = nla_data(nl);
2285			s->ssid_len = nla_len(nl);
2286			wpa_printf(MSG_DEBUG, "nl80211: Scan probed for SSID '%s'",
2287				   wpa_ssid_txt(s->ssid, s->ssid_len));
2288			info->num_ssids++;
2289			if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
2290				break;
2291		}
2292	}
2293	if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
2294		char msg[200], *pos, *end;
2295		int res;
2296
2297		pos = msg;
2298		end = pos + sizeof(msg);
2299		*pos = '\0';
2300
2301		nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
2302		{
2303			freqs[num_freqs] = nla_get_u32(nl);
2304			res = os_snprintf(pos, end - pos, " %d",
2305					  freqs[num_freqs]);
2306			if (res > 0 && end - pos > res)
2307				pos += res;
2308			num_freqs++;
2309			if (num_freqs == MAX_REPORT_FREQS - 1)
2310				break;
2311		}
2312		info->freqs = freqs;
2313		info->num_freqs = num_freqs;
2314		wpa_printf(MSG_DEBUG, "nl80211: Scan included frequencies:%s",
2315			   msg);
2316	}
2317	wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
2318}
2319
2320
2321static int get_link_signal(struct nl_msg *msg, void *arg)
2322{
2323	struct nlattr *tb[NL80211_ATTR_MAX + 1];
2324	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2325	struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
2326	static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
2327		[NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
2328		[NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 },
2329	};
2330	struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
2331	static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
2332		[NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
2333		[NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
2334		[NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
2335		[NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
2336	};
2337	struct wpa_signal_info *sig_change = arg;
2338
2339	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2340		  genlmsg_attrlen(gnlh, 0), NULL);
2341	if (!tb[NL80211_ATTR_STA_INFO] ||
2342	    nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
2343			     tb[NL80211_ATTR_STA_INFO], policy))
2344		return NL_SKIP;
2345	if (!sinfo[NL80211_STA_INFO_SIGNAL])
2346		return NL_SKIP;
2347
2348	sig_change->current_signal =
2349		(s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
2350
2351	if (sinfo[NL80211_STA_INFO_SIGNAL_AVG])
2352		sig_change->avg_signal =
2353			(s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]);
2354	else
2355		sig_change->avg_signal = 0;
2356
2357	if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
2358		if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
2359				     sinfo[NL80211_STA_INFO_TX_BITRATE],
2360				     rate_policy)) {
2361			sig_change->current_txrate = 0;
2362		} else {
2363			if (rinfo[NL80211_RATE_INFO_BITRATE]) {
2364				sig_change->current_txrate =
2365					nla_get_u16(rinfo[
2366					     NL80211_RATE_INFO_BITRATE]) * 100;
2367			}
2368		}
2369	}
2370
2371	return NL_SKIP;
2372}
2373
2374
2375static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
2376				   struct wpa_signal_info *sig)
2377{
2378	struct nl_msg *msg;
2379
2380	sig->current_signal = -9999;
2381	sig->current_txrate = 0;
2382
2383	msg = nlmsg_alloc();
2384	if (!msg)
2385		return -ENOMEM;
2386
2387	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
2388
2389	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2390	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
2391
2392	return send_and_recv_msgs(drv, msg, get_link_signal, sig);
2393 nla_put_failure:
2394	nlmsg_free(msg);
2395	return -ENOBUFS;
2396}
2397
2398
2399static int get_link_noise(struct nl_msg *msg, void *arg)
2400{
2401	struct nlattr *tb[NL80211_ATTR_MAX + 1];
2402	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2403	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
2404	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
2405		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
2406		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
2407	};
2408	struct wpa_signal_info *sig_change = arg;
2409
2410	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2411		  genlmsg_attrlen(gnlh, 0), NULL);
2412
2413	if (!tb[NL80211_ATTR_SURVEY_INFO]) {
2414		wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
2415		return NL_SKIP;
2416	}
2417
2418	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
2419			     tb[NL80211_ATTR_SURVEY_INFO],
2420			     survey_policy)) {
2421		wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
2422			   "attributes!");
2423		return NL_SKIP;
2424	}
2425
2426	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
2427		return NL_SKIP;
2428
2429	if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
2430	    sig_change->frequency)
2431		return NL_SKIP;
2432
2433	if (!sinfo[NL80211_SURVEY_INFO_NOISE])
2434		return NL_SKIP;
2435
2436	sig_change->current_noise =
2437		(s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
2438
2439	return NL_SKIP;
2440}
2441
2442
2443static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
2444				  struct wpa_signal_info *sig_change)
2445{
2446	struct nl_msg *msg;
2447
2448	sig_change->current_noise = 9999;
2449	sig_change->frequency = drv->assoc_freq;
2450
2451	msg = nlmsg_alloc();
2452	if (!msg)
2453		return -ENOMEM;
2454
2455	nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
2456
2457	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2458
2459	return send_and_recv_msgs(drv, msg, get_link_noise, sig_change);
2460 nla_put_failure:
2461	nlmsg_free(msg);
2462	return -ENOBUFS;
2463}
2464
2465
2466static int get_noise_for_scan_results(struct nl_msg *msg, void *arg)
2467{
2468	struct nlattr *tb[NL80211_ATTR_MAX + 1];
2469	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2470	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
2471	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
2472		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
2473		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
2474	};
2475	struct wpa_scan_results *scan_results = arg;
2476	struct wpa_scan_res *scan_res;
2477	size_t i;
2478
2479	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2480		  genlmsg_attrlen(gnlh, 0), NULL);
2481
2482	if (!tb[NL80211_ATTR_SURVEY_INFO]) {
2483		wpa_printf(MSG_DEBUG, "nl80211: Survey data missing");
2484		return NL_SKIP;
2485	}
2486
2487	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
2488			     tb[NL80211_ATTR_SURVEY_INFO],
2489			     survey_policy)) {
2490		wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested "
2491			   "attributes");
2492		return NL_SKIP;
2493	}
2494
2495	if (!sinfo[NL80211_SURVEY_INFO_NOISE])
2496		return NL_SKIP;
2497
2498	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
2499		return NL_SKIP;
2500
2501	for (i = 0; i < scan_results->num; ++i) {
2502		scan_res = scan_results->res[i];
2503		if (!scan_res)
2504			continue;
2505		if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
2506		    scan_res->freq)
2507			continue;
2508		if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID))
2509			continue;
2510		scan_res->noise = (s8)
2511			nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
2512		scan_res->flags &= ~WPA_SCAN_NOISE_INVALID;
2513	}
2514
2515	return NL_SKIP;
2516}
2517
2518
2519static int nl80211_get_noise_for_scan_results(
2520	struct wpa_driver_nl80211_data *drv,
2521	struct wpa_scan_results *scan_res)
2522{
2523	struct nl_msg *msg;
2524
2525	msg = nlmsg_alloc();
2526	if (!msg)
2527		return -ENOMEM;
2528
2529	nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
2530
2531	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2532
2533	return send_and_recv_msgs(drv, msg, get_noise_for_scan_results,
2534				  scan_res);
2535 nla_put_failure:
2536	nlmsg_free(msg);
2537	return -ENOBUFS;
2538}
2539
2540
2541static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv,
2542			      struct nlattr *tb[])
2543{
2544	static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
2545		[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
2546		[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 },
2547		[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
2548		[NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 },
2549	};
2550	struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1];
2551	enum nl80211_cqm_rssi_threshold_event event;
2552	union wpa_event_data ed;
2553	struct wpa_signal_info sig;
2554	int res;
2555
2556	if (tb[NL80211_ATTR_CQM] == NULL ||
2557	    nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM],
2558			     cqm_policy)) {
2559		wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event");
2560		return;
2561	}
2562
2563	os_memset(&ed, 0, sizeof(ed));
2564
2565	if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) {
2566		if (!tb[NL80211_ATTR_MAC])
2567			return;
2568		os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]),
2569			  ETH_ALEN);
2570		wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed);
2571		return;
2572	}
2573
2574	if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL)
2575		return;
2576	event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]);
2577
2578	if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) {
2579		wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
2580			   "event: RSSI high");
2581		ed.signal_change.above_threshold = 1;
2582	} else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) {
2583		wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
2584			   "event: RSSI low");
2585		ed.signal_change.above_threshold = 0;
2586	} else
2587		return;
2588
2589	res = nl80211_get_link_signal(drv, &sig);
2590	if (res == 0) {
2591		ed.signal_change.current_signal = sig.current_signal;
2592		ed.signal_change.current_txrate = sig.current_txrate;
2593		wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm  txrate: %d",
2594			   sig.current_signal, sig.current_txrate);
2595	}
2596
2597	res = nl80211_get_link_noise(drv, &sig);
2598	if (res == 0) {
2599		ed.signal_change.current_noise = sig.current_noise;
2600		wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm",
2601			   sig.current_noise);
2602	}
2603
2604	wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed);
2605}
2606
2607
2608static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv,
2609				      struct nlattr **tb)
2610{
2611	u8 *addr;
2612	union wpa_event_data data;
2613
2614	if (tb[NL80211_ATTR_MAC] == NULL)
2615		return;
2616	addr = nla_data(tb[NL80211_ATTR_MAC]);
2617	wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr));
2618
2619	if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
2620		u8 *ies = NULL;
2621		size_t ies_len = 0;
2622		if (tb[NL80211_ATTR_IE]) {
2623			ies = nla_data(tb[NL80211_ATTR_IE]);
2624			ies_len = nla_len(tb[NL80211_ATTR_IE]);
2625		}
2626		wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len);
2627		drv_event_assoc(drv->ctx, addr, ies, ies_len, 0);
2628		return;
2629	}
2630
2631	if (drv->nlmode != NL80211_IFTYPE_ADHOC)
2632		return;
2633
2634	os_memset(&data, 0, sizeof(data));
2635	os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN);
2636	wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data);
2637}
2638
2639
2640static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv,
2641				      struct nlattr **tb)
2642{
2643	u8 *addr;
2644	union wpa_event_data data;
2645
2646	if (tb[NL80211_ATTR_MAC] == NULL)
2647		return;
2648	addr = nla_data(tb[NL80211_ATTR_MAC]);
2649	wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR,
2650		   MAC2STR(addr));
2651
2652	if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
2653		drv_event_disassoc(drv->ctx, addr);
2654		return;
2655	}
2656
2657	if (drv->nlmode != NL80211_IFTYPE_ADHOC)
2658		return;
2659
2660	os_memset(&data, 0, sizeof(data));
2661	os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN);
2662	wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data);
2663}
2664
2665
2666static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv,
2667					struct nlattr **tb)
2668{
2669	struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA];
2670	static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = {
2671		[NL80211_REKEY_DATA_KEK] = {
2672			.minlen = NL80211_KEK_LEN,
2673			.maxlen = NL80211_KEK_LEN,
2674		},
2675		[NL80211_REKEY_DATA_KCK] = {
2676			.minlen = NL80211_KCK_LEN,
2677			.maxlen = NL80211_KCK_LEN,
2678		},
2679		[NL80211_REKEY_DATA_REPLAY_CTR] = {
2680			.minlen = NL80211_REPLAY_CTR_LEN,
2681			.maxlen = NL80211_REPLAY_CTR_LEN,
2682		},
2683	};
2684	union wpa_event_data data;
2685
2686	if (!tb[NL80211_ATTR_MAC])
2687		return;
2688	if (!tb[NL80211_ATTR_REKEY_DATA])
2689		return;
2690	if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA,
2691			     tb[NL80211_ATTR_REKEY_DATA], rekey_policy))
2692		return;
2693	if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR])
2694		return;
2695
2696	os_memset(&data, 0, sizeof(data));
2697	data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]);
2698	wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR,
2699		   MAC2STR(data.driver_gtk_rekey.bssid));
2700	data.driver_gtk_rekey.replay_ctr =
2701		nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]);
2702	wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter",
2703		    data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN);
2704	wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data);
2705}
2706
2707
2708static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv,
2709					  struct nlattr **tb)
2710{
2711	struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE];
2712	static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = {
2713		[NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 },
2714		[NL80211_PMKSA_CANDIDATE_BSSID] = {
2715			.minlen = ETH_ALEN,
2716			.maxlen = ETH_ALEN,
2717		},
2718		[NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG },
2719	};
2720	union wpa_event_data data;
2721
2722	wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event");
2723
2724	if (!tb[NL80211_ATTR_PMKSA_CANDIDATE])
2725		return;
2726	if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE,
2727			     tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy))
2728		return;
2729	if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] ||
2730	    !cand[NL80211_PMKSA_CANDIDATE_BSSID])
