1/*
2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009-2010, Atheros Communications
8 *
9 * This software may be distributed under the terms of the BSD license.
10 * See README for more details.
11 */
12
13#include "includes.h"
14#include <sys/types.h>
15#include <fcntl.h>
16#include <net/if.h>
17#include <netlink/genl/genl.h>
18#include <netlink/genl/ctrl.h>
19#ifdef CONFIG_LIBNL3_ROUTE
20#include <netlink/route/neighbour.h>
21#endif /* CONFIG_LIBNL3_ROUTE */
22#include <linux/rtnetlink.h>
23#include <netpacket/packet.h>
24#include <linux/errqueue.h>
25
26#include "common.h"
27#include "eloop.h"
28#include "common/qca-vendor.h"
29#include "common/qca-vendor-attr.h"
30#include "common/ieee802_11_defs.h"
31#include "common/ieee802_11_common.h"
32#include "l2_packet/l2_packet.h"
33#include "netlink.h"
34#include "linux_defines.h"
35#include "linux_ioctl.h"
36#include "radiotap.h"
37#include "radiotap_iter.h"
38#include "rfkill.h"
39#include "driver_nl80211.h"
40
41
42#ifndef CONFIG_LIBNL20
43/*
44 * libnl 1.1 has a bug, it tries to allocate socket numbers densely
45 * but when you free a socket again it will mess up its bitmap and
46 * and use the wrong number the next time it needs a socket ID.
47 * Therefore, we wrap the handle alloc/destroy and add our own pid
48 * accounting.
49 */
50static uint32_t port_bitmap[32] = { 0 };
51
52static struct nl_handle *nl80211_handle_alloc(void *cb)
53{
54	struct nl_handle *handle;
55	uint32_t pid = getpid() & 0x3FFFFF;
56	int i;
57
58	handle = nl_handle_alloc_cb(cb);
59
60	for (i = 0; i < 1024; i++) {
61		if (port_bitmap[i / 32] & (1 << (i % 32)))
62			continue;
63		port_bitmap[i / 32] |= 1 << (i % 32);
64		pid += i << 22;
65		break;
66	}
67
68	nl_socket_set_local_port(handle, pid);
69
70	return handle;
71}
72
73static void nl80211_handle_destroy(struct nl_handle *handle)
74{
75	uint32_t port = nl_socket_get_local_port(handle);
76
77	port >>= 22;
78	port_bitmap[port / 32] &= ~(1 << (port % 32));
79
80	nl_handle_destroy(handle);
81}
82#endif /* CONFIG_LIBNL20 */
83
84
85#ifdef ANDROID
86/* system/core/libnl_2 does not include nl_socket_set_nonblocking() */
87#undef nl_socket_set_nonblocking
88#define nl_socket_set_nonblocking(h) android_nl_socket_set_nonblocking(h)
89
90#endif /* ANDROID */
91
92
93static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg)
94{
95	struct nl_handle *handle;
96
97	handle = nl80211_handle_alloc(cb);
98	if (handle == NULL) {
99		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
100			   "callbacks (%s)", dbg);
101		return NULL;
102	}
103
104	if (genl_connect(handle)) {
105		wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
106			   "netlink (%s)", dbg);
107		nl80211_handle_destroy(handle);
108		return NULL;
109	}
110
111	return handle;
112}
113
114
115static void nl_destroy_handles(struct nl_handle **handle)
116{
117	if (*handle == NULL)
118		return;
119	nl80211_handle_destroy(*handle);
120	*handle = NULL;
121}
122
123
124#if __WORDSIZE == 64
125#define ELOOP_SOCKET_INVALID	(intptr_t) 0x8888888888888889ULL
126#else
127#define ELOOP_SOCKET_INVALID	(intptr_t) 0x88888889ULL
128#endif
129
130static void nl80211_register_eloop_read(struct nl_handle **handle,
131					eloop_sock_handler handler,
132					void *eloop_data)
133{
134#ifdef CONFIG_LIBNL20
135	/*
136	 * libnl uses a pretty small buffer (32 kB that gets converted to 64 kB)
137	 * by default. It is possible to hit that limit in some cases where
138	 * operations are blocked, e.g., with a burst of Deauthentication frames
139	 * to hostapd and STA entry deletion. Try to increase the buffer to make
140	 * this less likely to occur.
141	 */
142	if (nl_socket_set_buffer_size(*handle, 262144, 0) < 0) {
143		wpa_printf(MSG_DEBUG,
144			   "nl80211: Could not set nl_socket RX buffer size: %s",
145			   strerror(errno));
146		/* continue anyway with the default (smaller) buffer */
147	}
148#endif /* CONFIG_LIBNL20 */
149
150	nl_socket_set_nonblocking(*handle);
151	eloop_register_read_sock(nl_socket_get_fd(*handle), handler,
152				 eloop_data, *handle);
153	*handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID);
154}
155
156
157static void nl80211_destroy_eloop_handle(struct nl_handle **handle)
158{
159	*handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID);
160	eloop_unregister_read_sock(nl_socket_get_fd(*handle));
161	nl_destroy_handles(handle);
162}
163
164
165static void nl80211_global_deinit(void *priv);
166static void nl80211_check_global(struct nl80211_global *global);
167
168static void wpa_driver_nl80211_deinit(struct i802_bss *bss);
169static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss,
170					    struct hostapd_freq_params *freq);
171
172static int
173wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
174				   const u8 *set_addr, int first,
175				   const char *driver_params);
176static int nl80211_send_frame_cmd(struct i802_bss *bss,
177				  unsigned int freq, unsigned int wait,
178				  const u8 *buf, size_t buf_len, u64 *cookie,
179				  int no_cck, int no_ack, int offchanok,
180				  const u16 *csa_offs, size_t csa_offs_len);
181static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss,
182					       int report);
183
184#define IFIDX_ANY -1
185
186static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
187		      int ifidx_reason);
188static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
189		      int ifidx_reason);
190static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
191		      int ifidx_reason);
192
193static int nl80211_set_channel(struct i802_bss *bss,
194			       struct hostapd_freq_params *freq, int set_chan);
195static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
196				     int ifindex, int disabled);
197
198static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv,
199			      int reset_mode);
200
201static int i802_set_iface_flags(struct i802_bss *bss, int up);
202static int nl80211_set_param(void *priv, const char *param);
203
204
205/* Converts nl80211_chan_width to a common format */
206enum chan_width convert2width(int width)
207{
208	switch (width) {
209	case NL80211_CHAN_WIDTH_20_NOHT:
210		return CHAN_WIDTH_20_NOHT;
211	case NL80211_CHAN_WIDTH_20:
212		return CHAN_WIDTH_20;
213	case NL80211_CHAN_WIDTH_40:
214		return CHAN_WIDTH_40;
215	case NL80211_CHAN_WIDTH_80:
216		return CHAN_WIDTH_80;
217	case NL80211_CHAN_WIDTH_80P80:
218		return CHAN_WIDTH_80P80;
219	case NL80211_CHAN_WIDTH_160:
220		return CHAN_WIDTH_160;
221	}
222	return CHAN_WIDTH_UNKNOWN;
223}
224
225
226int is_ap_interface(enum nl80211_iftype nlmode)
227{
228	return nlmode == NL80211_IFTYPE_AP ||
229		nlmode == NL80211_IFTYPE_P2P_GO;
230}
231
232
233int is_sta_interface(enum nl80211_iftype nlmode)
234{
235	return nlmode == NL80211_IFTYPE_STATION ||
236		nlmode == NL80211_IFTYPE_P2P_CLIENT;
237}
238
239
240static int is_p2p_net_interface(enum nl80211_iftype nlmode)
241{
242	return nlmode == NL80211_IFTYPE_P2P_CLIENT ||
243		nlmode == NL80211_IFTYPE_P2P_GO;
244}
245
246
247struct i802_bss * get_bss_ifindex(struct wpa_driver_nl80211_data *drv,
248				  int ifindex)
249{
250	struct i802_bss *bss;
251
252	for (bss = drv->first_bss; bss; bss = bss->next) {
253		if (bss->ifindex == ifindex)
254			return bss;
255	}
256
257	return NULL;
258}
259
260
261static int is_mesh_interface(enum nl80211_iftype nlmode)
262{
263	return nlmode == NL80211_IFTYPE_MESH_POINT;
264}
265
266
267void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv)
268{
269	if (drv->associated)
270		os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN);
271	drv->associated = 0;
272	os_memset(drv->bssid, 0, ETH_ALEN);
273}
274
275
276/* nl80211 code */
277static int ack_handler(struct nl_msg *msg, void *arg)
278{
279	int *err = arg;
280	*err = 0;
281	return NL_STOP;
282}
283
284static int finish_handler(struct nl_msg *msg, void *arg)
285{
286	int *ret = arg;
287	*ret = 0;
288	return NL_SKIP;
289}
290
291static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
292			 void *arg)
293{
294	int *ret = arg;
295	*ret = err->error;
296	return NL_SKIP;
297}
298
299
300static int no_seq_check(struct nl_msg *msg, void *arg)
301{
302	return NL_OK;
303}
304
305
306static void nl80211_nlmsg_clear(struct nl_msg *msg)
307{
308	/*
309	 * Clear nlmsg data, e.g., to make sure key material is not left in
310	 * heap memory for unnecessarily long time.