2731		return;
2732
2733	os_memset(&data, 0, sizeof(data));
2734	os_memcpy(data.pmkid_candidate.bssid,
2735		  nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN);
2736	data.pmkid_candidate.index =
2737		nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]);
2738	data.pmkid_candidate.preauth =
2739		cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL;
2740	wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
2741}
2742
2743
2744static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv,
2745				       struct nlattr **tb)
2746{
2747	union wpa_event_data data;
2748
2749	wpa_printf(MSG_DEBUG, "nl80211: Probe client event");
2750
2751	if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK])
2752		return;
2753
2754	os_memset(&data, 0, sizeof(data));
2755	os_memcpy(data.client_poll.addr,
2756		  nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2757
2758	wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data);
2759}
2760
2761
2762static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv,
2763				    struct nlattr **tb)
2764{
2765	union wpa_event_data data;
2766
2767	wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event");
2768
2769	if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION])
2770		return;
2771
2772	os_memset(&data, 0, sizeof(data));
2773	os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2774	switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) {
2775	case NL80211_TDLS_SETUP:
2776		wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer "
2777			   MACSTR, MAC2STR(data.tdls.peer));
2778		data.tdls.oper = TDLS_REQUEST_SETUP;
2779		break;
2780	case NL80211_TDLS_TEARDOWN:
2781		wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer "
2782			   MACSTR, MAC2STR(data.tdls.peer));
2783		data.tdls.oper = TDLS_REQUEST_TEARDOWN;
2784		break;
2785	default:
2786		wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione "
2787			   "event");
2788		return;
2789	}
2790	if (tb[NL80211_ATTR_REASON_CODE]) {
2791		data.tdls.reason_code =
2792			nla_get_u16(tb[NL80211_ATTR_REASON_CODE]);
2793	}
2794
2795	wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data);
2796}
2797
2798
2799static void nl80211_stop_ap(struct wpa_driver_nl80211_data *drv,
2800			    struct nlattr **tb)
2801{
2802	wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_UNAVAILABLE, NULL);
2803}
2804
2805
2806static void nl80211_connect_failed_event(struct wpa_driver_nl80211_data *drv,
2807					 struct nlattr **tb)
2808{
2809	union wpa_event_data data;
2810	u32 reason;
2811
2812	wpa_printf(MSG_DEBUG, "nl80211: Connect failed event");
2813
2814	if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_CONN_FAILED_REASON])
2815		return;
2816
2817	os_memset(&data, 0, sizeof(data));
2818	os_memcpy(data.connect_failed_reason.addr,
2819		  nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2820
2821	reason = nla_get_u32(tb[NL80211_ATTR_CONN_FAILED_REASON]);
2822	switch (reason) {
2823	case NL80211_CONN_FAIL_MAX_CLIENTS:
2824		wpa_printf(MSG_DEBUG, "nl80211: Max client reached");
2825		data.connect_failed_reason.code = MAX_CLIENT_REACHED;
2826		break;
2827	case NL80211_CONN_FAIL_BLOCKED_CLIENT:
2828		wpa_printf(MSG_DEBUG, "nl80211: Blocked client " MACSTR
2829			   " tried to connect",
2830			   MAC2STR(data.connect_failed_reason.addr));
2831		data.connect_failed_reason.code = BLOCKED_CLIENT;
2832		break;
2833	default:
2834		wpa_printf(MSG_DEBUG, "nl8021l: Unknown connect failed reason "
2835			   "%u", reason);
2836		return;
2837	}
2838
2839	wpa_supplicant_event(drv->ctx, EVENT_CONNECT_FAILED_REASON, &data);
2840}
2841
2842
2843static void nl80211_radar_event(struct wpa_driver_nl80211_data *drv,
2844				struct nlattr **tb)
2845{
2846	union wpa_event_data data;
2847	enum nl80211_radar_event event_type;
2848
2849	if (!tb[NL80211_ATTR_WIPHY_FREQ] || !tb[NL80211_ATTR_RADAR_EVENT])
2850		return;
2851
2852	os_memset(&data, 0, sizeof(data));
2853	data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
2854	event_type = nla_get_u32(tb[NL80211_ATTR_RADAR_EVENT]);
2855
2856	/* Check HT params */
2857	if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2858		data.dfs_event.ht_enabled = 1;
2859		data.dfs_event.chan_offset = 0;
2860
2861		switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) {
2862		case NL80211_CHAN_NO_HT:
2863			data.dfs_event.ht_enabled = 0;
2864			break;
2865		case NL80211_CHAN_HT20:
2866			break;
2867		case NL80211_CHAN_HT40PLUS:
2868			data.dfs_event.chan_offset = 1;
2869			break;
2870		case NL80211_CHAN_HT40MINUS:
2871			data.dfs_event.chan_offset = -1;
2872			break;
2873		}
2874	}
2875
2876	/* Get VHT params */
2877	if (tb[NL80211_ATTR_CHANNEL_WIDTH])
2878		data.dfs_event.chan_width =
2879			convert2width(nla_get_u32(
2880					      tb[NL80211_ATTR_CHANNEL_WIDTH]));
2881	if (tb[NL80211_ATTR_CENTER_FREQ1])
2882		data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
2883	if (tb[NL80211_ATTR_CENTER_FREQ2])
2884		data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
2885
2886	wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz",
2887		   data.dfs_event.freq, data.dfs_event.ht_enabled,
2888		   data.dfs_event.chan_offset, data.dfs_event.chan_width,
2889		   data.dfs_event.cf1, data.dfs_event.cf2);
2890
2891	switch (event_type) {
2892	case NL80211_RADAR_DETECTED:
2893		wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data);
2894		break;
2895	case NL80211_RADAR_CAC_FINISHED:
2896		wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data);
2897		break;
2898	case NL80211_RADAR_CAC_ABORTED:
2899		wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data);
2900		break;
2901	case NL80211_RADAR_NOP_FINISHED:
2902		wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data);
2903		break;
2904	default:
2905		wpa_printf(MSG_DEBUG, "nl80211: Unknown radar event %d "
2906			   "received", event_type);
2907		break;
2908	}
2909}
2910
2911
2912static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb,
2913				   int wds)
2914{
2915	struct wpa_driver_nl80211_data *drv = bss->drv;
2916	union wpa_event_data event;
2917
2918	if (!tb[NL80211_ATTR_MAC])
2919		return;
2920
2921	os_memset(&event, 0, sizeof(event));
2922	event.rx_from_unknown.bssid = bss->addr;
2923	event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]);
2924	event.rx_from_unknown.wds = wds;
2925
2926	wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
2927}
2928
2929
2930static void qca_nl80211_avoid_freq(struct wpa_driver_nl80211_data *drv,
2931				   const u8 *data, size_t len)
2932{
2933	u32 i, count;
2934	union wpa_event_data event;
2935	struct wpa_freq_range *range = NULL;
2936	const struct qca_avoid_freq_list *freq_range;
2937
2938	freq_range = (const struct qca_avoid_freq_list *) data;
2939	if (len < sizeof(freq_range->count))
2940		return;
2941
2942	count = freq_range->count;
2943	if (len < sizeof(freq_range->count) +
2944	    count * sizeof(struct qca_avoid_freq_range)) {
2945		wpa_printf(MSG_DEBUG, "nl80211: Ignored too short avoid frequency list (len=%u)",
2946			   (unsigned int) len);
2947		return;
2948	}
2949
2950	if (count > 0) {
2951		range = os_calloc(count, sizeof(struct wpa_freq_range));
2952		if (range == NULL)
2953			return;
2954	}
2955
2956	os_memset(&event, 0, sizeof(event));
2957	for (i = 0; i < count; i++) {
2958		unsigned int idx = event.freq_range.num;
2959		range[idx].min = freq_range->range[i].start_freq;
2960		range[idx].max = freq_range->range[i].end_freq;
2961		wpa_printf(MSG_DEBUG, "nl80211: Avoid frequency range: %u-%u",
2962			   range[idx].min, range[idx].max);
2963		if (range[idx].min > range[idx].max) {
2964			wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid frequency range");
2965			continue;
2966		}
2967		event.freq_range.num++;
2968	}
2969	event.freq_range.range = range;
2970
2971	wpa_supplicant_event(drv->ctx, EVENT_AVOID_FREQUENCIES, &event);
2972
2973	os_free(range);
2974}
2975
2976
2977static void nl80211_vendor_event_qca(struct wpa_driver_nl80211_data *drv,
2978				     u32 subcmd, u8 *data, size_t len)
2979{
2980	switch (subcmd) {
2981	case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY:
2982		qca_nl80211_avoid_freq(drv, data, len);
2983		break;
2984	default:
2985		wpa_printf(MSG_DEBUG,
2986			   "nl80211: Ignore unsupported QCA vendor event %u",
2987			   subcmd);
2988		break;
2989	}
2990}
2991
2992
2993static void nl80211_vendor_event(struct wpa_driver_nl80211_data *drv,
2994				 struct nlattr **tb)
2995{
2996	u32 vendor_id, subcmd, wiphy = 0;
2997	int wiphy_idx;
2998	u8 *data = NULL;
2999	size_t len = 0;
3000
3001	if (!tb[NL80211_ATTR_VENDOR_ID] ||
3002	    !tb[NL80211_ATTR_VENDOR_SUBCMD])
3003		return;
3004
3005	vendor_id = nla_get_u32(tb[NL80211_ATTR_VENDOR_ID]);
3006	subcmd = nla_get_u32(tb[NL80211_ATTR_VENDOR_SUBCMD]);
3007
3008	if (tb[NL80211_ATTR_WIPHY])
3009		wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
3010
3011	wpa_printf(MSG_DEBUG, "nl80211: Vendor event: wiphy=%u vendor_id=0x%x subcmd=%u",
3012		   wiphy, vendor_id, subcmd);
3013
3014	if (tb[NL80211_ATTR_VENDOR_DATA]) {
3015		data = nla_data(tb[NL80211_ATTR_VENDOR_DATA]);
3016		len = nla_len(tb[NL80211_ATTR_VENDOR_DATA]);
3017		wpa_hexdump(MSG_MSGDUMP, "nl80211: Vendor data", data, len);
3018	}
3019
3020	wiphy_idx = nl80211_get_wiphy_index(drv->first_bss);
3021	if (wiphy_idx >= 0 && wiphy_idx != (int) wiphy) {
3022		wpa_printf(MSG_DEBUG, "nl80211: Ignore vendor event for foreign wiphy %u (own: %d)",
3023			   wiphy, wiphy_idx);
3024		return;
3025	}
3026
3027	switch (vendor_id) {
3028	case OUI_QCA:
3029		nl80211_vendor_event_qca(drv, subcmd, data, len);
3030		break;
3031	default:
3032		wpa_printf(MSG_DEBUG, "nl80211: Ignore unsupported vendor event");
3033		break;
3034	}
3035}
3036
3037
3038static void nl80211_reg_change_event(struct wpa_driver_nl80211_data *drv,
3039				     struct nlattr *tb[])
3040{
3041	union wpa_event_data data;
3042	enum nl80211_reg_initiator init;
3043
3044	wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change");
3045
3046	if (tb[NL80211_ATTR_REG_INITIATOR] == NULL)
3047		return;
3048
3049	os_memset(&data, 0, sizeof(data));
3050	init = nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR]);
3051	wpa_printf(MSG_DEBUG, " * initiator=%d", init);
3052	switch (init) {
3053	case NL80211_REGDOM_SET_BY_CORE:
3054		data.channel_list_changed.initiator = REGDOM_SET_BY_CORE;
3055		break;
3056	case NL80211_REGDOM_SET_BY_USER:
3057		data.channel_list_changed.initiator = REGDOM_SET_BY_USER;
3058		break;
3059	case NL80211_REGDOM_SET_BY_DRIVER:
3060		data.channel_list_changed.initiator = REGDOM_SET_BY_DRIVER;
3061		break;
3062	case NL80211_REGDOM_SET_BY_COUNTRY_IE:
3063		data.channel_list_changed.initiator = REGDOM_SET_BY_COUNTRY_IE;
3064		break;
3065	}
3066
3067	if (tb[NL80211_ATTR_REG_TYPE]) {
3068		enum nl80211_reg_type type;
3069		type = nla_get_u8(tb[NL80211_ATTR_REG_TYPE]);
3070		wpa_printf(MSG_DEBUG, " * type=%d", type);
3071		switch (type) {
3072		case NL80211_REGDOM_TYPE_COUNTRY:
3073			data.channel_list_changed.type = REGDOM_TYPE_COUNTRY;
3074			break;
3075		case NL80211_REGDOM_TYPE_WORLD:
3076			data.channel_list_changed.type = REGDOM_TYPE_WORLD;
3077			break;
3078		case NL80211_REGDOM_TYPE_CUSTOM_WORLD:
3079			data.channel_list_changed.type =
3080				REGDOM_TYPE_CUSTOM_WORLD;
3081			break;
3082		case NL80211_REGDOM_TYPE_INTERSECTION:
3083			data.channel_list_changed.type =
3084				REGDOM_TYPE_INTERSECTION;
3085			break;
3086		}
3087	}
3088
3089	if (tb[NL80211_ATTR_REG_ALPHA2]) {
3090		os_strlcpy(data.channel_list_changed.alpha2,
3091			   nla_get_string(tb[NL80211_ATTR_REG_ALPHA2]),
3092			   sizeof(data.channel_list_changed.alpha2));
3093		wpa_printf(MSG_DEBUG, " * alpha2=%s",
3094			   data.channel_list_changed.alpha2);
3095	}
3096
3097	wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, &data);
3098}
3099
3100
3101static void do_process_drv_event(struct i802_bss *bss, int cmd,
3102				 struct nlattr **tb)
3103{
3104	struct wpa_driver_nl80211_data *drv = bss->drv;
3105	union wpa_event_data data;
3106
3107	wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s",
3108		   cmd, nl80211_command_to_string(cmd), bss->ifname);
3109
3110	if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED &&
3111	    (cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
3112	     cmd == NL80211_CMD_SCAN_ABORTED)) {
3113		wpa_driver_nl80211_set_mode(drv->first_bss,
3114					    drv->ap_scan_as_station);
3115		drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
3116	}
3117
3118	switch (cmd) {
3119	case NL80211_CMD_TRIGGER_SCAN:
3120		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan trigger");
3121		drv->scan_state = SCAN_STARTED;
3122		if (drv->scan_for_auth) {
3123			/*
3124			 * Cannot indicate EVENT_SCAN_STARTED here since we skip
3125			 * EVENT_SCAN_RESULTS in scan_for_auth case and the
3126			 * upper layer implementation could get confused about
3127			 * scanning state.
3128			 */
3129			wpa_printf(MSG_DEBUG, "nl80211: Do not indicate scan-start event due to internal scan_for_auth");
3130			break;
3131		}
3132		wpa_supplicant_event(drv->ctx, EVENT_SCAN_STARTED, NULL);
3133		break;
3134	case NL80211_CMD_START_SCHED_SCAN:
3135		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan started");
3136		drv->scan_state = SCHED_SCAN_STARTED;
3137		break;
3138	case NL80211_CMD_SCHED_SCAN_STOPPED:
3139		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan stopped");
3140		drv->scan_state = SCHED_SCAN_STOPPED;
3141		wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL);
3142		break;
3143	case NL80211_CMD_NEW_SCAN_RESULTS:
3144		wpa_dbg(drv->ctx, MSG_DEBUG,
3145			"nl80211: New scan results available");
3146		drv->scan_state = SCAN_COMPLETED;
3147		drv->scan_complete_events = 1;
3148		eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
3149				     drv->ctx);
3150		send_scan_event(drv, 0, tb);
3151		break;
3152	case NL80211_CMD_SCHED_SCAN_RESULTS:
3153		wpa_dbg(drv->ctx, MSG_DEBUG,
3154			"nl80211: New sched scan results available");
3155		drv->scan_state = SCHED_SCAN_RESULTS;
3156		send_scan_event(drv, 0, tb);
3157		break;
3158	case NL80211_CMD_SCAN_ABORTED:
3159		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted");
3160		drv->scan_state = SCAN_ABORTED;
3161		/*
3162		 * Need to indicate that scan results are available in order
3163		 * not to make wpa_supplicant stop its scanning.
3164		 */
3165		eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
3166				     drv->ctx);
3167		send_scan_event(drv, 1, tb);
3168		break;
3169	case NL80211_CMD_AUTHENTICATE:
3170	case NL80211_CMD_ASSOCIATE:
3171	case NL80211_CMD_DEAUTHENTICATE:
3172	case NL80211_CMD_DISASSOCIATE:
3173	case NL80211_CMD_FRAME_TX_STATUS:
3174	case NL80211_CMD_UNPROT_DEAUTHENTICATE:
3175	case NL80211_CMD_UNPROT_DISASSOCIATE:
3176		mlme_event(bss, cmd, tb[NL80211_ATTR_FRAME],
3177			   tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
3178			   tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
3179			   tb[NL80211_ATTR_COOKIE],
3180			   tb[NL80211_ATTR_RX_SIGNAL_DBM]);
3181		break;
3182	case NL80211_CMD_CONNECT:
3183	case NL80211_CMD_ROAM:
3184		mlme_event_connect(drv, cmd,
3185				   tb[NL80211_ATTR_STATUS_CODE],
3186				   tb[NL80211_ATTR_MAC],
3187				   tb[NL80211_ATTR_REQ_IE],
3188				   tb[NL80211_ATTR_RESP_IE]);
3189		break;
3190	case NL80211_CMD_CH_SWITCH_NOTIFY:
3191		mlme_event_ch_switch(drv,
3192				     tb[NL80211_ATTR_IFINDEX],
3193				     tb[NL80211_ATTR_WIPHY_FREQ],
3194				     tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3195				     tb[NL80211_ATTR_CHANNEL_WIDTH],
3196				     tb[NL80211_ATTR_CENTER_FREQ1],
3197				     tb[NL80211_ATTR_CENTER_FREQ2]);
3198		break;
3199	case NL80211_CMD_DISCONNECT:
3200		mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE],
3201				      tb[NL80211_ATTR_MAC],
3202				      tb[NL80211_ATTR_DISCONNECTED_BY_AP]);
3203		break;
3204	case NL80211_CMD_MICHAEL_MIC_FAILURE:
3205		mlme_event_michael_mic_failure(bss, tb);
3206		break;
3207	case NL80211_CMD_JOIN_IBSS:
3208		mlme_event_join_ibss(drv, tb);
3209		break;
3210	case NL80211_CMD_REMAIN_ON_CHANNEL:
3211		mlme_event_remain_on_channel(drv, 0, tb);
3212		break;
3213	case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
3214		mlme_event_remain_on_channel(drv, 1, tb);
3215		break;
3216	case NL80211_CMD_NOTIFY_CQM:
3217		nl80211_cqm_event(drv, tb);
3218		break;
3219	case NL80211_CMD_REG_CHANGE:
3220		nl80211_reg_change_event(drv, tb);
3221		break;
3222	case NL80211_CMD_REG_BEACON_HINT:
3223		wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
3224		os_memset(&data, 0, sizeof(data));
3225		data.channel_list_changed.initiator = REGDOM_BEACON_HINT;
3226		wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
3227				     &data);
3228		break;
3229	case NL80211_CMD_NEW_STATION:
3230		nl80211_new_station_event(drv, tb);
3231		break;
3232	case NL80211_CMD_DEL_STATION:
3233		nl80211_del_station_event(drv, tb);
3234		break;
3235	case NL80211_CMD_SET_REKEY_OFFLOAD:
3236		nl80211_rekey_offload_event(drv, tb);
3237		break;
3238	case NL80211_CMD_PMKSA_CANDIDATE:
3239		nl80211_pmksa_candidate_event(drv, tb);
3240		break;
3241	case NL80211_CMD_PROBE_CLIENT:
3242		nl80211_client_probe_event(drv, tb);
3243		break;
3244	case NL80211_CMD_TDLS_OPER:
3245		nl80211_tdls_oper_event(drv, tb);
3246		break;
3247	case NL80211_CMD_CONN_FAILED:
3248		nl80211_connect_failed_event(drv, tb);
3249		break;
3250	case NL80211_CMD_FT_EVENT:
3251		mlme_event_ft_event(drv, tb);
3252		break;
3253	case NL80211_CMD_RADAR_DETECT:
3254		nl80211_radar_event(drv, tb);
3255		break;
3256	case NL80211_CMD_STOP_AP:
3257		nl80211_stop_ap(drv, tb);
3258		break;
3259	case NL80211_CMD_VENDOR:
3260		nl80211_vendor_event(drv, tb);
3261		break;
3262	default:
3263		wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event "
3264			"(cmd=%d)", cmd);
3265		break;
3266	}
3267}
3268
3269
3270static int process_drv_event(struct nl_msg *msg, void *arg)
3271{
3272	struct wpa_driver_nl80211_data *drv = arg;
3273	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3274	struct nlattr *tb[NL80211_ATTR_MAX + 1];
3275	struct i802_bss *bss;
3276	int ifidx = -1;
3277
3278	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3279		  genlmsg_attrlen(gnlh, 0), NULL);
3280
3281	if (tb[NL80211_ATTR_IFINDEX]) {
3282		ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3283
3284		for (bss = drv->first_bss; bss; bss = bss->next)
3285			if (ifidx == -1 || ifidx == bss->ifindex) {
3286				do_process_drv_event(bss, gnlh->cmd, tb);
3287				return NL_SKIP;
3288			}
3289		wpa_printf(MSG_DEBUG,
3290			   "nl80211: Ignored event (cmd=%d) for foreign interface (ifindex %d)",
3291			   gnlh->cmd, ifidx);
3292	} else if (tb[NL80211_ATTR_WDEV]) {
3293		u64 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
3294		wpa_printf(MSG_DEBUG, "nl80211: Process event on P2P device");
3295		for (bss = drv->first_bss; bss; bss = bss->next) {
3296			if (bss->wdev_id_set && wdev_id == bss->wdev_id) {
3297				do_process_drv_event(bss, gnlh->cmd, tb);
3298				return NL_SKIP;
3299			}
3300		}
3301		wpa_printf(MSG_DEBUG,
3302			   "nl80211: Ignored event (cmd=%d) for foreign interface (wdev 0x%llx)",
3303			   gnlh->cmd, (long long unsigned int) wdev_id);
3304	}
3305
3306	return NL_SKIP;
3307}
3308
3309
3310static int process_global_event(struct nl_msg *msg, void *arg)
3311{
3312	struct nl80211_global *global = arg;
3313	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3314	struct nlattr *tb[NL80211_ATTR_MAX + 1];
3315	struct wpa_driver_nl80211_data *drv, *tmp;
3316	int ifidx = -1;
3317	struct i802_bss *bss;
3318	u64 wdev_id = 0;
3319	int wdev_id_set = 0;
3320
3321	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3322		  genlmsg_attrlen(gnlh, 0), NULL);
3323
3324	if (tb[NL80211_ATTR_IFINDEX])
3325		ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3326	else if (tb[NL80211_ATTR_WDEV]) {
3327		wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
3328		wdev_id_set = 1;
3329	}
3330
3331	dl_list_for_each_safe(drv, tmp, &global->interfaces,
3332			      struct wpa_driver_nl80211_data, list) {
3333		for (bss = drv->first_bss; bss; bss = bss->next) {
3334			if ((ifidx == -1 && !wdev_id_set) ||
3335			    ifidx == bss->ifindex ||
3336			    (wdev_id_set && bss->wdev_id_set &&
3337			     wdev_id == bss->wdev_id)) {
3338				do_process_drv_event(bss, gnlh->cmd, tb);
3339				return NL_SKIP;
3340			}
3341		}
3342	}
3343
3344	return NL_SKIP;
3345}
3346
3347
3348static int process_bss_event(struct nl_msg *msg, void *arg)
3349{
3350	struct i802_bss *bss = arg;
3351	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3352	struct nlattr *tb[NL80211_ATTR_MAX + 1];
3353
3354	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3355		  genlmsg_attrlen(gnlh, 0), NULL);
3356
3357	wpa_printf(MSG_DEBUG, "nl80211: BSS Event %d (%s) received for %s",
3358		   gnlh->cmd, nl80211_command_to_string(gnlh->cmd),
3359		   bss->ifname);
3360
3361	switch (gnlh->cmd) {
3362	case NL80211_CMD_FRAME:
3363	case NL80211_CMD_FRAME_TX_STATUS:
3364		mlme_event(bss, gnlh->cmd, tb[NL80211_ATTR_FRAME],
3365			   tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
3366			   tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
3367			   tb[NL80211_ATTR_COOKIE],
3368			   tb[NL80211_ATTR_RX_SIGNAL_DBM]);
3369		break;
3370	case NL80211_CMD_UNEXPECTED_FRAME:
3371		nl80211_spurious_frame(bss, tb, 0);
3372		break;
3373	case NL80211_CMD_UNEXPECTED_4ADDR_FRAME:
3374		nl80211_spurious_frame(bss, tb, 1);
3375		break;
3376	default:
3377		wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
3378			   "(cmd=%d)", gnlh->cmd);
3379		break;
3380	}
3381
3382	return NL_SKIP;
3383}
3384
3385
3386static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
3387					     void *handle)
3388{
3389	struct nl_cb *cb = eloop_ctx;
3390	int res;
3391
3392	wpa_printf(MSG_MSGDUMP, "nl80211: Event message available");
3393
3394	res = nl_recvmsgs(handle, cb);
3395	if (res < 0) {
3396		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
3397			   __func__, res);
3398	}
3399}
3400
3401
3402/**
3403 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
3404 * @priv: driver_nl80211 private data
3405 * @alpha2_arg: country to which to switch to
3406 * Returns: 0 on success, -1 on failure
3407 *
3408 * This asks nl80211 to set the regulatory domain for given
3409 * country ISO / IEC alpha2.