311	 */
312	if (msg) {
313		struct nlmsghdr *hdr = nlmsg_hdr(msg);
314		void *data = nlmsg_data(hdr);
315		/*
316		 * This would use nlmsg_datalen() or the older nlmsg_len() if
317		 * only libnl were to maintain a stable API.. Neither will work
318		 * with all released versions, so just calculate the length
319		 * here.
320		 */
321		int len = hdr->nlmsg_len - NLMSG_HDRLEN;
322
323		os_memset(data, 0, len);
324	}
325}
326
327
328static int send_and_recv(struct nl80211_global *global,
329			 struct nl_handle *nl_handle, struct nl_msg *msg,
330			 int (*valid_handler)(struct nl_msg *, void *),
331			 void *valid_data)
332{
333	struct nl_cb *cb;
334	int err = -ENOMEM;
335
336	if (!msg)
337		return -ENOMEM;
338
339	cb = nl_cb_clone(global->nl_cb);
340	if (!cb)
341		goto out;
342
343	err = nl_send_auto_complete(nl_handle, msg);
344	if (err < 0)
345		goto out;
346
347	err = 1;
348
349	nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
350	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
351	nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
352
353	if (valid_handler)
354		nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
355			  valid_handler, valid_data);
356
357	while (err > 0) {
358		int res = nl_recvmsgs(nl_handle, cb);
359		if (res < 0) {
360			wpa_printf(MSG_INFO,
361				   "nl80211: %s->nl_recvmsgs failed: %d",
362				   __func__, res);
363		}
364	}
365 out:
366	nl_cb_put(cb);
367	if (!valid_handler && valid_data == (void *) -1)
368		nl80211_nlmsg_clear(msg);
369	nlmsg_free(msg);
370	return err;
371}
372
373
374int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
375		       struct nl_msg *msg,
376		       int (*valid_handler)(struct nl_msg *, void *),
377		       void *valid_data)
378{
379	return send_and_recv(drv->global, drv->global->nl, msg,
380			     valid_handler, valid_data);
381}
382
383
384struct family_data {
385	const char *group;
386	int id;
387};
388
389
390static int family_handler(struct nl_msg *msg, void *arg)
391{
392	struct family_data *res = arg;
393	struct nlattr *tb[CTRL_ATTR_MAX + 1];
394	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
395	struct nlattr *mcgrp;
396	int i;
397
398	nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
399		  genlmsg_attrlen(gnlh, 0), NULL);
400	if (!tb[CTRL_ATTR_MCAST_GROUPS])
401		return NL_SKIP;
402
403	nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
404		struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
405		nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
406			  nla_len(mcgrp), NULL);
407		if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
408		    !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
409		    os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
410			       res->group,
411			       nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
412			continue;
413		res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
414		break;
415	};
416
417	return NL_SKIP;
418}
419
420
421static int nl_get_multicast_id(struct nl80211_global *global,
422			       const char *family, const char *group)
423{
424	struct nl_msg *msg;
425	int ret;
426	struct family_data res = { group, -ENOENT };
427
428	msg = nlmsg_alloc();
429	if (!msg)
430		return -ENOMEM;
431	if (!genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"),
432			 0, 0, CTRL_CMD_GETFAMILY, 0) ||
433	    nla_put_string(msg, CTRL_ATTR_FAMILY_NAME, family)) {
434		nlmsg_free(msg);
435		return -1;
436	}
437
438	ret = send_and_recv(global, global->nl, msg, family_handler, &res);
439	if (ret == 0)
440		ret = res.id;
441	return ret;
442}
443
444
445void * nl80211_cmd(struct wpa_driver_nl80211_data *drv,
446		   struct nl_msg *msg, int flags, uint8_t cmd)
447{
448	return genlmsg_put(msg, 0, 0, drv->global->nl80211_id,
449			   0, flags, cmd, 0);
450}
451
452
453static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss)
454{
455	if (bss->wdev_id_set)
456		return nla_put_u64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
457	return nla_put_u32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
458}
459
460
461struct nl_msg * nl80211_cmd_msg(struct i802_bss *bss, int flags, uint8_t cmd)
462{
463	struct nl_msg *msg;
464
465	msg = nlmsg_alloc();
466	if (!msg)
467		return NULL;
468
469	if (!nl80211_cmd(bss->drv, msg, flags, cmd) ||
470	    nl80211_set_iface_id(msg, bss) < 0) {
471		nlmsg_free(msg);
472		return NULL;
473	}
474
475	return msg;
476}
477
478
479static struct nl_msg *
480nl80211_ifindex_msg(struct wpa_driver_nl80211_data *drv, int ifindex,
481		    int flags, uint8_t cmd)
482{
483	struct nl_msg *msg;
484
485	msg = nlmsg_alloc();
486	if (!msg)
487		return NULL;
488
489	if (!nl80211_cmd(drv, msg, flags, cmd) ||
490	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, ifindex)) {
491		nlmsg_free(msg);
492		return NULL;
493	}
494
495	return msg;
496}
497
498
499struct nl_msg * nl80211_drv_msg(struct wpa_driver_nl80211_data *drv, int flags,
500				uint8_t cmd)
501{
502	return nl80211_ifindex_msg(drv, drv->ifindex, flags, cmd);
503}
504
505
506struct nl_msg * nl80211_bss_msg(struct i802_bss *bss, int flags, uint8_t cmd)
507{
508	return nl80211_ifindex_msg(bss->drv, bss->ifindex, flags, cmd);
509}
510
511
512struct wiphy_idx_data {
513	int wiphy_idx;
514	enum nl80211_iftype nlmode;
515	u8 *macaddr;
516};
517
518
519static int netdev_info_handler(struct nl_msg *msg, void *arg)
520{
521	struct nlattr *tb[NL80211_ATTR_MAX + 1];
522	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
523	struct wiphy_idx_data *info = arg;
524
525	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
526		  genlmsg_attrlen(gnlh, 0), NULL);
527
528	if (tb[NL80211_ATTR_WIPHY])
529		info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
530
531	if (tb[NL80211_ATTR_IFTYPE])
532		info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]);
533
534	if (tb[NL80211_ATTR_MAC] && info->macaddr)
535		os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
536			  ETH_ALEN);
537
538	return NL_SKIP;
539}
540
541
542int nl80211_get_wiphy_index(struct i802_bss *bss)
543{
544	struct nl_msg *msg;
545	struct wiphy_idx_data data = {
546		.wiphy_idx = -1,
547		.macaddr = NULL,
548	};
549
550	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)))
551		return -1;
552
553	if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0)
554		return data.wiphy_idx;
555	return -1;
556}
557
558
559static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss)
560{
561	struct nl_msg *msg;
562	struct wiphy_idx_data data = {
563		.nlmode = NL80211_IFTYPE_UNSPECIFIED,
564		.macaddr = NULL,
565	};
566
567	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)))
568		return NL80211_IFTYPE_UNSPECIFIED;
569
570	if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0)
571		return data.nlmode;
572	return NL80211_IFTYPE_UNSPECIFIED;
573}
574
575
576static int nl80211_get_macaddr(struct i802_bss *bss)
577{
578	struct nl_msg *msg;
579	struct wiphy_idx_data data = {
580		.macaddr = bss->addr,
581	};
582
583	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)))
584		return -1;
585
586	return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data);
587}
588
589
590static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv,
591				    struct nl80211_wiphy_data *w)
592{
593	struct nl_msg *msg;
594	int ret;
595
596	msg = nlmsg_alloc();
597	if (!msg)
598		return -1;
599
600	if (!nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS) ||
601	    nla_put_u32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx)) {
602		nlmsg_free(msg);
603		return -1;
604	}
605
606	ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL);
607	if (ret) {
608		wpa_printf(MSG_DEBUG, "nl80211: Register beacons command "