3410 */
3411static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
3412{
3413	struct i802_bss *bss = priv;
3414	struct wpa_driver_nl80211_data *drv = bss->drv;
3415	char alpha2[3];
3416	struct nl_msg *msg;
3417
3418	msg = nlmsg_alloc();
3419	if (!msg)
3420		return -ENOMEM;
3421
3422	alpha2[0] = alpha2_arg[0];
3423	alpha2[1] = alpha2_arg[1];
3424	alpha2[2] = '\0';
3425
3426	nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG);
3427
3428	NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
3429	if (send_and_recv_msgs(drv, msg, NULL, NULL))
3430		return -EINVAL;
3431	return 0;
3432nla_put_failure:
3433	nlmsg_free(msg);
3434	return -EINVAL;
3435}
3436
3437
3438static int nl80211_get_country(struct nl_msg *msg, void *arg)
3439{
3440	char *alpha2 = arg;
3441	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
3442	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3443
3444	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3445		  genlmsg_attrlen(gnlh, 0), NULL);
3446	if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) {
3447		wpa_printf(MSG_DEBUG, "nl80211: No country information available");
3448		return NL_SKIP;
3449	}
3450	os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3);
3451	return NL_SKIP;
3452}
3453
3454
3455static int wpa_driver_nl80211_get_country(void *priv, char *alpha2)
3456{
3457	struct i802_bss *bss = priv;
3458	struct wpa_driver_nl80211_data *drv = bss->drv;
3459	struct nl_msg *msg;
3460	int ret;
3461
3462	msg = nlmsg_alloc();
3463	if (!msg)
3464		return -ENOMEM;
3465
3466	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG);
3467	alpha2[0] = '\0';
3468	ret = send_and_recv_msgs(drv, msg, nl80211_get_country, alpha2);
3469	if (!alpha2[0])
3470		ret = -1;
3471
3472	return ret;
3473}
3474
3475
3476static int protocol_feature_handler(struct nl_msg *msg, void *arg)
3477{
3478	u32 *feat = arg;
3479	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
3480	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3481
3482	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3483		  genlmsg_attrlen(gnlh, 0), NULL);
3484
3485	if (tb_msg[NL80211_ATTR_PROTOCOL_FEATURES])
3486		*feat = nla_get_u32(tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]);
3487
3488	return NL_SKIP;
3489}
3490
3491
3492static u32 get_nl80211_protocol_features(struct wpa_driver_nl80211_data *drv)
3493{
3494	u32 feat = 0;
3495	struct nl_msg *msg;
3496
3497	msg = nlmsg_alloc();
3498	if (!msg)
3499		goto nla_put_failure;
3500
3501	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_PROTOCOL_FEATURES);
3502	if (send_and_recv_msgs(drv, msg, protocol_feature_handler, &feat) == 0)
3503		return feat;
3504
3505	msg = NULL;
3506nla_put_failure:
3507	nlmsg_free(msg);
3508	return 0;
3509}
3510
3511
3512struct wiphy_info_data {
3513	struct wpa_driver_nl80211_data *drv;
3514	struct wpa_driver_capa *capa;
3515
3516	unsigned int num_multichan_concurrent;
3517
3518	unsigned int error:1;
3519	unsigned int device_ap_sme:1;
3520	unsigned int poll_command_supported:1;
3521	unsigned int data_tx_status:1;
3522	unsigned int monitor_supported:1;
3523	unsigned int auth_supported:1;
3524	unsigned int connect_supported:1;
3525	unsigned int p2p_go_supported:1;
3526	unsigned int p2p_client_supported:1;
3527	unsigned int p2p_concurrent:1;
3528	unsigned int channel_switch_supported:1;
3529	unsigned int set_qos_map_supported:1;
3530	unsigned int have_low_prio_scan:1;
3531};
3532
3533
3534static unsigned int probe_resp_offload_support(int supp_protocols)
3535{
3536	unsigned int prot = 0;
3537
3538	if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS)
3539		prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS;
3540	if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2)
3541		prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2;
3542	if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P)
3543		prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P;
3544	if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U)
3545		prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING;
3546
3547	return prot;
3548}
3549
3550
3551static void wiphy_info_supported_iftypes(struct wiphy_info_data *info,
3552					 struct nlattr *tb)
3553{
3554	struct nlattr *nl_mode;
3555	int i;
3556
3557	if (tb == NULL)
3558		return;
3559
3560	nla_for_each_nested(nl_mode, tb, i) {
3561		switch (nla_type(nl_mode)) {
3562		case NL80211_IFTYPE_AP:
3563			info->capa->flags |= WPA_DRIVER_FLAGS_AP;
3564			break;
3565		case NL80211_IFTYPE_ADHOC:
3566			info->capa->flags |= WPA_DRIVER_FLAGS_IBSS;
3567			break;
3568		case NL80211_IFTYPE_P2P_DEVICE:
3569			info->capa->flags |=
3570				WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE;
3571			break;
3572		case NL80211_IFTYPE_P2P_GO:
3573			info->p2p_go_supported = 1;
3574			break;
3575		case NL80211_IFTYPE_P2P_CLIENT:
3576			info->p2p_client_supported = 1;
3577			break;
3578		case NL80211_IFTYPE_MONITOR:
3579			info->monitor_supported = 1;
3580			break;
3581		}
3582	}
3583}
3584
3585
3586static int wiphy_info_iface_comb_process(struct wiphy_info_data *info,
3587					 struct nlattr *nl_combi)
3588{
3589	struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB];
3590	struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT];
3591	struct nlattr *nl_limit, *nl_mode;
3592	int err, rem_limit, rem_mode;
3593	int combination_has_p2p = 0, combination_has_mgd = 0;
3594	static struct nla_policy
3595	iface_combination_policy[NUM_NL80211_IFACE_COMB] = {
3596		[NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED },
3597		[NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 },
3598		[NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG },
3599		[NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 },
3600		[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS] = { .type = NLA_U32 },
3601	},
3602	iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = {
3603		[NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED },
3604		[NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 },
3605	};
3606
3607	err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB,
3608			       nl_combi, iface_combination_policy);
3609	if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] ||
3610	    !tb_comb[NL80211_IFACE_COMB_MAXNUM] ||
3611	    !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS])
3612		return 0; /* broken combination */
3613
3614	if (tb_comb[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS])
3615		info->capa->flags |= WPA_DRIVER_FLAGS_RADAR;
3616
3617	nla_for_each_nested(nl_limit, tb_comb[NL80211_IFACE_COMB_LIMITS],
3618			    rem_limit) {
3619		err = nla_parse_nested(tb_limit, MAX_NL80211_IFACE_LIMIT,
3620				       nl_limit, iface_limit_policy);
3621		if (err || !tb_limit[NL80211_IFACE_LIMIT_TYPES])
3622			return 0; /* broken combination */
3623
3624		nla_for_each_nested(nl_mode,
3625				    tb_limit[NL80211_IFACE_LIMIT_TYPES],
3626				    rem_mode) {
3627			int ift = nla_type(nl_mode);
3628			if (ift == NL80211_IFTYPE_P2P_GO ||
3629			    ift == NL80211_IFTYPE_P2P_CLIENT)
3630				combination_has_p2p = 1;
3631			if (ift == NL80211_IFTYPE_STATION)
3632				combination_has_mgd = 1;
3633		}
3634		if (combination_has_p2p && combination_has_mgd)
3635			break;
3636	}
3637
3638	if (combination_has_p2p && combination_has_mgd) {
3639		unsigned int num_channels =
3640			nla_get_u32(tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]);
3641
3642		info->p2p_concurrent = 1;
3643		if (info->num_multichan_concurrent < num_channels)
3644			info->num_multichan_concurrent = num_channels;
3645	}
3646
3647	return 0;
3648}
3649
3650
3651static void wiphy_info_iface_comb(struct wiphy_info_data *info,
3652				  struct nlattr *tb)
3653{
3654	struct nlattr *nl_combi;
3655	int rem_combi;
3656
3657	if (tb == NULL)
3658		return;
3659
3660	nla_for_each_nested(nl_combi, tb, rem_combi) {
3661		if (wiphy_info_iface_comb_process(info, nl_combi) > 0)
3662			break;
3663	}
3664}
3665
3666
3667static void wiphy_info_supp_cmds(struct wiphy_info_data *info,
3668				 struct nlattr *tb)
3669{
3670	struct nlattr *nl_cmd;
3671	int i;
3672
3673	if (tb == NULL)
3674		return;
3675
3676	nla_for_each_nested(nl_cmd, tb, i) {
3677		switch (nla_get_u32(nl_cmd)) {
3678		case NL80211_CMD_AUTHENTICATE:
3679			info->auth_supported = 1;
3680			break;
3681		case NL80211_CMD_CONNECT:
3682			info->connect_supported = 1;
3683			break;
3684		case NL80211_CMD_START_SCHED_SCAN:
3685			info->capa->sched_scan_supported = 1;
3686			break;
3687		case NL80211_CMD_PROBE_CLIENT:
3688			info->poll_command_supported = 1;
3689			break;
3690		case NL80211_CMD_CHANNEL_SWITCH:
3691			info->channel_switch_supported = 1;
3692			break;
3693		case NL80211_CMD_SET_QOS_MAP:
3694			info->set_qos_map_supported = 1;
3695			break;
3696		}
3697	}
3698}
3699
3700
3701static void wiphy_info_cipher_suites(struct wiphy_info_data *info,
3702				     struct nlattr *tb)
3703{
3704	int i, num;
3705	u32 *ciphers;
3706
3707	if (tb == NULL)
3708		return;
3709
3710	num = nla_len(tb) / sizeof(u32);
3711	ciphers = nla_data(tb);
3712	for (i = 0; i < num; i++) {
3713		u32 c = ciphers[i];
3714
3715		wpa_printf(MSG_DEBUG, "nl80211: Supported cipher %02x-%02x-%02x:%d",
3716			   c >> 24, (c >> 16) & 0xff,
3717			   (c >> 8) & 0xff, c & 0xff);
3718		switch (c) {
3719		case WLAN_CIPHER_SUITE_CCMP_256:
3720			info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP_256;
3721			break;
3722		case WLAN_CIPHER_SUITE_GCMP_256:
3723			info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP_256;
3724			break;
3725		case WLAN_CIPHER_SUITE_CCMP:
3726			info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP;
3727			break;
3728		case WLAN_CIPHER_SUITE_GCMP:
3729			info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP;
3730			break;
3731		case WLAN_CIPHER_SUITE_TKIP:
3732			info->capa->enc |= WPA_DRIVER_CAPA_ENC_TKIP;
3733			break;
3734		case WLAN_CIPHER_SUITE_WEP104:
3735			info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP104;
3736			break;
3737		case WLAN_CIPHER_SUITE_WEP40:
3738			info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP40;
3739			break;
3740		case WLAN_CIPHER_SUITE_AES_CMAC:
3741			info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP;
3742			break;
3743		case WLAN_CIPHER_SUITE_BIP_GMAC_128:
3744			info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_128;
3745			break;
3746		case WLAN_CIPHER_SUITE_BIP_GMAC_256:
3747			info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_256;
3748			break;
3749		case WLAN_CIPHER_SUITE_BIP_CMAC_256:
3750			info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_CMAC_256;
3751			break;
3752		case WLAN_CIPHER_SUITE_NO_GROUP_ADDR:
3753			info->capa->enc |= WPA_DRIVER_CAPA_ENC_GTK_NOT_USED;
3754			break;
3755		}
3756	}
3757}
3758
3759
3760static void wiphy_info_max_roc(struct wpa_driver_capa *capa,
3761			       struct nlattr *tb)
3762{
3763	if (tb)
3764		capa->max_remain_on_chan = nla_get_u32(tb);
3765}
3766
3767
3768static void wiphy_info_tdls(struct wpa_driver_capa *capa, struct nlattr *tdls,
3769			    struct nlattr *ext_setup)
3770{
3771	if (tdls == NULL)
3772		return;
3773
3774	wpa_printf(MSG_DEBUG, "nl80211: TDLS supported");
3775	capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT;
3776
3777	if (ext_setup) {
3778		wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup");
3779		capa->flags |= WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP;
3780	}
3781}
3782
3783
3784static void wiphy_info_feature_flags(struct wiphy_info_data *info,
3785				     struct nlattr *tb)
3786{
3787	u32 flags;
3788	struct wpa_driver_capa *capa = info->capa;
3789
3790	if (tb == NULL)
3791		return;
3792
3793	flags = nla_get_u32(tb);
3794
3795	if (flags & NL80211_FEATURE_SK_TX_STATUS)
3796		info->data_tx_status = 1;
3797
3798	if (flags & NL80211_FEATURE_INACTIVITY_TIMER)
3799		capa->flags |= WPA_DRIVER_FLAGS_INACTIVITY_TIMER;
3800
3801	if (flags & NL80211_FEATURE_SAE)
3802		capa->flags |= WPA_DRIVER_FLAGS_SAE;
3803
3804	if (flags & NL80211_FEATURE_NEED_OBSS_SCAN)
3805		capa->flags |= WPA_DRIVER_FLAGS_OBSS_SCAN;
3806
3807	if (flags & NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)
3808		capa->flags |= WPA_DRIVER_FLAGS_HT_2040_COEX;
3809
3810	if (flags & NL80211_FEATURE_LOW_PRIORITY_SCAN)
3811		info->have_low_prio_scan = 1;
3812}
3813
3814
3815static void wiphy_info_probe_resp_offload(struct wpa_driver_capa *capa,
3816					  struct nlattr *tb)
3817{
3818	u32 protocols;
3819
3820	if (tb == NULL)
3821		return;
3822
3823	protocols = nla_get_u32(tb);
3824	wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response offload in AP "
3825		   "mode");
3826	capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD;
3827	capa->probe_resp_offloads = probe_resp_offload_support(protocols);
3828}
3829
3830
3831static void wiphy_info_wowlan_triggers(struct wpa_driver_capa *capa,
3832				       struct nlattr *tb)
3833{
3834	struct nlattr *triggers[MAX_NL80211_WOWLAN_TRIG + 1];
3835
3836	if (tb == NULL)
3837		return;
3838
3839	if (nla_parse_nested(triggers, MAX_NL80211_WOWLAN_TRIG,
3840			     tb, NULL))
3841		return;
3842
3843	if (triggers[NL80211_WOWLAN_TRIG_ANY])
3844		capa->wowlan_triggers.any = 1;
3845	if (triggers[NL80211_WOWLAN_TRIG_DISCONNECT])
3846		capa->wowlan_triggers.disconnect = 1;
3847	if (triggers[NL80211_WOWLAN_TRIG_MAGIC_PKT])
3848		capa->wowlan_triggers.magic_pkt = 1;
3849	if (triggers[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE])
3850		capa->wowlan_triggers.gtk_rekey_failure = 1;
3851	if (triggers[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST])
3852		capa->wowlan_triggers.eap_identity_req = 1;
3853	if (triggers[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE])
3854		capa->wowlan_triggers.four_way_handshake = 1;
3855	if (triggers[NL80211_WOWLAN_TRIG_RFKILL_RELEASE])
3856		capa->wowlan_triggers.rfkill_release = 1;
3857}
3858
3859
3860static int wiphy_info_handler(struct nl_msg *msg, void *arg)
3861{
3862	struct nlattr *tb[NL80211_ATTR_MAX + 1];
3863	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3864	struct wiphy_info_data *info = arg;
3865	struct wpa_driver_capa *capa = info->capa;
3866	struct wpa_driver_nl80211_data *drv = info->drv;
3867
3868	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3869		  genlmsg_attrlen(gnlh, 0), NULL);
3870
3871	if (tb[NL80211_ATTR_WIPHY_NAME])
3872		os_strlcpy(drv->phyname,
3873			   nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]),
3874			   sizeof(drv->phyname));
3875	if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
3876		capa->max_scan_ssids =
3877			nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
3878
3879	if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS])
3880		capa->max_sched_scan_ssids =
3881			nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]);
3882
3883	if (tb[NL80211_ATTR_MAX_MATCH_SETS])
3884		capa->max_match_sets =
3885			nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]);
3886
3887	if (tb[NL80211_ATTR_MAC_ACL_MAX])
3888		capa->max_acl_mac_addrs =
3889			nla_get_u8(tb[NL80211_ATTR_MAC_ACL_MAX]);
3890
3891	wiphy_info_supported_iftypes(info, tb[NL80211_ATTR_SUPPORTED_IFTYPES]);
3892	wiphy_info_iface_comb(info, tb[NL80211_ATTR_INTERFACE_COMBINATIONS]);
3893	wiphy_info_supp_cmds(info, tb[NL80211_ATTR_SUPPORTED_COMMANDS]);
3894	wiphy_info_cipher_suites(info, tb[NL80211_ATTR_CIPHER_SUITES]);
3895
3896	if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) {
3897		wpa_printf(MSG_DEBUG, "nl80211: Using driver-based "
3898			   "off-channel TX");
3899		capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
3900	}
3901
3902	if (tb[NL80211_ATTR_ROAM_SUPPORT]) {
3903		wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming");
3904		capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION;
3905	}
3906
3907	wiphy_info_max_roc(capa,
3908			   tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]);
3909
3910	if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD])
3911		capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD;
3912
3913	wiphy_info_tdls(capa, tb[NL80211_ATTR_TDLS_SUPPORT],
3914			tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]);
3915
3916	if (tb[NL80211_ATTR_DEVICE_AP_SME])
3917		info->device_ap_sme = 1;
3918
3919	wiphy_info_feature_flags(info, tb[NL80211_ATTR_FEATURE_FLAGS]);
3920	wiphy_info_probe_resp_offload(capa,
3921				      tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]);
3922
3923	if (tb[NL80211_ATTR_EXT_CAPA] && tb[NL80211_ATTR_EXT_CAPA_MASK] &&
3924	    drv->extended_capa == NULL) {
3925		drv->extended_capa =
3926			os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3927		if (drv->extended_capa) {
3928			os_memcpy(drv->extended_capa,
3929				  nla_data(tb[NL80211_ATTR_EXT_CAPA]),
3930				  nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3931			drv->extended_capa_len =
3932				nla_len(tb[NL80211_ATTR_EXT_CAPA]);
3933		}
3934		drv->extended_capa_mask =
3935			os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3936		if (drv->extended_capa_mask) {
3937			os_memcpy(drv->extended_capa_mask,
3938				  nla_data(tb[NL80211_ATTR_EXT_CAPA]),
3939				  nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3940		} else {
3941			os_free(drv->extended_capa);
3942			drv->extended_capa = NULL;
3943			drv->extended_capa_len = 0;
3944		}
3945	}
3946
3947	if (tb[NL80211_ATTR_VENDOR_DATA]) {
3948		struct nlattr *nl;
3949		int rem;
3950
3951		nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_DATA], rem) {
3952			struct nl80211_vendor_cmd_info *vinfo;
3953			if (nla_len(nl) != sizeof(*vinfo)) {
3954				wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info");
3955				continue;
3956			}
3957			vinfo = nla_data(nl);
3958			switch (vinfo->subcmd) {
3959			case QCA_NL80211_VENDOR_SUBCMD_ROAMING:
3960				drv->roaming_vendor_cmd_avail = 1;
3961				break;
3962			case QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY:
3963				drv->dfs_vendor_cmd_avail = 1;
3964				break;
3965			}
3966
3967			wpa_printf(MSG_DEBUG, "nl80211: Supported vendor command: vendor_id=0x%x subcmd=%u",
3968				   vinfo->vendor_id, vinfo->subcmd);
3969		}
3970	}
3971
3972	if (tb[NL80211_ATTR_VENDOR_EVENTS]) {
3973		struct nlattr *nl;
3974		int rem;
3975
3976		nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_EVENTS], rem) {
3977			struct nl80211_vendor_cmd_info *vinfo;
3978			if (nla_len(nl) != sizeof(*vinfo)) {
3979				wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info");
3980				continue;
3981			}
3982			vinfo = nla_data(nl);
3983			wpa_printf(MSG_DEBUG, "nl80211: Supported vendor event: vendor_id=0x%x subcmd=%u",
3984				   vinfo->vendor_id, vinfo->subcmd);
3985		}
3986	}
3987
3988	wiphy_info_wowlan_triggers(capa,
3989				   tb[NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED]);
3990
3991	if (tb[NL80211_ATTR_MAX_AP_ASSOC_STA])
3992		capa->max_stations =
3993			nla_get_u32(tb[NL80211_ATTR_MAX_AP_ASSOC_STA]);
3994
3995	return NL_SKIP;
3996}
3997
3998
3999static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
4000				       struct wiphy_info_data *info)
4001{
4002	u32 feat;
4003	struct nl_msg *msg;
4004
4005	os_memset(info, 0, sizeof(*info));
4006	info->capa = &drv->capa;
4007	info->drv = drv;
4008
4009	msg = nlmsg_alloc();
4010	if (!msg)
4011		return -1;
4012
4013	feat = get_nl80211_protocol_features(drv);
4014	if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP)
4015		nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY);
4016	else
4017		nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
4018
4019	NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP);
4020	if (nl80211_set_iface_id(msg, drv->first_bss) < 0)
4021		goto nla_put_failure;
4022
4023	if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info))
4024		return -1;
4025
4026	if (info->auth_supported)
4027		drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
4028	else if (!info->connect_supported) {
4029		wpa_printf(MSG_INFO, "nl80211: Driver does not support "
4030			   "authentication/association or connect commands");
4031		info->error = 1;
4032	}
4033
4034	if (info->p2p_go_supported && info->p2p_client_supported)
4035		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE;
4036	if (info->p2p_concurrent) {
4037		wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
4038			   "interface (driver advertised support)");
4039		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
4040		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
4041	}
4042	if (info->num_multichan_concurrent > 1) {
4043		wpa_printf(MSG_DEBUG, "nl80211: Enable multi-channel "
4044			   "concurrent (driver advertised support)");
4045		drv->capa.num_multichan_concurrent =
4046			info->num_multichan_concurrent;
4047	}
4048
4049	/* default to 5000 since early versions of mac80211 don't set it */
4050	if (!drv->capa.max_remain_on_chan)
4051		drv->capa.max_remain_on_chan = 5000;
4052
4053	if (info->channel_switch_supported)
4054		drv->capa.flags |= WPA_DRIVER_FLAGS_AP_CSA;
4055
4056	return 0;
4057nla_put_failure:
4058	nlmsg_free(msg);
4059	return -1;
4060}
4061
4062
4063static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
4064{
4065	struct wiphy_info_data info;
4066	if (wpa_driver_nl80211_get_info(drv, &info))
4067		return -1;
4068
4069	if (info.error)
4070		return -1;
4071
4072	drv->has_capability = 1;
4073	drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
4074		WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
4075		WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
4076		WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
4077	drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
4078		WPA_DRIVER_AUTH_SHARED |
4079		WPA_DRIVER_AUTH_LEAP;
4080
4081	drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES;
4082	drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
4083	drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
4084
4085	/*
4086	 * As all cfg80211 drivers must support cases where the AP interface is
4087	 * removed without the knowledge of wpa_supplicant/hostapd, e.g., in
4088	 * case that the user space daemon has crashed, they must be able to
4089	 * cleanup all stations and key entries in the AP tear down flow. Thus,
4090	 * this flag can/should always be set for cfg80211 drivers.
4091	 */
4092	drv->capa.flags |= WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT;
4093
4094	if (!info.device_ap_sme) {
4095		drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS;
4096
4097		/*
4098		 * No AP SME is currently assumed to also indicate no AP MLME
4099		 * in the driver/firmware.
4100		 */
4101		drv->capa.flags |= WPA_DRIVER_FLAGS_AP_MLME;
4102	}
4103
4104	drv->device_ap_sme = info.device_ap_sme;
4105	drv->poll_command_supported = info.poll_command_supported;
4106	drv->data_tx_status = info.data_tx_status;
4107	if (info.set_qos_map_supported)
4108		drv->capa.flags |= WPA_DRIVER_FLAGS_QOS_MAPPING;
4109	drv->have_low_prio_scan = info.have_low_prio_scan;
4110
4111	/*
4112	 * If poll command and tx status are supported, mac80211 is new enough
4113	 * to have everything we need to not need monitor interfaces.
4114	 */
4115	drv->use_monitor = !info.poll_command_supported || !info.data_tx_status;
4116
4117	if (drv->device_ap_sme && drv->use_monitor) {
4118		/*
4119		 * Non-mac80211 drivers may not support monitor interface.
4120		 * Make sure we do not get stuck with incorrect capability here
4121		 * by explicitly testing this.
4122		 */
4123		if (!info.monitor_supported) {
4124			wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor "
4125				   "with device_ap_sme since no monitor mode "
4126				   "support detected");
4127			drv->use_monitor = 0;
4128		}
4129	}
4130
4131	/*
4132	 * If we aren't going to use monitor interfaces, but the
4133	 * driver doesn't support data TX status, we won't get TX
4134	 * status for EAPOL frames.
4135	 */
4136	if (!drv->use_monitor && !info.data_tx_status)
4137		drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
4138
4139	return 0;
4140}
4141
4142
4143#ifdef ANDROID
4144static int android_genl_ctrl_resolve(struct nl_handle *handle,
4145				     const char *name)
4146{
4147	/*
4148	 * Android ICS has very minimal genl_ctrl_resolve() implementation, so
4149	 * need to work around that.
4150	 */
4151	struct nl_cache *cache = NULL;
4152	struct genl_family *nl80211 = NULL;
4153	int id = -1;
4154
4155	if (genl_ctrl_alloc_cache(handle, &cache) < 0) {
4156		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
4157			   "netlink cache");
4158		goto fail;
4159	}
4160
4161	nl80211 = genl_ctrl_search_by_name(cache, name);
4162	if (nl80211 == NULL)
4163		goto fail;
4164
4165	id = genl_family_get_id(nl80211);
4166
4167fail:
4168	if (nl80211)
4169		genl_family_put(nl80211);
4170	if (cache)
4171		nl_cache_free(cache);
4172
4173	return id;
4174}
4175#define genl_ctrl_resolve android_genl_ctrl_resolve
4176#endif /* ANDROID */
4177
4178
4179static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
4180{
4181	int ret;
4182
4183	global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
4184	if (global->nl_cb == NULL) {
4185		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
4186			   "callbacks");
4187		return -1;
4188	}
4189
4190	global->nl = nl_create_handle(global->nl_cb, "nl");
4191	if (global->nl == NULL)
4192		goto err;
4193
4194	global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211");
4195	if (global->nl80211_id < 0) {
4196		wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
4197			   "found");
4198		goto err;
4199	}
4200
4201	global->nl_event = nl_create_handle(global->nl_cb, "event");
4202	if (global->nl_event == NULL)
4203		goto err;
4204
4205	ret = nl_get_multicast_id(global, "nl80211", "scan");
4206	if (ret >= 0)
4207		ret = nl_socket_add_membership(global->nl_event, ret);
4208	if (ret < 0) {
4209		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
4210			   "membership for scan events: %d (%s)",
4211			   ret, strerror(-ret));
4212		goto err;
4213	}
4214
4215	ret = nl_get_multicast_id(global, "nl80211", "mlme");
4216	if (ret >= 0)
4217		ret = nl_socket_add_membership(global->nl_event, ret);
4218	if (ret < 0) {
4219		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
4220			   "membership for mlme events: %d (%s)",
4221			   ret, strerror(-ret));
4222		goto err;
4223	}
4224
4225	ret = nl_get_multicast_id(global, "nl80211", "regulatory");
4226	if (ret >= 0)
4227		ret = nl_socket_add_membership(global->nl_event, ret);
4228	if (ret < 0) {
4229		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
4230			   "membership for regulatory events: %d (%s)",
4231			   ret, strerror(-ret));
4232		/* Continue without regulatory events */
4233	}
4234
4235	ret = nl_get_multicast_id(global, "nl80211", "vendor");
4236	if (ret >= 0)
4237		ret = nl_socket_add_membership(global->nl_event, ret);
4238	if (ret < 0) {
4239		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
4240			   "membership for vendor events: %d (%s)",
4241			   ret, strerror(-ret));
4242		/* Continue without vendor events */
4243	}
4244
4245	nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
4246		  no_seq_check, NULL);
4247	nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
4248		  process_global_event, global);
4249
4250	nl80211_register_eloop_read(&global->nl_event,
4251				    wpa_driver_nl80211_event_receive,
4252				    global->nl_cb);
4253
4254	return 0;
4255
4256err:
4257	nl_destroy_handles(&global->nl_event);
4258	nl_destroy_handles(&global->nl);
4259	nl_cb_put(global->nl_cb);
4260	global->nl_cb = NULL;
4261	return -1;
4262}
4263
4264
4265static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
4266{
4267	drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
4268	if (!drv->nl_cb) {
4269		wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct");
4270		return -1;
4271	}
4272
4273	nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
4274		  no_seq_check, NULL);
4275	nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
4276		  process_drv_event, drv);
4277
4278	return 0;
4279}
4280
4281
4282static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
4283{
4284	wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
4285	/*
4286	 * This may be for any interface; use ifdown event to disable
4287	 * interface.