609			   "failed: ret=%d (%s)",
610			   ret, strerror(-ret));
611	}
612	return ret;
613}
614
615
616static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle)
617{
618	struct nl80211_wiphy_data *w = eloop_ctx;
619	int res;
620
621	wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available");
622
623	res = nl_recvmsgs(handle, w->nl_cb);
624	if (res < 0) {
625		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
626			   __func__, res);
627	}
628}
629
630
631static int process_beacon_event(struct nl_msg *msg, void *arg)
632{
633	struct nl80211_wiphy_data *w = arg;
634	struct wpa_driver_nl80211_data *drv;
635	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
636	struct nlattr *tb[NL80211_ATTR_MAX + 1];
637	union wpa_event_data event;
638
639	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
640		  genlmsg_attrlen(gnlh, 0), NULL);
641
642	if (gnlh->cmd != NL80211_CMD_FRAME) {
643		wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)",
644			   gnlh->cmd);
645		return NL_SKIP;
646	}
647
648	if (!tb[NL80211_ATTR_FRAME])
649		return NL_SKIP;
650
651	dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data,
652			 wiphy_list) {
653		os_memset(&event, 0, sizeof(event));
654		event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]);
655		event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]);
656		wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
657	}
658
659	return NL_SKIP;
660}
661
662
663static struct nl80211_wiphy_data *
664nl80211_get_wiphy_data_ap(struct i802_bss *bss)
665{
666	static DEFINE_DL_LIST(nl80211_wiphys);
667	struct nl80211_wiphy_data *w;
668	int wiphy_idx, found = 0;
669	struct i802_bss *tmp_bss;
670
671	if (bss->wiphy_data != NULL)
672		return bss->wiphy_data;
673
674	wiphy_idx = nl80211_get_wiphy_index(bss);
675
676	dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) {
677		if (w->wiphy_idx == wiphy_idx)
678			goto add;
679	}
680
681	/* alloc new one */
682	w = os_zalloc(sizeof(*w));
683	if (w == NULL)
684		return NULL;
685	w->wiphy_idx = wiphy_idx;
686	dl_list_init(&w->bsss);
687	dl_list_init(&w->drvs);
688
689	w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
690	if (!w->nl_cb) {
691		os_free(w);
692		return NULL;
693	}
694	nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
695	nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event,
696		  w);
697
698	w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb,
699					 "wiphy beacons");
700	if (w->nl_beacons == NULL) {
701		os_free(w);
702		return NULL;
703	}
704
705	if (nl80211_register_beacons(bss->drv, w)) {
706		nl_destroy_handles(&w->nl_beacons);
707		os_free(w);
708		return NULL;
709	}
710
711	nl80211_register_eloop_read(&w->nl_beacons, nl80211_recv_beacons, w);
712
713	dl_list_add(&nl80211_wiphys, &w->list);
714
715add:
716	/* drv entry for this bss already there? */
717	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
718		if (tmp_bss->drv == bss->drv) {
719			found = 1;
720			break;
721		}
722	}
723	/* if not add it */
724	if (!found)
725		dl_list_add(&w->drvs, &bss->drv->wiphy_list);
726
727	dl_list_add(&w->bsss, &bss->wiphy_list);
728	bss->wiphy_data = w;
729	return w;
730}
731
732
733static void nl80211_put_wiphy_data_ap(struct i802_bss *bss)
734{
735	struct nl80211_wiphy_data *w = bss->wiphy_data;
736	struct i802_bss *tmp_bss;
737	int found = 0;
738
739	if (w == NULL)
740		return;
741	bss->wiphy_data = NULL;
742	dl_list_del(&bss->wiphy_list);
743
744	/* still any for this drv present? */
745	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
746		if (tmp_bss->drv == bss->drv) {
747			found = 1;
748			break;
749		}
750	}
751	/* if not remove it */
752	if (!found)
753		dl_list_del(&bss->drv->wiphy_list);
754
755	if (!dl_list_empty(&w->bsss))
756		return;
757
758	nl80211_destroy_eloop_handle(&w->nl_beacons);
759
760	nl_cb_put(w->nl_cb);
761	dl_list_del(&w->list);
762	os_free(w);
763}
764
765
766static unsigned int nl80211_get_ifindex(void *priv)
767{
768	struct i802_bss *bss = priv;
769	struct wpa_driver_nl80211_data *drv = bss->drv;
770
771	return drv->ifindex;
772}
773
774
775static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
776{
777	struct i802_bss *bss = priv;
778	struct wpa_driver_nl80211_data *drv = bss->drv;
779	if (!drv->associated)
780		return -1;
781	os_memcpy(bssid, drv->bssid, ETH_ALEN);
782	return 0;
783}
784
785
786static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
787{
788	struct i802_bss *bss = priv;
789	struct wpa_driver_nl80211_data *drv = bss->drv;
790	if (!drv->associated)
791		return -1;
792	os_memcpy(ssid, drv->ssid, drv->ssid_len);
793	return drv->ssid_len;
794}
795
796
797static void wpa_driver_nl80211_event_newlink(
798	struct nl80211_global *global, struct wpa_driver_nl80211_data *drv,
799	int ifindex, const char *ifname)
800{
801	union wpa_event_data event;
802
803	if (drv && os_strcmp(drv->first_bss->ifname, ifname) == 0) {
804		if (if_nametoindex(drv->first_bss->ifname) == 0) {
805			wpa_printf(MSG_DEBUG, "nl80211: Interface %s does not exist - ignore RTM_NEWLINK",
806				   drv->first_bss->ifname);
807			return;
808		}
809		if (!drv->if_removed)
810			return;
811		wpa_printf(MSG_DEBUG, "nl80211: Mark if_removed=0 for %s based on RTM_NEWLINK event",
812			   drv->first_bss->ifname);
813		drv->if_removed = 0;
814	}
815
816	os_memset(&event, 0, sizeof(event));
817	event.interface_status.ifindex = ifindex;
818	os_strlcpy(event.interface_status.ifname, ifname,
819		   sizeof(event.interface_status.ifname));
820	event.interface_status.ievent = EVENT_INTERFACE_ADDED;
821	if (drv)
822		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
823	else
824		wpa_supplicant_event_global(global->ctx, EVENT_INTERFACE_STATUS,
825					    &event);
826}
827
828
829static void wpa_driver_nl80211_event_dellink(
830	struct nl80211_global *global, struct wpa_driver_nl80211_data *drv,
831	int ifindex, const char *ifname)
832{
833	union wpa_event_data event;
834
835	if (drv && os_strcmp(drv->first_bss->ifname, ifname) == 0) {
836		if (drv->if_removed) {
837			wpa_printf(MSG_DEBUG, "nl80211: if_removed already set - ignore RTM_DELLINK event for %s",
838				   ifname);
839			return;
840		}
841		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed - mark if_removed=1",
842			   ifname);
843		drv->if_removed = 1;
844	} else {
845		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed",
846			   ifname);
847	}
848
849	os_memset(&event, 0, sizeof(event));
850	event.interface_status.ifindex = ifindex;
851	os_strlcpy(event.interface_status.ifname, ifname,
852		   sizeof(event.interface_status.ifname));
853	event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
854	if (drv)
855		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
856	else
857		wpa_supplicant_event_global(global->ctx, EVENT_INTERFACE_STATUS,
858					    &event);
859}
860
861
862static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
863					 u8 *buf, size_t len)
864{
865	int attrlen, rta_len;
866	struct rtattr *attr;
867
868	attrlen = len;
869	attr = (struct rtattr *) buf;
870
871	rta_len = RTA_ALIGN(sizeof(struct rtattr));
872	while (RTA_OK(attr, attrlen)) {
873		if (attr->rta_type == IFLA_IFNAME) {
874			if (os_strcmp(((char *) attr) + rta_len,
875				      drv->first_bss->ifname) == 0)
876				return 1;
877			else
878				break;
879		}
880		attr = RTA_NEXT(attr, attrlen);
881	}
882
883	return 0;
884}
885
886
887static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
888					  int ifindex, u8 *buf, size_t len)
889{
890	if (drv->ifindex == ifindex)
891		return 1;
892
893	if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
894		nl80211_check_global(drv->global);
895		wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