4288	 */
4289}
4290
4291
4292static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
4293{
4294	struct wpa_driver_nl80211_data *drv = ctx;
4295	wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
4296	if (i802_set_iface_flags(drv->first_bss, 1)) {
4297		wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
4298			   "after rfkill unblock");
4299		return;
4300	}
4301	/* rtnetlink ifup handler will report interface as enabled */
4302}
4303
4304
4305static void wpa_driver_nl80211_handle_eapol_tx_status(int sock,
4306						      void *eloop_ctx,
4307						      void *handle)
4308{
4309	struct wpa_driver_nl80211_data *drv = eloop_ctx;
4310	u8 data[2048];
4311	struct msghdr msg;
4312	struct iovec entry;
4313	u8 control[512];
4314	struct cmsghdr *cmsg;
4315	int res, found_ee = 0, found_wifi = 0, acked = 0;
4316	union wpa_event_data event;
4317
4318	memset(&msg, 0, sizeof(msg));
4319	msg.msg_iov = &entry;
4320	msg.msg_iovlen = 1;
4321	entry.iov_base = data;
4322	entry.iov_len = sizeof(data);
4323	msg.msg_control = &control;
4324	msg.msg_controllen = sizeof(control);
4325
4326	res = recvmsg(sock, &msg, MSG_ERRQUEUE);
4327	/* if error or not fitting 802.3 header, return */
4328	if (res < 14)
4329		return;
4330
4331	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
4332	{
4333		if (cmsg->cmsg_level == SOL_SOCKET &&
4334		    cmsg->cmsg_type == SCM_WIFI_STATUS) {
4335			int *ack;
4336
4337			found_wifi = 1;
4338			ack = (void *)CMSG_DATA(cmsg);
4339			acked = *ack;
4340		}
4341
4342		if (cmsg->cmsg_level == SOL_PACKET &&
4343		    cmsg->cmsg_type == PACKET_TX_TIMESTAMP) {
4344			struct sock_extended_err *err =
4345				(struct sock_extended_err *)CMSG_DATA(cmsg);
4346
4347			if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS)
4348				found_ee = 1;
4349		}
4350	}
4351
4352	if (!found_ee || !found_wifi)
4353		return;
4354
4355	memset(&event, 0, sizeof(event));
4356	event.eapol_tx_status.dst = data;
4357	event.eapol_tx_status.data = data + 14;
4358	event.eapol_tx_status.data_len = res - 14;
4359	event.eapol_tx_status.ack = acked;
4360	wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event);
4361}
4362
4363
4364static int nl80211_init_bss(struct i802_bss *bss)
4365{
4366	bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
4367	if (!bss->nl_cb)
4368		return -1;
4369
4370	nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
4371		  no_seq_check, NULL);
4372	nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
4373		  process_bss_event, bss);
4374
4375	return 0;
4376}
4377
4378
4379static void nl80211_destroy_bss(struct i802_bss *bss)
4380{
4381	nl_cb_put(bss->nl_cb);
4382	bss->nl_cb = NULL;
4383}
4384
4385
4386static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname,
4387					  void *global_priv, int hostapd,
4388					  const u8 *set_addr)
4389{
4390	struct wpa_driver_nl80211_data *drv;
4391	struct rfkill_config *rcfg;
4392	struct i802_bss *bss;
4393
4394	if (global_priv == NULL)
4395		return NULL;
4396	drv = os_zalloc(sizeof(*drv));
4397	if (drv == NULL)
4398		return NULL;
4399	drv->global = global_priv;
4400	drv->ctx = ctx;
4401	drv->hostapd = !!hostapd;
4402	drv->eapol_sock = -1;
4403	drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
4404	drv->if_indices = drv->default_if_indices;
4405
4406	drv->first_bss = os_zalloc(sizeof(*drv->first_bss));
4407	if (!drv->first_bss) {
4408		os_free(drv);
4409		return NULL;
4410	}
4411	bss = drv->first_bss;
4412	bss->drv = drv;
4413	bss->ctx = ctx;
4414
4415	os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
4416	drv->monitor_ifidx = -1;
4417	drv->monitor_sock = -1;
4418	drv->eapol_tx_sock = -1;
4419	drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
4420
4421	if (wpa_driver_nl80211_init_nl(drv)) {
4422		os_free(drv);
4423		return NULL;
4424	}
4425
4426	if (nl80211_init_bss(bss))
4427		goto failed;
4428
4429	rcfg = os_zalloc(sizeof(*rcfg));
4430	if (rcfg == NULL)
4431		goto failed;
4432	rcfg->ctx = drv;
4433	os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
4434	rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
4435	rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
4436	drv->rfkill = rfkill_init(rcfg);
4437	if (drv->rfkill == NULL) {
4438		wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
4439		os_free(rcfg);
4440	}
4441
4442	if (linux_iface_up(drv->global->ioctl_sock, ifname) > 0)
4443		drv->start_iface_up = 1;
4444
4445	if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1))
4446		goto failed;
4447
4448	drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
4449	if (drv->eapol_tx_sock < 0)
4450		goto failed;
4451
4452	if (drv->data_tx_status) {
4453		int enabled = 1;
4454
4455		if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS,
4456			       &enabled, sizeof(enabled)) < 0) {
4457			wpa_printf(MSG_DEBUG,
4458				"nl80211: wifi status sockopt failed\n");
4459			drv->data_tx_status = 0;
4460			if (!drv->use_monitor)
4461				drv->capa.flags &=
4462					~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
4463		} else {
4464			eloop_register_read_sock(drv->eapol_tx_sock,
4465				wpa_driver_nl80211_handle_eapol_tx_status,
4466				drv, NULL);
4467		}
4468	}
4469
4470	if (drv->global) {
4471		dl_list_add(&drv->global->interfaces, &drv->list);
4472		drv->in_interface_list = 1;
4473	}
4474
4475	return bss;
4476
4477failed:
4478	wpa_driver_nl80211_deinit(bss);
4479	return NULL;
4480}
4481
4482
4483/**
4484 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
4485 * @ctx: context to be used when calling wpa_supplicant functions,
4486 * e.g., wpa_supplicant_event()
4487 * @ifname: interface name, e.g., wlan0
4488 * @global_priv: private driver global data from global_init()
4489 * Returns: Pointer to private data, %NULL on failure
4490 */
4491static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
4492				      void *global_priv)
4493{
4494	return wpa_driver_nl80211_drv_init(ctx, ifname, global_priv, 0, NULL);
4495}
4496
4497
4498static int nl80211_register_frame(struct i802_bss *bss,
4499				  struct nl_handle *nl_handle,
4500				  u16 type, const u8 *match, size_t match_len)
4501{
4502	struct wpa_driver_nl80211_data *drv = bss->drv;
4503	struct nl_msg *msg;
4504	int ret = -1;
4505	char buf[30];
4506
4507	msg = nlmsg_alloc();
4508	if (!msg)
4509		return -1;
4510
4511	buf[0] = '\0';
4512	wpa_snprintf_hex(buf, sizeof(buf), match, match_len);
4513	wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x (%s) nl_handle=%p match=%s",
4514		   type, fc2str(type), nl_handle, buf);
4515
4516	nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION);
4517
4518	if (nl80211_set_iface_id(msg, bss) < 0)
4519		goto nla_put_failure;
4520
4521	NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type);
4522	NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match);
4523
4524	ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL);
4525	msg = NULL;
4526	if (ret) {
4527		wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
4528			   "failed (type=%u): ret=%d (%s)",
4529			   type, ret, strerror(-ret));
4530		wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
4531			    match, match_len);
4532		goto nla_put_failure;
4533	}
4534	ret = 0;
4535nla_put_failure:
4536	nlmsg_free(msg);
4537	return ret;
4538}
4539
4540
4541static int nl80211_alloc_mgmt_handle(struct i802_bss *bss)
4542{
4543	struct wpa_driver_nl80211_data *drv = bss->drv;
4544
4545	if (bss->nl_mgmt) {
4546		wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting "
4547			   "already on! (nl_mgmt=%p)", bss->nl_mgmt);
4548		return -1;
4549	}
4550
4551	bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt");
4552	if (bss->nl_mgmt == NULL)
4553		return -1;
4554
4555	return 0;
4556}
4557
4558
4559static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss)
4560{
4561	nl80211_register_eloop_read(&bss->nl_mgmt,
4562				    wpa_driver_nl80211_event_receive,
4563				    bss->nl_cb);
4564}
4565
4566
4567static int nl80211_register_action_frame(struct i802_bss *bss,
4568					 const u8 *match, size_t match_len)
4569{
4570	u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
4571	return nl80211_register_frame(bss, bss->nl_mgmt,
4572				      type, match, match_len);
4573}
4574
4575
4576static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
4577{
4578	struct wpa_driver_nl80211_data *drv = bss->drv;
4579	int ret = 0;
4580
4581	if (nl80211_alloc_mgmt_handle(bss))
4582		return -1;
4583	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP "
4584		   "handle %p", bss->nl_mgmt);
4585
4586	if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
4587		u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4);
4588
4589		/* register for any AUTH message */
4590		nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0);
4591	}
4592
4593#ifdef CONFIG_INTERWORKING
4594	/* QoS Map Configure */
4595	if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0)
4596		ret = -1;
4597#endif /* CONFIG_INTERWORKING */
4598#if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING)
4599	/* GAS Initial Request */
4600	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0)
4601		ret = -1;
4602	/* GAS Initial Response */
4603	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0)
4604		ret = -1;
4605	/* GAS Comeback Request */
4606	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0)
4607		ret = -1;
4608	/* GAS Comeback Response */
4609	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0)
4610		ret = -1;
4611	/* Protected GAS Initial Request */
4612	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0a", 2) < 0)
4613		ret = -1;
4614	/* Protected GAS Initial Response */
4615	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0b", 2) < 0)
4616		ret = -1;
4617	/* Protected GAS Comeback Request */
4618	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0c", 2) < 0)
4619		ret = -1;
4620	/* Protected GAS Comeback Response */
4621	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0d", 2) < 0)
4622		ret = -1;
4623#endif /* CONFIG_P2P || CONFIG_INTERWORKING */
4624#ifdef CONFIG_P2P
4625	/* P2P Public Action */
4626	if (nl80211_register_action_frame(bss,
4627					  (u8 *) "\x04\x09\x50\x6f\x9a\x09",
4628					  6) < 0)
4629		ret = -1;
4630	/* P2P Action */
4631	if (nl80211_register_action_frame(bss,
4632					  (u8 *) "\x7f\x50\x6f\x9a\x09",
4633					  5) < 0)
4634		ret = -1;
4635#endif /* CONFIG_P2P */
4636#ifdef CONFIG_IEEE80211W
4637	/* SA Query Response */
4638	if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0)
4639		ret = -1;
4640#endif /* CONFIG_IEEE80211W */
4641#ifdef CONFIG_TDLS
4642	if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) {
4643		/* TDLS Discovery Response */
4644		if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) <
4645		    0)
4646			ret = -1;
4647	}
4648#endif /* CONFIG_TDLS */
4649
4650	/* FT Action frames */
4651	if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
4652		ret = -1;
4653	else
4654		drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
4655			WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
4656
4657	/* WNM - BSS Transition Management Request */
4658	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0)
4659		ret = -1;
4660	/* WNM-Sleep Mode Response */
4661	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0)
4662		ret = -1;
4663
4664#ifdef CONFIG_HS20
4665	/* WNM-Notification */
4666	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x1a", 2) < 0)
4667		ret = -1;
4668#endif /* CONFIG_HS20 */
4669
4670	nl80211_mgmt_handle_register_eloop(bss);
4671
4672	return ret;
4673}
4674
4675
4676static int nl80211_register_spurious_class3(struct i802_bss *bss)
4677{
4678	struct wpa_driver_nl80211_data *drv = bss->drv;
4679	struct nl_msg *msg;
4680	int ret = -1;
4681
4682	msg = nlmsg_alloc();
4683	if (!msg)
4684		return -1;
4685
4686	nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME);
4687
4688	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
4689
4690	ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL);
4691	msg = NULL;
4692	if (ret) {
4693		wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 "
4694			   "failed: ret=%d (%s)",
4695			   ret, strerror(-ret));
4696		goto nla_put_failure;
4697	}
4698	ret = 0;
4699nla_put_failure:
4700	nlmsg_free(msg);
4701	return ret;
4702}
4703
4704
4705static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss)
4706{
4707	static const int stypes[] = {
4708		WLAN_FC_STYPE_AUTH,
4709		WLAN_FC_STYPE_ASSOC_REQ,
4710		WLAN_FC_STYPE_REASSOC_REQ,
4711		WLAN_FC_STYPE_DISASSOC,
4712		WLAN_FC_STYPE_DEAUTH,
4713		WLAN_FC_STYPE_ACTION,
4714		WLAN_FC_STYPE_PROBE_REQ,
4715/* Beacon doesn't work as mac80211 doesn't currently allow
4716 * it, but it wouldn't really be the right thing anyway as
4717 * it isn't per interface ... maybe just dump the scan
4718 * results periodically for OLBC?
4719 */
4720		/* WLAN_FC_STYPE_BEACON, */
4721	};
4722	unsigned int i;
4723
4724	if (nl80211_alloc_mgmt_handle(bss))
4725		return -1;
4726	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
4727		   "handle %p", bss->nl_mgmt);
4728
4729	for (i = 0; i < ARRAY_SIZE(stypes); i++) {
4730		if (nl80211_register_frame(bss, bss->nl_mgmt,
4731					   (WLAN_FC_TYPE_MGMT << 2) |
4732					   (stypes[i] << 4),
4733					   NULL, 0) < 0) {
4734			goto out_err;
4735		}
4736	}
4737
4738	if (nl80211_register_spurious_class3(bss))
4739		goto out_err;
4740
4741	if (nl80211_get_wiphy_data_ap(bss) == NULL)
4742		goto out_err;
4743
4744	nl80211_mgmt_handle_register_eloop(bss);
4745	return 0;
4746
4747out_err:
4748	nl_destroy_handles(&bss->nl_mgmt);
4749	return -1;
4750}
4751
4752
4753static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss)
4754{
4755	if (nl80211_alloc_mgmt_handle(bss))
4756		return -1;
4757	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
4758		   "handle %p (device SME)", bss->nl_mgmt);
4759
4760	if (nl80211_register_frame(bss, bss->nl_mgmt,
4761				   (WLAN_FC_TYPE_MGMT << 2) |
4762				   (WLAN_FC_STYPE_ACTION << 4),
4763				   NULL, 0) < 0)
4764		goto out_err;
4765
4766	nl80211_mgmt_handle_register_eloop(bss);
4767	return 0;
4768
4769out_err:
4770	nl_destroy_handles(&bss->nl_mgmt);
4771	return -1;
4772}
4773
4774
4775static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason)
4776{
4777	if (bss->nl_mgmt == NULL)
4778		return;
4779	wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p "
4780		   "(%s)", bss->nl_mgmt, reason);
4781	nl80211_destroy_eloop_handle(&bss->nl_mgmt);
4782
4783	nl80211_put_wiphy_data_ap(bss);
4784}
4785
4786
4787static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
4788{
4789	wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
4790}
4791
4792
4793static void nl80211_del_p2pdev(struct i802_bss *bss)
4794{
4795	struct wpa_driver_nl80211_data *drv = bss->drv;
4796	struct nl_msg *msg;
4797	int ret;
4798
4799	msg = nlmsg_alloc();
4800	if (!msg)
4801		return;
4802
4803	nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE);
4804	NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
4805
4806	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4807	msg = NULL;
4808
4809	wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s",
4810		   bss->ifname, (long long unsigned int) bss->wdev_id,
4811		   strerror(-ret));
4812
4813nla_put_failure:
4814	nlmsg_free(msg);
4815}
4816
4817
4818static int nl80211_set_p2pdev(struct i802_bss *bss, int start)
4819{
4820	struct wpa_driver_nl80211_data *drv = bss->drv;
4821	struct nl_msg *msg;
4822	int ret = -1;
4823
4824	msg = nlmsg_alloc();
4825	if (!msg)
4826		return -1;
4827
4828	if (start)
4829		nl80211_cmd(drv, msg, 0, NL80211_CMD_START_P2P_DEVICE);
4830	else
4831		nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_P2P_DEVICE);
4832
4833	NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
4834
4835	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4836	msg = NULL;
4837
4838	wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s",
4839		   start ? "Start" : "Stop",
4840		   bss->ifname, (long long unsigned int) bss->wdev_id,
4841		   strerror(-ret));
4842
4843nla_put_failure:
4844	nlmsg_free(msg);
4845	return ret;
4846}
4847
4848
4849static int i802_set_iface_flags(struct i802_bss *bss, int up)
4850{
4851	enum nl80211_iftype nlmode;
4852
4853	nlmode = nl80211_get_ifmode(bss);
4854	if (nlmode != NL80211_IFTYPE_P2P_DEVICE) {
4855		return linux_set_iface_flags(bss->drv->global->ioctl_sock,
4856					     bss->ifname, up);
4857	}
4858
4859	/* P2P Device has start/stop which is equivalent */
4860	return nl80211_set_p2pdev(bss, up);
4861}
4862
4863
4864static int
4865wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
4866				   const u8 *set_addr, int first)
4867{
4868	struct i802_bss *bss = drv->first_bss;
4869	int send_rfkill_event = 0;
4870	enum nl80211_iftype nlmode;
4871
4872	drv->ifindex = if_nametoindex(bss->ifname);
4873	bss->ifindex = drv->ifindex;
4874	bss->wdev_id = drv->global->if_add_wdevid;
4875	bss->wdev_id_set = drv->global->if_add_wdevid_set;
4876
4877	bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex;
4878	bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set;
4879	drv->global->if_add_wdevid_set = 0;
4880
4881	if (!bss->if_dynamic && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP)
4882		bss->static_ap = 1;
4883
4884	if (wpa_driver_nl80211_capa(drv))
4885		return -1;
4886
4887	wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
4888		   bss->ifname, drv->phyname);
4889
4890	if (set_addr &&
4891	    (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) ||
4892	     linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
4893				set_addr)))
4894		return -1;
4895
4896	if (first && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP)
4897		drv->start_mode_ap = 1;
4898
4899	if (drv->hostapd || bss->static_ap)
4900		nlmode = NL80211_IFTYPE_AP;
4901	else if (bss->if_dynamic)
4902		nlmode = nl80211_get_ifmode(bss);
4903	else
4904		nlmode = NL80211_IFTYPE_STATION;
4905
4906	if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) {
4907		wpa_printf(MSG_ERROR, "nl80211: Could not configure driver mode");
4908		return -1;
4909	}
4910
4911	if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
4912		nl80211_get_macaddr(bss);
4913
4914	if (!rfkill_is_blocked(drv->rfkill)) {
4915		int ret = i802_set_iface_flags(bss, 1);
4916		if (ret) {
4917			wpa_printf(MSG_ERROR, "nl80211: Could not set "
4918				   "interface '%s' UP", bss->ifname);
4919			return ret;
4920		}
4921		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
4922			return ret;
4923	} else {
4924		wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
4925			   "interface '%s' due to rfkill", bss->ifname);
4926		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
4927			return 0;
4928		drv->if_disabled = 1;
4929		send_rfkill_event = 1;
4930	}
4931
4932	if (!drv->hostapd)
4933		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
4934				       1, IF_OPER_DORMANT);
4935
4936	if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
4937			       bss->addr))
4938		return -1;
4939	os_memcpy(drv->perm_addr, bss->addr, ETH_ALEN);
4940
4941	if (send_rfkill_event) {
4942		eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
4943				       drv, drv->ctx);
4944	}
4945
4946	return 0;
4947}
4948
4949
4950static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
4951{
4952	struct nl_msg *msg;
4953
4954	msg = nlmsg_alloc();
4955	if (!msg)
4956		return -ENOMEM;
4957
4958	wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
4959		   drv->ifindex);
4960	nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON);
4961	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4962
4963	return send_and_recv_msgs(drv, msg, NULL, NULL);
4964 nla_put_failure:
4965	nlmsg_free(msg);
4966	return -ENOBUFS;
4967}
4968
4969
4970/**
4971 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
4972 * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init()
4973 *
4974 * Shut down driver interface and processing of driver events. Free
4975 * private data buffer if one was allocated in wpa_driver_nl80211_init().
4976 */
4977static void wpa_driver_nl80211_deinit(struct i802_bss *bss)
4978{
4979	struct wpa_driver_nl80211_data *drv = bss->drv;
4980
4981	bss->in_deinit = 1;
4982	if (drv->data_tx_status)
4983		eloop_unregister_read_sock(drv->eapol_tx_sock);
4984	if (drv->eapol_tx_sock >= 0)
4985		close(drv->eapol_tx_sock);
4986
4987	if (bss->nl_preq)
4988		wpa_driver_nl80211_probe_req_report(bss, 0);
4989	if (bss->added_if_into_bridge) {
4990		if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
4991				    bss->ifname) < 0)
4992			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
4993				   "interface %s from bridge %s: %s",
4994				   bss->ifname, bss->brname, strerror(errno));
4995		if (drv->rtnl_sk)
4996			nl80211_handle_destroy(drv->rtnl_sk);
4997	}
4998	if (bss->added_bridge) {
4999		if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
5000			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
5001				   "bridge %s: %s",
5002				   bss->brname, strerror(errno));
5003	}
5004
5005	nl80211_remove_monitor_interface(drv);
5006
5007	if (is_ap_interface(drv->nlmode))
5008		wpa_driver_nl80211_del_beacon(drv);
5009
5010	if (drv->eapol_sock >= 0) {
5011		eloop_unregister_read_sock(drv->eapol_sock);
5012		close(drv->eapol_sock);
5013	}
5014
5015	if (drv->if_indices != drv->default_if_indices)
5016		os_free(drv->if_indices);
5017
5018	if (drv->disabled_11b_rates)
5019		nl80211_disable_11b_rates(drv, drv->ifindex, 0);
5020
5021	netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0,
5022			       IF_OPER_UP);
5023	eloop_cancel_timeout(wpa_driver_nl80211_send_rfkill, drv, drv->ctx);
5024	rfkill_deinit(drv->rfkill);
5025
5026	eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
5027
5028	if (!drv->start_iface_up)
5029		(void) i802_set_iface_flags(bss, 0);
5030
5031	if (drv->addr_changed) {
5032		linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0);
5033		if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
5034				       drv->perm_addr) < 0) {
5035			wpa_printf(MSG_DEBUG,
5036				   "nl80211: Could not restore permanent MAC address");
5037		}
5038	}
5039
5040	if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) {
5041		if (!drv->hostapd || !drv->start_mode_ap)
5042			wpa_driver_nl80211_set_mode(bss,
5043						    NL80211_IFTYPE_STATION);
5044		nl80211_mgmt_unsubscribe(bss, "deinit");
5045	} else {
5046		nl80211_mgmt_unsubscribe(bss, "deinit");
5047		nl80211_del_p2pdev(bss);
5048	}
5049	nl_cb_put(drv->nl_cb);
5050
5051	nl80211_destroy_bss(drv->first_bss);
5052
5053	os_free(drv->filter_ssids);
5054
5055	os_free(drv->auth_ie);
5056
5057	if (drv->in_interface_list)
5058		dl_list_del(&drv->list);
5059
5060	os_free(drv->extended_capa);
5061	os_free(drv->extended_capa_mask);
5062	os_free(drv->first_bss);
5063	os_free(drv);
5064}
5065
5066
5067/**
5068 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
5069 * @eloop_ctx: Driver private data
5070 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
5071 *
5072 * This function can be used as registered timeout when starting a scan to
5073 * generate a scan completed event if the driver does not report this.
5074 */
5075static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
5076{
5077	struct wpa_driver_nl80211_data *drv = eloop_ctx;
5078	if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) {
5079		wpa_driver_nl80211_set_mode(drv->first_bss,
5080					    drv->ap_scan_as_station);
5081		drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
5082	}
5083	wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
5084	wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
5085}
5086
5087
5088static struct nl_msg *
5089nl80211_scan_common(struct wpa_driver_nl80211_data *drv, u8 cmd,
5090		    struct wpa_driver_scan_params *params, u64 *wdev_id)
5091{
5092	struct nl_msg *msg;
5093	size_t i;
5094	u32 scan_flags = 0;
5095
5096	msg = nlmsg_alloc();
5097	if (!msg)
5098		return NULL;
5099
5100	nl80211_cmd(drv, msg, 0, cmd);
5101
5102	if (!wdev_id)
5103		NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5104	else
5105		NLA_PUT_U64(msg, NL80211_ATTR_WDEV, *wdev_id);
5106
5107	if (params->num_ssids) {
5108		struct nlattr *ssids;
5109
5110		ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
5111		if (ssids == NULL)
5112			goto fail;
5113		for (i = 0; i < params->num_ssids; i++) {
5114			wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
5115					  params->ssids[i].ssid,
5116					  params->ssids[i].ssid_len);
5117			if (nla_put(msg, i + 1, params->ssids[i].ssid_len,
5118				    params->ssids[i].ssid) < 0)
5119				goto fail;
5120		}
5121		nla_nest_end(msg, ssids);
5122	}
5123
5124	if (params->extra_ies) {
5125		wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
5126			    params->extra_ies, params->extra_ies_len);
5127		if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len,
5128			    params->extra_ies) < 0)
5129			goto fail;
5130	}
5131
5132	if (params->freqs) {
5133		struct nlattr *freqs;
5134		freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
5135		if (freqs == NULL)
5136			goto fail;
5137		for (i = 0; params->freqs[i]; i++) {
5138			wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
5139				   "MHz", params->freqs[i]);
5140			if (nla_put_u32(msg, i + 1, params->freqs[i]) < 0)
5141				goto fail;
5142		}
5143		nla_nest_end(msg, freqs);
5144	}
5145
5146	os_free(drv->filter_ssids);
5147	drv->filter_ssids = params->filter_ssids;
5148	params->filter_ssids = NULL;
5149	drv->num_filter_ssids = params->num_filter_ssids;
5150
5151	if (params->only_new_results) {
5152		wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH");
5153		scan_flags |= NL80211_SCAN_FLAG_FLUSH;
5154	}
5155
5156	if (params->low_priority && drv->have_low_prio_scan) {
5157		wpa_printf(MSG_DEBUG,
5158			   "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY");
5159		scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY;
5160	}
5161
5162	if (scan_flags)
5163		NLA_PUT_U32(msg, NL80211_ATTR_SCAN_FLAGS, scan_flags);
5164
5165	return msg;
5166
5167fail:
5168nla_put_failure:
5169	nlmsg_free(msg);
5170	return NULL;
5171}
5172
5173
5174/**
5175 * wpa_driver_nl80211_scan - Request the driver to initiate scan
5176 * @bss: Pointer to private driver data from wpa_driver_nl80211_init()
5177 * @params: Scan parameters
5178 * Returns: 0 on success, -1 on failure
5179 */
5180static int wpa_driver_nl80211_scan(struct i802_bss *bss,
5181				   struct wpa_driver_scan_params *params)
5182{
5183	struct wpa_driver_nl80211_data *drv = bss->drv;
5184	int ret = -1, timeout;
5185	struct nl_msg *msg = NULL;
5186
5187	wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request");
5188	drv->scan_for_auth = 0;
5189
5190	msg = nl80211_scan_common(drv, NL80211_CMD_TRIGGER_SCAN, params,
5191				  bss->wdev_id_set ? &bss->wdev_id : NULL);
5192	if (!msg)
5193		return -1;
5194
5195	if (params->p2p_probe) {
5196		struct nlattr *rates;
5197
5198		wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates");
5199
5200		rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES);
5201		if (rates == NULL)
5202			goto nla_put_failure;
5203
5204		/*
5205		 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
5206		 * by masking out everything else apart from the OFDM rates 6,
5207		 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
5208		 * rates are left enabled.
5209		 */
5210		NLA_PUT(msg, NL80211_BAND_2GHZ, 8,
5211			"\x0c\x12\x18\x24\x30\x48\x60\x6c");
5212		nla_nest_end(msg, rates);
5213
5214		NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
5215	}
5216
5217	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5218	msg = NULL;
5219	if (ret) {
5220		wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
5221			   "(%s)", ret, strerror(-ret));
5222		if (drv->hostapd && is_ap_interface(drv->nlmode)) {
5223			enum nl80211_iftype old_mode = drv->nlmode;
5224
5225			/*
5226			 * mac80211 does not allow scan requests in AP mode, so
5227			 * try to do this in station mode.
5228			 */
5229			if (wpa_driver_nl80211_set_mode(
5230				    bss, NL80211_IFTYPE_STATION))
5231				goto nla_put_failure;
5232
5233			if (wpa_driver_nl80211_scan(bss, params)) {
5234				wpa_driver_nl80211_set_mode(bss, drv->nlmode);
5235				goto nla_put_failure;
5236			}
5237
5238			/* Restore AP mode when processing scan results */
5239			drv->ap_scan_as_station = old_mode;
5240			ret = 0;
5241		} else
5242			goto nla_put_failure;
5243	}
5244
5245	drv->scan_state = SCAN_REQUESTED;
5246	/* Not all drivers generate "scan completed" wireless event, so try to
5247	 * read results after a timeout. */
5248	timeout = 10;
5249	if (drv->scan_complete_events) {
5250		/*
5251		 * The driver seems to deliver events to notify when scan is
5252		 * complete, so use longer timeout to avoid race conditions
5253		 * with scanning and following association request.