896			   "interface");
897		wpa_driver_nl80211_finish_drv_init(drv, NULL, 0, NULL);
898		return 1;
899	}
900
901	return 0;
902}
903
904
905static struct wpa_driver_nl80211_data *
906nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len)
907{
908	struct wpa_driver_nl80211_data *drv;
909	dl_list_for_each(drv, &global->interfaces,
910			 struct wpa_driver_nl80211_data, list) {
911		if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) ||
912		    have_ifidx(drv, idx, IFIDX_ANY))
913			return drv;
914	}
915	return NULL;
916}
917
918
919static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
920						 struct ifinfomsg *ifi,
921						 u8 *buf, size_t len)
922{
923	struct nl80211_global *global = ctx;
924	struct wpa_driver_nl80211_data *drv;
925	int attrlen;
926	struct rtattr *attr;
927	u32 brid = 0;
928	char namebuf[IFNAMSIZ];
929	char ifname[IFNAMSIZ + 1];
930	char extra[100], *pos, *end;
931
932	extra[0] = '\0';
933	pos = extra;
934	end = pos + sizeof(extra);
935	ifname[0] = '\0';
936
937	attrlen = len;
938	attr = (struct rtattr *) buf;
939	while (RTA_OK(attr, attrlen)) {
940		switch (attr->rta_type) {
941		case IFLA_IFNAME:
942			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
943				break;
944			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
945			ifname[RTA_PAYLOAD(attr)] = '\0';
946			break;
947		case IFLA_MASTER:
948			brid = nla_get_u32((struct nlattr *) attr);
949			pos += os_snprintf(pos, end - pos, " master=%u", brid);
950			break;
951		case IFLA_WIRELESS:
952			pos += os_snprintf(pos, end - pos, " wext");
953			break;
954		case IFLA_OPERSTATE:
955			pos += os_snprintf(pos, end - pos, " operstate=%u",
956					   nla_get_u32((struct nlattr *) attr));
957			break;
958		case IFLA_LINKMODE:
959			pos += os_snprintf(pos, end - pos, " linkmode=%u",
960					   nla_get_u32((struct nlattr *) attr));
961			break;
962		}
963		attr = RTA_NEXT(attr, attrlen);
964	}
965	extra[sizeof(extra) - 1] = '\0';
966
967	wpa_printf(MSG_DEBUG, "RTM_NEWLINK: ifi_index=%d ifname=%s%s ifi_family=%d ifi_flags=0x%x (%s%s%s%s)",
968		   ifi->ifi_index, ifname, extra, ifi->ifi_family,
969		   ifi->ifi_flags,
970		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
971		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
972		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
973		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
974
975	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
976	if (!drv)
977		goto event_newlink;
978
979	if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
980		namebuf[0] = '\0';
981		if (if_indextoname(ifi->ifi_index, namebuf) &&
982		    linux_iface_up(drv->global->ioctl_sock, namebuf) > 0) {
983			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
984				   "event since interface %s is up", namebuf);
985			drv->ignore_if_down_event = 0;
986			return;
987		}
988		wpa_printf(MSG_DEBUG, "nl80211: Interface down (%s/%s)",
989			   namebuf, ifname);
990		if (os_strcmp(drv->first_bss->ifname, ifname) != 0) {
991			wpa_printf(MSG_DEBUG,
992				   "nl80211: Not the main interface (%s) - do not indicate interface down",
993				   drv->first_bss->ifname);
994		} else if (drv->ignore_if_down_event) {
995			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
996				   "event generated by mode change");
997			drv->ignore_if_down_event = 0;
998		} else {
999			drv->if_disabled = 1;
1000			wpa_supplicant_event(drv->ctx,
1001					     EVENT_INTERFACE_DISABLED, NULL);
1002
1003			/*
1004			 * Try to get drv again, since it may be removed as
1005			 * part of the EVENT_INTERFACE_DISABLED handling for
1006			 * dynamic interfaces
1007			 */
1008			drv = nl80211_find_drv(global, ifi->ifi_index,
1009					       buf, len);
1010			if (!drv)
1011				return;
1012		}
1013	}
1014
1015	if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
1016		if (if_indextoname(ifi->ifi_index, namebuf) &&
1017		    linux_iface_up(drv->global->ioctl_sock, namebuf) == 0) {
1018			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1019				   "event since interface %s is down",
1020				   namebuf);
1021		} else if (if_nametoindex(drv->first_bss->ifname) == 0) {
1022			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1023				   "event since interface %s does not exist",
1024				   drv->first_bss->ifname);
1025		} else if (drv->if_removed) {
1026			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1027				   "event since interface %s is marked "
1028				   "removed", drv->first_bss->ifname);
1029		} else {
1030			struct i802_bss *bss;
1031			u8 addr[ETH_ALEN];
1032
1033			/* Re-read MAC address as it may have changed */
1034			bss = get_bss_ifindex(drv, ifi->ifi_index);
1035			if (bss &&
1036			    linux_get_ifhwaddr(drv->global->ioctl_sock,
1037					       bss->ifname, addr) < 0) {
1038				wpa_printf(MSG_DEBUG,
1039					   "nl80211: %s: failed to re-read MAC address",
1040					   bss->ifname);
1041			} else if (bss &&
1042				   os_memcmp(addr, bss->addr, ETH_ALEN) != 0) {
1043				wpa_printf(MSG_DEBUG,
1044					   "nl80211: Own MAC address on ifindex %d (%s) changed from "
1045					   MACSTR " to " MACSTR,
1046					   ifi->ifi_index, bss->ifname,
1047					   MAC2STR(bss->addr),
1048					   MAC2STR(addr));
1049				os_memcpy(bss->addr, addr, ETH_ALEN);
1050			}
1051
1052			wpa_printf(MSG_DEBUG, "nl80211: Interface up");
1053			drv->if_disabled = 0;
1054			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
1055					     NULL);
1056		}
1057	}
1058
1059	/*
1060	 * Some drivers send the association event before the operup event--in
1061	 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
1062	 * fails. This will hit us when wpa_supplicant does not need to do
1063	 * IEEE 802.1X authentication
1064	 */
1065	if (drv->operstate == 1 &&
1066	    (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
1067	    !(ifi->ifi_flags & IFF_RUNNING)) {
1068		wpa_printf(MSG_DEBUG, "nl80211: Set IF_OPER_UP again based on ifi_flags and expected operstate");
1069		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
1070				       -1, IF_OPER_UP);
1071	}
1072
1073event_newlink:
1074	if (ifname[0])
1075		wpa_driver_nl80211_event_newlink(global, drv, ifi->ifi_index,
1076						 ifname);
1077
1078	if (ifi->ifi_family == AF_BRIDGE && brid && drv) {
1079		struct i802_bss *bss;
1080
1081		/* device has been added to bridge */
1082		if (!if_indextoname(brid, namebuf)) {
1083			wpa_printf(MSG_DEBUG,
1084				   "nl80211: Could not find bridge ifname for ifindex %u",
1085				   brid);
1086			return;
1087		}
1088		wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
1089			   brid, namebuf);
1090		add_ifidx(drv, brid, ifi->ifi_index);
1091
1092		for (bss = drv->first_bss; bss; bss = bss->next) {
1093			if (os_strcmp(ifname, bss->ifname) == 0) {
1094				os_strlcpy(bss->brname, namebuf, IFNAMSIZ);
1095				break;
1096			}
1097		}
1098	}
1099}
1100
1101
1102static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
1103						 struct ifinfomsg *ifi,
1104						 u8 *buf, size_t len)
1105{
1106	struct nl80211_global *global = ctx;
1107	struct wpa_driver_nl80211_data *drv;
1108	int attrlen;
1109	struct rtattr *attr;
1110	u32 brid = 0;
1111	char ifname[IFNAMSIZ + 1];
1112	char extra[100], *pos, *end;
1113
1114	extra[0] = '\0';
1115	pos = extra;
1116	end = pos + sizeof(extra);
1117	ifname[0] = '\0';
1118
1119	attrlen = len;
1120	attr = (struct rtattr *) buf;
1121	while (RTA_OK(attr, attrlen)) {
1122		switch (attr->rta_type) {
1123		case IFLA_IFNAME:
1124			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
1125				break;
1126			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
1127			ifname[RTA_PAYLOAD(attr)] = '\0';
1128			break;
1129		case IFLA_MASTER:
1130			brid = nla_get_u32((struct nlattr *) attr);
1131			pos += os_snprintf(pos, end - pos, " master=%u", brid);
1132			break;
1133		case IFLA_OPERSTATE:
1134			pos += os_snprintf(pos, end - pos, " operstate=%u",
1135					   nla_get_u32((struct nlattr *) attr));
1136			break;
1137		case IFLA_LINKMODE:
1138			pos += os_snprintf(pos, end - pos, " linkmode=%u",
1139					   nla_get_u32((struct nlattr *) attr));
1140			break;
1141		}
1142		attr = RTA_NEXT(attr, attrlen);
1143	}
1144	extra[sizeof(extra) - 1] = '\0';
1145
1146	wpa_printf(MSG_DEBUG, "RTM_DELLINK: ifi_index=%d ifname=%s%s ifi_family=%d ifi_flags=0x%x (%s%s%s%s)",
1147		   ifi->ifi_index, ifname, extra, ifi->ifi_family,
1148		   ifi->ifi_flags,
1149		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
1150		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
1151		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
1152		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
1153
1154	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
1155
1156	if (ifi->ifi_family == AF_BRIDGE && brid && drv) {
1157		/* device has been removed from bridge */
1158		char namebuf[IFNAMSIZ];
1159
1160		if (!if_indextoname(brid, namebuf)) {
1161			wpa_printf(MSG_DEBUG,
1162				   "nl80211: Could not find bridge ifname for ifindex %u",
1163				   brid);
1164		} else {
1165			wpa_printf(MSG_DEBUG,
1166				   "nl80211: Remove ifindex %u for bridge %s",
1167				   brid, namebuf);
1168		}
1169		del_ifidx(drv, brid, ifi->ifi_index);
1170	}
1171
1172	if (ifi->ifi_family != AF_BRIDGE || !brid)
1173		wpa_driver_nl80211_event_dellink(global, drv, ifi->ifi_index,
1174						 ifname);
1175}
1176
1177
1178unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
1179{
1180	struct nl_msg *msg;
1181	int ret;
1182	struct nl80211_bss_info_arg arg;
1183
1184	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1185	os_memset(&arg, 0, sizeof(arg));
1186	arg.drv = drv;
1187	ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
1188	if (ret == 0) {
1189		unsigned int freq = drv->nlmode == NL80211_IFTYPE_ADHOC ?
1190			arg.ibss_freq : arg.assoc_freq;
1191		wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
1192			   "associated BSS from scan results: %u MHz", freq);
1193		if (freq)
1194			drv->assoc_freq = freq;
1195		return drv->assoc_freq;
1196	}
1197	wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1198		   "(%s)", ret, strerror(-ret));
1199	return drv->assoc_freq;
1200}
1201
1202
1203static int get_link_signal(struct nl_msg *msg, void *arg)
1204{
1205	struct nlattr *tb[NL80211_ATTR_MAX + 1];
1206	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1207	struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
1208	static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
1209		[NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
1210		[NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 },
1211		[NL80211_STA_INFO_BEACON_SIGNAL_AVG] = { .type = NLA_U8 },
1212	};
1213	struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
1214	static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
1215		[NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
1216		[NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
1217		[NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
1218		[NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
1219	};
1220	struct wpa_signal_info *sig_change = arg;
1221
1222	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1223		  genlmsg_attrlen(gnlh, 0), NULL);
1224	if (!tb[NL80211_ATTR_STA_INFO] ||
1225	    nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
1226			     tb[NL80211_ATTR_STA_INFO], policy))
1227		return NL_SKIP;
1228	if (!sinfo[NL80211_STA_INFO_SIGNAL])
1229		return NL_SKIP;
1230
1231	sig_change->current_signal =
1232		(s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
1233
1234	if (sinfo[NL80211_STA_INFO_SIGNAL_AVG])
1235		sig_change->avg_signal =
1236			(s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]);
1237	else
1238		sig_change->avg_signal = 0;
1239
1240	if (sinfo[NL80211_STA_INFO_BEACON_SIGNAL_AVG])
1241		sig_change->avg_beacon_signal =
1242			(s8)
1243			nla_get_u8(sinfo[NL80211_STA_INFO_BEACON_SIGNAL_AVG]);
1244	else
1245		sig_change->avg_beacon_signal = 0;
1246
1247	if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
1248		if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
1249				     sinfo[NL80211_STA_INFO_TX_BITRATE],
1250				     rate_policy)) {
1251			sig_change->current_txrate = 0;
1252		} else {
1253			if (rinfo[NL80211_RATE_INFO_BITRATE]) {
1254				sig_change->current_txrate =
1255					nla_get_u16(rinfo[
1256					     NL80211_RATE_INFO_BITRATE]) * 100;
1257			}
1258		}
1259	}
1260
1261	return NL_SKIP;
1262}
1263
1264
1265int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
1266			    struct wpa_signal_info *sig)
1267{
1268	struct nl_msg *msg;
1269
1270	sig->current_signal = -9999;
1271	sig->current_txrate = 0;
1272
1273	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_STATION)) ||
1274	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid)) {
1275		nlmsg_free(msg);
1276		return -ENOBUFS;
1277	}
1278
1279	return send_and_recv_msgs(drv, msg, get_link_signal, sig);
1280}
1281
1282
1283static int get_link_noise(struct nl_msg *msg, void *arg)
1284{
1285	struct nlattr *tb[NL80211_ATTR_MAX + 1];
1286	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1287	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1288	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1289		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1290		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1291	};
1292	struct wpa_signal_info *sig_change = arg;
1293
1294	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1295		  genlmsg_attrlen(gnlh, 0), NULL);
1296
1297	if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1298		wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
1299		return NL_SKIP;
1300	}
1301
1302	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1303			     tb[NL80211_ATTR_SURVEY_INFO],
1304			     survey_policy)) {
1305		wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
1306			   "attributes!");
1307		return NL_SKIP;
1308	}
1309
1310	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1311		return NL_SKIP;
1312
1313	if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1314	    sig_change->frequency)
1315		return NL_SKIP;
1316
1317	if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1318		return NL_SKIP;
1319
1320	sig_change->current_noise =
1321		(s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1322
1323	return NL_SKIP;
1324}
1325
1326
1327int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
1328			   struct wpa_signal_info *sig_change)
1329{
1330	struct nl_msg *msg;
1331
1332	sig_change->current_noise = 9999;
1333	sig_change->frequency = drv->assoc_freq;
1334
1335	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
1336	return send_and_recv_msgs(drv, msg, get_link_noise, sig_change);
1337}
1338
1339
1340static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
1341					     void *handle)
1342{
1343	struct nl_cb *cb = eloop_ctx;
1344	int res;
1345
1346	wpa_printf(MSG_MSGDUMP, "nl80211: Event message available");
1347
1348	res = nl_recvmsgs(handle, cb);
1349	if (res < 0) {
1350		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
1351			   __func__, res);
1352	}
1353}
1354
1355
1356/**
1357 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
1358 * @priv: driver_nl80211 private data
1359 * @alpha2_arg: country to which to switch to
1360 * Returns: 0 on success, -1 on failure
1361 *
1362 * This asks nl80211 to set the regulatory domain for given
1363 * country ISO / IEC alpha2.