5254		 */
5255		timeout = 30;
5256	}
5257	wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
5258		   "seconds", ret, timeout);
5259	eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
5260	eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
5261			       drv, drv->ctx);
5262
5263nla_put_failure:
5264	nlmsg_free(msg);
5265	return ret;
5266}
5267
5268
5269/**
5270 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan
5271 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
5272 * @params: Scan parameters
5273 * @interval: Interval between scan cycles in milliseconds
5274 * Returns: 0 on success, -1 on failure or if not supported
5275 */
5276static int wpa_driver_nl80211_sched_scan(void *priv,
5277					 struct wpa_driver_scan_params *params,
5278					 u32 interval)
5279{
5280	struct i802_bss *bss = priv;
5281	struct wpa_driver_nl80211_data *drv = bss->drv;
5282	int ret = -1;
5283	struct nl_msg *msg;
5284	size_t i;
5285
5286	wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request");
5287
5288#ifdef ANDROID
5289	if (!drv->capa.sched_scan_supported)
5290		return android_pno_start(bss, params);
5291#endif /* ANDROID */
5292
5293	msg = nl80211_scan_common(drv, NL80211_CMD_START_SCHED_SCAN, params,
5294				  bss->wdev_id_set ? &bss->wdev_id : NULL);
5295	if (!msg)
5296		goto nla_put_failure;
5297
5298	NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval);
5299
5300	if ((drv->num_filter_ssids &&
5301	    (int) drv->num_filter_ssids <= drv->capa.max_match_sets) ||
5302	    params->filter_rssi) {
5303		struct nlattr *match_sets;
5304		match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
5305		if (match_sets == NULL)
5306			goto nla_put_failure;
5307
5308		for (i = 0; i < drv->num_filter_ssids; i++) {
5309			struct nlattr *match_set_ssid;
5310			wpa_hexdump_ascii(MSG_MSGDUMP,
5311					  "nl80211: Sched scan filter SSID",
5312					  drv->filter_ssids[i].ssid,
5313					  drv->filter_ssids[i].ssid_len);
5314
5315			match_set_ssid = nla_nest_start(msg, i + 1);
5316			if (match_set_ssid == NULL)
5317				goto nla_put_failure;
5318			NLA_PUT(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID,
5319				drv->filter_ssids[i].ssid_len,
5320				drv->filter_ssids[i].ssid);
5321			if (params->filter_rssi)
5322				NLA_PUT_U32(msg,
5323					    NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
5324					    params->filter_rssi);
5325
5326			nla_nest_end(msg, match_set_ssid);
5327		}
5328
5329		/*
5330		 * Due to backward compatibility code, newer kernels treat this
5331		 * matchset (with only an RSSI filter) as the default for all
5332		 * other matchsets, unless it's the only one, in which case the
5333		 * matchset will actually allow all SSIDs above the RSSI.
5334		 */
5335		if (params->filter_rssi) {
5336			struct nlattr *match_set_rssi;
5337			match_set_rssi = nla_nest_start(msg, 0);
5338			if (match_set_rssi == NULL)
5339				goto nla_put_failure;
5340			NLA_PUT_U32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
5341				    params->filter_rssi);
5342			wpa_printf(MSG_MSGDUMP,
5343				   "nl80211: Sched scan RSSI filter %d dBm",
5344				   params->filter_rssi);
5345			nla_nest_end(msg, match_set_rssi);
5346		}
5347
5348		nla_nest_end(msg, match_sets);
5349	}
5350
5351	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5352
5353	/* TODO: if we get an error here, we should fall back to normal scan */
5354
5355	msg = NULL;
5356	if (ret) {
5357		wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: "
5358			   "ret=%d (%s)", ret, strerror(-ret));
5359		goto nla_put_failure;
5360	}
5361
5362	wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - "
5363		   "scan interval %d msec", ret, interval);
5364
5365nla_put_failure:
5366	nlmsg_free(msg);
5367	return ret;
5368}
5369
5370
5371/**
5372 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan
5373 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
5374 * Returns: 0 on success, -1 on failure or if not supported
5375 */
5376static int wpa_driver_nl80211_stop_sched_scan(void *priv)
5377{
5378	struct i802_bss *bss = priv;
5379	struct wpa_driver_nl80211_data *drv = bss->drv;
5380	int ret = 0;
5381	struct nl_msg *msg;
5382
5383#ifdef ANDROID
5384	if (!drv->capa.sched_scan_supported)
5385		return android_pno_stop(bss);
5386#endif /* ANDROID */
5387
5388	msg = nlmsg_alloc();
5389	if (!msg)
5390		return -1;
5391
5392	nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN);
5393
5394	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5395
5396	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5397	msg = NULL;
5398	if (ret) {
5399		wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: "
5400			   "ret=%d (%s)", ret, strerror(-ret));
5401		goto nla_put_failure;
5402	}
5403
5404	wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret);
5405
5406nla_put_failure:
5407	nlmsg_free(msg);
5408	return ret;
5409}
5410
5411
5412static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie)
5413{
5414	const u8 *end, *pos;
5415
5416	if (ies == NULL)
5417		return NULL;
5418
5419	pos = ies;
5420	end = ies + ies_len;
5421
5422	while (pos + 1 < end) {
5423		if (pos + 2 + pos[1] > end)
5424			break;
5425		if (pos[0] == ie)
5426			return pos;
5427		pos += 2 + pos[1];
5428	}
5429
5430	return NULL;
5431}
5432
5433
5434static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
5435				 const u8 *ie, size_t ie_len)
5436{
5437	const u8 *ssid;
5438	size_t i;
5439
5440	if (drv->filter_ssids == NULL)
5441		return 0;
5442
5443	ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID);
5444	if (ssid == NULL)
5445		return 1;
5446
5447	for (i = 0; i < drv->num_filter_ssids; i++) {
5448		if (ssid[1] == drv->filter_ssids[i].ssid_len &&
5449		    os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
5450		    0)
5451			return 0;
5452	}
5453
5454	return 1;
5455}
5456
5457
5458static int bss_info_handler(struct nl_msg *msg, void *arg)
5459{
5460	struct nlattr *tb[NL80211_ATTR_MAX + 1];
5461	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5462	struct nlattr *bss[NL80211_BSS_MAX + 1];
5463	static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
5464		[NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
5465		[NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
5466		[NL80211_BSS_TSF] = { .type = NLA_U64 },
5467		[NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
5468		[NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
5469		[NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
5470		[NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
5471		[NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
5472		[NL80211_BSS_STATUS] = { .type = NLA_U32 },
5473		[NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
5474		[NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
5475	};
5476	struct nl80211_bss_info_arg *_arg = arg;
5477	struct wpa_scan_results *res = _arg->res;
5478	struct wpa_scan_res **tmp;
5479	struct wpa_scan_res *r;
5480	const u8 *ie, *beacon_ie;
5481	size_t ie_len, beacon_ie_len;
5482	u8 *pos;
5483	size_t i;
5484
5485	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5486		  genlmsg_attrlen(gnlh, 0), NULL);
5487	if (!tb[NL80211_ATTR_BSS])
5488		return NL_SKIP;
5489	if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
5490			     bss_policy))
5491		return NL_SKIP;
5492	if (bss[NL80211_BSS_STATUS]) {
5493		enum nl80211_bss_status status;
5494		status = nla_get_u32(bss[NL80211_BSS_STATUS]);
5495		if (status == NL80211_BSS_STATUS_ASSOCIATED &&
5496		    bss[NL80211_BSS_FREQUENCY]) {
5497			_arg->assoc_freq =
5498				nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
5499			wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz",
5500				   _arg->assoc_freq);
5501		}
5502		if (status == NL80211_BSS_STATUS_IBSS_JOINED &&
5503		    bss[NL80211_BSS_FREQUENCY]) {
5504			_arg->ibss_freq =
5505				nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
5506			wpa_printf(MSG_DEBUG, "nl80211: IBSS-joined on %u MHz",
5507				   _arg->ibss_freq);
5508		}
5509		if (status == NL80211_BSS_STATUS_ASSOCIATED &&
5510		    bss[NL80211_BSS_BSSID]) {
5511			os_memcpy(_arg->assoc_bssid,
5512				  nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN);
5513			wpa_printf(MSG_DEBUG, "nl80211: Associated with "
5514				   MACSTR, MAC2STR(_arg->assoc_bssid));
5515		}
5516	}
5517	if (!res)
5518		return NL_SKIP;
5519	if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
5520		ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
5521		ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
5522	} else {
5523		ie = NULL;
5524		ie_len = 0;
5525	}
5526	if (bss[NL80211_BSS_BEACON_IES]) {
5527		beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
5528		beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
5529	} else {
5530		beacon_ie = NULL;
5531		beacon_ie_len = 0;
5532	}
5533
5534	if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie,
5535				  ie ? ie_len : beacon_ie_len))
5536		return NL_SKIP;
5537
5538	r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
5539	if (r == NULL)
5540		return NL_SKIP;
5541	if (bss[NL80211_BSS_BSSID])
5542		os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
5543			  ETH_ALEN);
5544	if (bss[NL80211_BSS_FREQUENCY])
5545		r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
5546	if (bss[NL80211_BSS_BEACON_INTERVAL])
5547		r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
5548	if (bss[NL80211_BSS_CAPABILITY])
5549		r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
5550	r->flags |= WPA_SCAN_NOISE_INVALID;
5551	if (bss[NL80211_BSS_SIGNAL_MBM]) {
5552		r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
5553		r->level /= 100; /* mBm to dBm */
5554		r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
5555	} else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
5556		r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
5557		r->flags |= WPA_SCAN_QUAL_INVALID;
5558	} else
5559		r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
5560	if (bss[NL80211_BSS_TSF])
5561		r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
5562	if (bss[NL80211_BSS_SEEN_MS_AGO])
5563		r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
5564	r->ie_len = ie_len;
5565	pos = (u8 *) (r + 1);
5566	if (ie) {
5567		os_memcpy(pos, ie, ie_len);
5568		pos += ie_len;
5569	}
5570	r->beacon_ie_len = beacon_ie_len;
5571	if (beacon_ie)
5572		os_memcpy(pos, beacon_ie, beacon_ie_len);
5573
5574	if (bss[NL80211_BSS_STATUS]) {
5575		enum nl80211_bss_status status;
5576		status = nla_get_u32(bss[NL80211_BSS_STATUS]);
5577		switch (status) {
5578		case NL80211_BSS_STATUS_AUTHENTICATED:
5579			r->flags |= WPA_SCAN_AUTHENTICATED;
5580			break;
5581		case NL80211_BSS_STATUS_ASSOCIATED:
5582			r->flags |= WPA_SCAN_ASSOCIATED;
5583			break;
5584		default:
5585			break;
5586		}
5587	}
5588
5589	/*
5590	 * cfg80211 maintains separate BSS table entries for APs if the same
5591	 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does
5592	 * not use frequency as a separate key in the BSS table, so filter out
5593	 * duplicated entries. Prefer associated BSS entry in such a case in
5594	 * order to get the correct frequency into the BSS table. Similarly,
5595	 * prefer newer entries over older.
5596	 */
5597	for (i = 0; i < res->num; i++) {
5598		const u8 *s1, *s2;
5599		if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0)
5600			continue;
5601
5602		s1 = nl80211_get_ie((u8 *) (res->res[i] + 1),
5603				    res->res[i]->ie_len, WLAN_EID_SSID);
5604		s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID);
5605		if (s1 == NULL || s2 == NULL || s1[1] != s2[1] ||
5606		    os_memcmp(s1, s2, 2 + s1[1]) != 0)
5607			continue;
5608
5609		/* Same BSSID,SSID was already included in scan results */
5610		wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result "
5611			   "for " MACSTR, MAC2STR(r->bssid));
5612
5613		if (((r->flags & WPA_SCAN_ASSOCIATED) &&
5614		     !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) ||
5615		    r->age < res->res[i]->age) {
5616			os_free(res->res[i]);
5617			res->res[i] = r;
5618		} else
5619			os_free(r);
5620		return NL_SKIP;
5621	}
5622
5623	tmp = os_realloc_array(res->res, res->num + 1,
5624			       sizeof(struct wpa_scan_res *));
5625	if (tmp == NULL) {
5626		os_free(r);
5627		return NL_SKIP;
5628	}
5629	tmp[res->num++] = r;
5630	res->res = tmp;
5631
5632	return NL_SKIP;
5633}
5634
5635
5636static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
5637				 const u8 *addr)
5638{
5639	if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
5640		wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
5641			   "mismatch (" MACSTR ")", MAC2STR(addr));
5642		wpa_driver_nl80211_mlme(drv, addr,
5643					NL80211_CMD_DEAUTHENTICATE,
5644					WLAN_REASON_PREV_AUTH_NOT_VALID, 1);
5645	}
5646}
5647
5648
5649static void wpa_driver_nl80211_check_bss_status(
5650	struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
5651{
5652	size_t i;
5653
5654	for (i = 0; i < res->num; i++) {
5655		struct wpa_scan_res *r = res->res[i];
5656		if (r->flags & WPA_SCAN_AUTHENTICATED) {
5657			wpa_printf(MSG_DEBUG, "nl80211: Scan results "
5658				   "indicates BSS status with " MACSTR
5659				   " as authenticated",
5660				   MAC2STR(r->bssid));
5661			if (is_sta_interface(drv->nlmode) &&
5662			    os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 &&
5663			    os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) !=
5664			    0) {
5665				wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID"
5666					   " in local state (auth=" MACSTR
5667					   " assoc=" MACSTR ")",
5668					   MAC2STR(drv->auth_bssid),
5669					   MAC2STR(drv->bssid));
5670				clear_state_mismatch(drv, r->bssid);
5671			}
5672		}
5673
5674		if (r->flags & WPA_SCAN_ASSOCIATED) {
5675			wpa_printf(MSG_DEBUG, "nl80211: Scan results "
5676				   "indicate BSS status with " MACSTR
5677				   " as associated",
5678				   MAC2STR(r->bssid));
5679			if (is_sta_interface(drv->nlmode) &&
5680			    !drv->associated) {
5681				wpa_printf(MSG_DEBUG, "nl80211: Local state "
5682					   "(not associated) does not match "
5683					   "with BSS state");
5684				clear_state_mismatch(drv, r->bssid);
5685			} else if (is_sta_interface(drv->nlmode) &&
5686				   os_memcmp(drv->bssid, r->bssid, ETH_ALEN) !=
5687				   0) {
5688				wpa_printf(MSG_DEBUG, "nl80211: Local state "
5689					   "(associated with " MACSTR ") does "
5690					   "not match with BSS state",
5691					   MAC2STR(