1364 */
1365static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
1366{
1367	struct i802_bss *bss = priv;
1368	struct wpa_driver_nl80211_data *drv = bss->drv;
1369	char alpha2[3];
1370	struct nl_msg *msg;
1371
1372	msg = nlmsg_alloc();
1373	if (!msg)
1374		return -ENOMEM;
1375
1376	alpha2[0] = alpha2_arg[0];
1377	alpha2[1] = alpha2_arg[1];
1378	alpha2[2] = '\0';
1379
1380	if (!nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG) ||
1381	    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, alpha2)) {
1382		nlmsg_free(msg);
1383		return -EINVAL;
1384	}
1385	if (send_and_recv_msgs(drv, msg, NULL, NULL))
1386		return -EINVAL;
1387	return 0;
1388}
1389
1390
1391static int nl80211_get_country(struct nl_msg *msg, void *arg)
1392{
1393	char *alpha2 = arg;
1394	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
1395	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1396
1397	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1398		  genlmsg_attrlen(gnlh, 0), NULL);
1399	if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) {
1400		wpa_printf(MSG_DEBUG, "nl80211: No country information available");
1401		return NL_SKIP;
1402	}
1403	os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3);
1404	return NL_SKIP;
1405}
1406
1407
1408static int wpa_driver_nl80211_get_country(void *priv, char *alpha2)
1409{
1410	struct i802_bss *bss = priv;
1411	struct wpa_driver_nl80211_data *drv = bss->drv;
1412	struct nl_msg *msg;
1413	int ret;
1414
1415	msg = nlmsg_alloc();
1416	if (!msg)
1417		return -ENOMEM;
1418
1419	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG);
1420	alpha2[0] = '\0';
1421	ret = send_and_recv_msgs(drv, msg, nl80211_get_country, alpha2);
1422	if (!alpha2[0])
1423		ret = -1;
1424
1425	return ret;
1426}
1427
1428
1429static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
1430{
1431	int ret;
1432
1433	global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1434	if (global->nl_cb == NULL) {
1435		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1436			   "callbacks");
1437		return -1;
1438	}
1439
1440	global->nl = nl_create_handle(global->nl_cb, "nl");
1441	if (global->nl == NULL)
1442		goto err;
1443
1444	global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211");
1445	if (global->nl80211_id < 0) {
1446		wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
1447			   "found");
1448		goto err;
1449	}
1450
1451	global->nl_event = nl_create_handle(global->nl_cb, "event");
1452	if (global->nl_event == NULL)
1453		goto err;
1454
1455	ret = nl_get_multicast_id(global, "nl80211", "scan");
1456	if (ret >= 0)
1457		ret = nl_socket_add_membership(global->nl_event, ret);
1458	if (ret < 0) {
1459		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1460			   "membership for scan events: %d (%s)",
1461			   ret, strerror(-ret));
1462		goto err;
1463	}
1464
1465	ret = nl_get_multicast_id(global, "nl80211", "mlme");
1466	if (ret >= 0)
1467		ret = nl_socket_add_membership(global->nl_event, ret);
1468	if (ret < 0) {
1469		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1470			   "membership for mlme events: %d (%s)",
1471			   ret, strerror(-ret));
1472		goto err;
1473	}
1474
1475	ret = nl_get_multicast_id(global, "nl80211", "regulatory");
1476	if (ret >= 0)
1477		ret = nl_socket_add_membership(global->nl_event, ret);
1478	if (ret < 0) {
1479		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
1480			   "membership for regulatory events: %d (%s)",
1481			   ret, strerror(-ret));
1482		/* Continue without regulatory events */
1483	}
1484
1485	ret = nl_get_multicast_id(global, "nl80211", "vendor");
1486	if (ret >= 0)
1487		ret = nl_socket_add_membership(global->nl_event, ret);
1488	if (ret < 0) {
1489		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
1490			   "membership for vendor events: %d (%s)",
1491			   ret, strerror(-ret));
1492		/* Continue without vendor events */
1493	}
1494
1495	nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
1496		  no_seq_check, NULL);
1497	nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
1498		  process_global_event, global);
1499
1500	nl80211_register_eloop_read(&global->nl_event,
1501				    wpa_driver_nl80211_event_receive,
1502				    global->nl_cb);
1503
1504	return 0;
1505
1506err:
1507	nl_destroy_handles(&global->nl_event);
1508	nl_destroy_handles(&global->nl);
1509	nl_cb_put(global->nl_cb);
1510	global->nl_cb = NULL;
1511	return -1;
1512}
1513
1514
1515static void nl80211_check_global(struct nl80211_global *global)
1516{
1517	struct nl_handle *handle;
1518	const char *groups[] = { "scan", "mlme", "regulatory", "vendor", NULL };
1519	int ret;
1520	unsigned int i;
1521
1522	/*
1523	 * Try to re-add memberships to handle case of cfg80211 getting reloaded
1524	 * and all registration having been cleared.
1525	 */
1526	handle = (void *) (((intptr_t) global->nl_event) ^
1527			   ELOOP_SOCKET_INVALID);
1528
1529	for (i = 0; groups[i]; i++) {
1530		ret = nl_get_multicast_id(global, "nl80211", groups[i]);
1531		if (ret >= 0)
1532			ret = nl_socket_add_membership(handle, ret);
1533		if (ret < 0) {
1534			wpa_printf(MSG_INFO,
1535				   "nl80211: Could not re-add multicast membership for %s events: %d (%s)",
1536				   groups[i], ret, strerror(-ret));
1537		}
1538	}
1539}
1540
1541
1542static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
1543{
1544	struct wpa_driver_nl80211_data *drv = ctx;
1545
1546	wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
1547
1548	/*
1549	 * rtnetlink ifdown handler will report interfaces other than the P2P
1550	 * Device interface as disabled.
1551	 */
1552	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
1553		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL);
1554}
1555
1556
1557static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
1558{
1559	struct wpa_driver_nl80211_data *drv = ctx;
1560	wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
1561	if (i802_set_iface_flags(drv->first_bss, 1)) {
1562		wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
1563			   "after rfkill unblock");
1564		return;
1565	}
1566
1567	if (is_p2p_net_interface(drv->nlmode))
1568		nl80211_disable_11b_rates(drv, drv->ifindex, 1);
1569
1570	/*
1571	 * rtnetlink ifup handler will report interfaces other than the P2P
1572	 * Device interface as enabled.
1573	 */
1574	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
1575		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL);
1576}
1577
1578
1579static void wpa_driver_nl80211_handle_eapol_tx_status(int sock,
1580						      void *eloop_ctx,
1581						      void *handle)
1582{
1583	struct wpa_driver_nl80211_data *drv = eloop_ctx;
1584	u8 data[2048];
1585	struct msghdr msg;
1586	struct iovec entry;
1587	u8 control[512];
1588	struct cmsghdr *cmsg;
1589	int res, found_ee = 0, found_wifi = 0, acked = 0;
1590	union wpa_event_data event;
1591
1592	memset(&msg, 0, sizeof(msg));
1593	msg.msg_iov = &entry;
1594	msg.msg_iovlen = 1;
1595	entry.iov_base = data;
1596	entry.iov_len = sizeof(data);
1597	msg.msg_control = &control;
1598	msg.msg_controllen = sizeof(control);
1599
1600	res = recvmsg(sock, &msg, MSG_ERRQUEUE);
1601	/* if error or not fitting 802.3 header, return */
1602	if (res < 14)
1603		return;
1604
1605	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
1606	{
1607		if (cmsg->cmsg_level == SOL_SOCKET &&
1608		    cmsg->cmsg_type == SCM_WIFI_STATUS) {
1609			int *ack;
1610
1611			found_wifi = 1;
1612			ack = (void *)CMSG_DATA(cmsg);
1613			acked = *ack;
1614		}
1615
1616		if (cmsg->cmsg_level == SOL_PACKET &&
1617		    cmsg->cmsg_type == PACKET_TX_TIMESTAMP) {
1618			struct sock_extended_err *err =
1619				(struct sock_extended_err *)CMSG_DATA(cmsg);
1620
1621			if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS)
1622				found_ee = 1;
1623		}
1624	}
1625
1626	if (!found_ee || !found_wifi)
1627		return;
1628
1629	memset(&event, 0, sizeof(event));
1630	event.eapol_tx_status.dst = data;
1631	event.eapol_tx_status.data = data + 14;
1632	event.eapol_tx_status.data_len = res - 14;
1633	event.eapol_tx_status.ack = acked;
1634	wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event);
1635}
1636
1637
1638static int nl80211_init_bss(struct i802_bss *bss)
1639{
1640	bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1641	if (!bss->nl_cb)
1642		return -1;
1643
1644	nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
1645		  no_seq_check, NULL);
1646	nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
1647		  process_bss_event, bss);
1648
1649	return 0;
1650}
1651
1652
1653static void nl80211_destroy_bss(struct i802_bss *bss)
1654{
1655	nl_cb_put(bss->nl_cb);
1656	bss->nl_cb = NULL;
1657}
1658
1659
1660static void
1661wpa_driver_nl80211_drv_init_rfkill(struct wpa_driver_nl80211_data *drv)
1662{
1663	struct rfkill_config *rcfg;
1664
1665	if (drv->rfkill)
1666		return;
1667
1668	rcfg = os_zalloc(sizeof(*rcfg));
1669	if (!rcfg)
1670		return;
1671
1672	rcfg->ctx = drv;
1673
1674	/* rfkill uses netdev sysfs for initialization. However, P2P Device is
1675	 * not associated with a netdev, so use the name of some other interface
1676	 * sharing the same wiphy as the P2P Device interface.
1677	 *
1678	 * Note: This is valid, as a P2P Device interface is always dynamically
1679	 * created and is created only once another wpa_s interface was added.
1680	 */
1681	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) {
1682		struct nl80211_global *global = drv->global;
1683		struct wpa_driver_nl80211_data *tmp1;
1684
1685		dl_list_for_each(tmp1, &global->interfaces,
1686				 struct wpa_driver_nl80211_data, list) {
1687			if (drv == tmp1 || drv->wiphy_idx != tmp1->wiphy_idx ||
1688			    !tmp1->rfkill)
1689				continue;
1690
1691			wpa_printf(MSG_DEBUG,
1692				   "nl80211: Use (%s) to initialize P2P Device rfkill",
1693				   tmp1->first_bss->ifname);
1694			os_strlcpy(rcfg->ifname, tmp1->first_bss->ifname,
1695				   sizeof(rcfg->ifname));
1696			break;
1697		}
1698	} else {
1699		os_strlcpy(rcfg->ifname, drv->first_bss->ifname,
1700			   sizeof(rcfg->ifname));
1701	}
1702
1703	rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
1704	rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
1705	drv->rfkill = rfkill_init(rcfg);
1706	if (!drv->rfkill) {
1707		wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
1708		os_free(rcfg);
1709	}
1710}
1711
1712
1713static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname,
1714					  void *global_priv, int hostapd,
1715					  const u8 *set_addr,
1716					  const char *driver_params)
1717{
1718	struct wpa_driver_nl80211_data *drv;
1719	struct i802_bss *bss;
1720
1721	if (global_priv == NULL)
1722		return NULL;
1723	drv = os_zalloc(sizeof(*drv));
1724	if (drv == NULL)
1725		return NULL;
1726	drv->global = global_priv;
1727	drv->ctx = ctx;
1728	drv->hostapd = !!hostapd;
1729	drv->eapol_sock = -1;
1730
1731	/*
1732	 * There is no driver capability flag for this, so assume it is
1733	 * supported and disable this on first attempt to use if the driver
1734	 * rejects the command due to missing support.
1735	 */
1736	drv->set_rekey_offload = 1;
1737
1738	drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
1739	drv->if_indices = drv->default_if_indices;
1740	drv->if_indices_reason = drv->default_if_indices_reason;
1741
1742	drv->first_bss = os_zalloc(sizeof(*drv->first_bss));
1743	if (!drv->first_bss) {
1744		os_free(drv);
1745		return NULL;
1746	}
1747	bss = drv->first_bss;
1748	bss->drv = drv;
1749	bss->ctx = ctx;
1750
1751	os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
1752	drv->monitor_ifidx = -1;
1753	drv->monitor_sock = -1;
1754	drv->eapol_tx_sock = -1;
1755	drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
1756
1757	if (nl80211_init_bss(bss))
1758		goto failed;
1759
1760	if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1, driver_params))
1761		goto failed;
1762
1763	drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
1764	if (drv->eapol_tx_sock < 0)
1765		goto failed;
1766
1767	if (drv->data_tx_status) {
1768		int enabled = 1;
1769
1770		if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS,
1771			       &enabled, sizeof(enabled)) < 0) {
1772			wpa_printf(MSG_DEBUG,
1773				"nl80211: wifi status sockopt failed\n");
1774			drv->data_tx_status = 0;
1775			if (!drv->use_monitor)
1776				drv->capa.flags &=
1777					~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
1778		} else {
1779			eloop_register_read_sock(drv->eapol_tx_sock,
1780				wpa_driver_nl80211_handle_eapol_tx_status,
1781				drv, NULL);
1782		}
1783	}
1784
1785	if (drv->global) {
1786		nl80211_check_global(drv->global);
1787		dl_list_add(&drv->global->interfaces, &drv->list);
1788		drv->in_interface_list = 1;
1789	}
1790
1791	return bss;
1792
1793failed:
1794	wpa_driver_nl80211_deinit(bss);
1795	return NULL;
1796}
1797
1798
1799/**
1800 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
1801 * @ctx: context to be used when calling wpa_supplicant functions,
1802 * e.g., wpa_supplicant_event()
1803 * @ifname: interface name, e.g., wlan0
1804 * @global_priv: private driver global data from global_init()
1805 * Returns: Pointer to private data, %NULL on failure
1806 */
1807static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
1808				      void *global_priv)
1809{
1810	return wpa_driver_nl80211_drv_init(ctx, ifname, global_priv, 0, NULL,
1811					   NULL);
1812}
1813
1814
1815static int nl80211_register_frame(struct i802_bss *bss,
1816				  struct nl_handle *nl_handle,
1817				  u16 type, const u8 *match, size_t match_len)
1818{
1819	struct wpa_driver_nl80211_data *drv = bss->drv;
1820	struct nl_msg *msg;
1821	int ret;
1822	char buf[30];
1823
1824	buf[0] = '\0';
1825	wpa_snprintf_hex(buf, sizeof(buf), match, match_len);
1826	wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x (%s) nl_handle=%p match=%s",
1827		   type, fc2str(type), nl_handle, buf);
1828
1829	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_REGISTER_ACTION)) ||
1830	    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, type) ||
1831	    nla_put(msg, NL80211_ATTR_FRAME_MATCH, match_len, match)) {
1832		nlmsg_free(msg);
1833		return -1;
1834	}
1835
1836	ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL);
1837	if (ret) {
1838		wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
1839			   "failed (type=%u): ret=%d (%s)",
1840			   type, ret, strerror(-ret));
1841		wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
1842			    match, match_len);
1843	}
1844	return ret;
1845}
1846
1847
1848static int nl80211_alloc_mgmt_handle(struct i802_bss *bss)
1849{
1850	if (bss->nl_mgmt) {
1851		wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting "
1852			   "already on! (nl_mgmt=%p)", bss->nl_mgmt);
1853		return -1;
1854	}
1855
1856	bss->nl_mgmt = nl_create_handle(bss->nl_cb, "mgmt");
1857	if (bss->nl_mgmt == NULL)
1858		return -1;
1859
1860	return 0;
1861}
1862
1863
1864static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss)
1865{
1866	nl80211_register_eloop_read(&bss->nl_mgmt,
1867				    wpa_driver_nl80211_event_receive,
1868				    bss->nl_cb);
1869}
1870
1871
1872static int nl80211_register_action_frame(struct i802_bss *bss,
1873					 const u8 *match, size_t match_len)
1874{
1875	u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
1876	return nl80211_register_frame(bss, bss->nl_mgmt,
1877				      type, match, match_len);
1878}
1879
1880
1881static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
1882{
1883	struct wpa_driver_nl80211_data *drv = bss->drv;
1884	int ret = 0;
1885
1886	if (nl80211_alloc_mgmt_handle(bss))
1887		return -1;
1888	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP "
1889		   "handle %p", bss->nl_mgmt);
1890
1891	if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
1892		u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4);
1893
1894		/* register for any AUTH message */
1895		nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0);
1896	}
1897
1898#ifdef CONFIG_INTERWORKING
1899	/* QoS Map Configure */
1900	if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0)
1901		ret = -1;
1902#endif /* CONFIG_INTERWORKING */
1903#if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING)
1904	/* GAS Initial Request */
1905	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0)
1906		ret = -1;
1907	/* GAS Initial Response */
1908	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0)
1909		ret = -1;
1910	/* GAS Comeback Request */
1911	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0)
1912		ret = -1;
1913	/* GAS Comeback Response */
1914	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0)
1915		ret = -1;
1916	/* Protected GAS Initial Request */
1917	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0a", 2) < 0)
1918		ret = -1;
1919	/* Protected GAS Initial Response */
1920	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0b", 2) < 0)
1921		ret = -1;
1922	/* Protected GAS Comeback Request */
1923	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0c", 2) < 0)
1924		ret = -1;
1925	/* Protected GAS Comeback Response */
1926	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0d", 2) < 0)
1927		ret = -1;
1928#endif /* CONFIG_P2P || CONFIG_INTERWORKING */
1929#ifdef CONFIG_P2P
1930	/* P2P Public Action */
1931	if (nl80211_register_action_frame(bss,
1932					  (u8 *) "\x04\x09\x50\x6f\x9a\x09",
1933					  6) < 0)
1934		ret = -1;
1935	/* P2P Action */
1936	if (nl80211_register_action_frame(bss,
1937					  (u8 *) "\x7f\x50\x6f\x9a\x09",
1938					  5) < 0)
1939		ret = -1;
1940#endif /* CONFIG_P2P */
1941#ifdef CONFIG_IEEE80211W
1942	/* SA Query Response */
1943	if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0)
1944		ret = -1;
1945#endif /* CONFIG_IEEE80211W */
1946#ifdef CONFIG_TDLS
1947	if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) {
1948		/* TDLS Discovery Response */
1949		if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) <
1950		    0)
1951			ret = -1;
1952	}
1953#endif /* CONFIG_TDLS */
1954#ifdef CONFIG_FST
1955	/* FST Action frames */
1956	if (nl80211_register_action_frame(bss, (u8 *) "\x12", 1) < 0)
1957		ret = -1;
1958#endif /* CONFIG_FST */
1959
1960	/* FT Action frames */
1961	if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
1962		ret = -1;
1963	else
1964		drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
1965			WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
1966
1967	/* WNM - BSS Transition Management Request */
1968	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0)
1969		ret = -1;
1970	/* WNM-Sleep Mode Response */
1971	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0)
1972		ret = -1;
1973
1974#ifdef CONFIG_HS20
1975	/* WNM-Notification */
1976	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x1a", 2) < 0)
1977		ret = -1;
1978#endif /* CONFIG_HS20 */
1979
1980	/* WMM-AC ADDTS Response */
1981	if (nl80211_register_action_frame(bss, (u8 *) "\x11\x01", 2) < 0)
1982		ret = -1;
1983
1984	/* WMM-AC DELTS */
1985	if (nl80211_register_action_frame(bss, (u8 *) "\x11\x02", 2) < 0)
1986		ret = -1;
1987
1988	/* Radio Measurement - Neighbor Report Response */
1989	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x05", 2) < 0)
1990		ret = -1;
1991
1992	/* Radio Measurement - Link Measurement Request */
1993	if ((drv->capa.rrm_flags & WPA_DRIVER_FLAGS_TX_POWER_INSERTION) &&
1994	    (nl80211_register_action_frame(bss, (u8 *) "\x05\x02", 2) < 0))
1995		ret = -1;
1996
1997	nl80211_mgmt_handle_register_eloop(bss);
1998
1999	return ret;
2000}
2001
2002
2003static int nl80211_mgmt_subscribe_mesh(struct i802_bss *bss)
2004{
2005	int ret = 0;
2006
2007	if (nl80211_alloc_mgmt_handle(bss))
2008		return -1;
2009
2010	wpa_printf(MSG_DEBUG,
2011		   "nl80211: Subscribe to mgmt frames with mesh handle %p",
2012		   bss->nl_mgmt);
2013
2014	/* Auth frames for mesh SAE */
2015	if (nl80211_register_frame(bss, bss->nl_mgmt,
2016				   (WLAN_FC_TYPE_MGMT << 2) |
2017				   (WLAN_FC_STYPE_AUTH << 4),
2018				   NULL, 0) < 0)
2019		ret = -1;
2020
2021	/* Mesh peering open */
2022	if (nl80211_register_action_frame(bss, (u8 *) "\x0f\x01", 2) < 0)
2023		ret = -1;
2024	/* Mesh peering confirm */
2025	if (nl80211_register_action_frame(bss, (u8 *) "\x0f\x02", 2) < 0)
2026		ret = -1;
2027	/* Mesh peering close */
2028	if (nl80211_register_action_frame(bss, (u8 *) "\x0f\x03", 2) < 0)
2029		ret = -1;
2030
2031	nl80211_mgmt_handle_register_eloop(bss);
2032
2033	return ret;
2034}
2035
2036
2037static int nl80211_register_spurious_class3(struct i802_bss *bss)
2038{
2039	struct nl_msg *msg;
2040	int ret;
2041
2042	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_UNEXPECTED_FRAME);
2043	ret = send_and_recv(bss->drv->global, bss->nl_mgmt, msg, NULL, NULL);
2044	if (ret) {
2045		wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 "
2046			   "failed: ret=%d (%s)",
2047			   ret, strerror(-ret));
2048	}
2049	return ret;
2050}
2051
2052
2053static int nl80211_action_subscribe_ap(struct i802_bss *bss)
2054{
2055	int ret = 0;
2056
2057	/* Public Action frames */
2058	if (nl80211_register_action_frame(bss, (u8 *) "\x04", 1) < 0)
2059		ret = -1;
2060	/* RRM Measurement Report */
2061	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x01", 2) < 0)
2062		ret = -1;
2063	/* RRM Neighbor Report Request */
2064	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x04", 2) < 0)
2065		ret = -1;
2066	/* FT Action frames */
2067	if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
2068		ret = -1;
2069#ifdef CONFIG_IEEE80211W
2070	/* SA Query */
2071	if (nl80211_register_action_frame(bss, (u8 *) "\x08", 1) < 0)
2072		ret = -1;
2073#endif /* CONFIG_IEEE80211W */
2074	/* Protected Dual of Public Action */
2075	if (nl80211_register_action_frame(bss, (u8 *) "\x09", 1) < 0)
2076		ret = -1;
2077	/* WNM */
2078	if (nl80211_register_action_frame(bss, (u8 *) "\x0a", 1) < 0)
2079		ret = -1;
2080	/* WMM */
2081	if (nl80211_register_action_frame(bss, (u8 *) "\x11", 1) < 0)
2082		ret = -1;
2083#ifdef CONFIG_FST
2084	/* FST Action frames */
2085	if (nl80211_register_action_frame(bss, (u8 *) "\x12", 1) < 0)
2086		ret = -1;
2087#endif /* CONFIG_FST */
2088	/* Vendor-specific */
2089	if (nl80211_register_action_frame(bss, (u8 *) "\x7f", 1) < 0)
2090		ret = -1;
2091
2092	return ret;
2093}
2094
2095
2096static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss)
2097{
2098	static const int stypes[] = {
2099		WLAN_FC_STYPE_AUTH,
2100		WLAN_FC_STYPE_ASSOC_REQ,
2101		WLAN_FC_STYPE_REASSOC_REQ,
2102		WLAN_FC_STYPE_DISASSOC,
2103		WLAN_FC_STYPE_DEAUTH,
2104		WLAN_FC_STYPE_PROBE_REQ,
2105/* Beacon doesn't work as mac80211 doesn't currently allow
2106 * it, but it wouldn't really be the right thing anyway as
2107 * it isn't per interface ... maybe just dump the scan
2108 * results periodically for OLBC?
2109 */
2110		/* WLAN_FC_STYPE_BEACON, */
2111	};
2112	unsigned int i;
2113
2114	if (nl80211_alloc_mgmt_handle(bss))
2115		return -1;
2116	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
2117		   "handle %p", bss->nl_mgmt);
2118
2119	for (i = 0; i < ARRAY_SIZE(stypes); i++) {
2120		if (nl80211_register_frame(bss, bss->nl_mgmt,
2121					   (WLAN_FC_TYPE_MGMT << 2) |
2122					   (stypes[i] << 4),
2123					   NULL, 0) < 0) {
2124			goto out_err;
2125		}
2126	}
2127
2128	if (nl80211_action_subscribe_ap(bss))
2129		goto out_err;
2130
2131	if (nl80211_register_spurious_class3(bss))
2132		goto out_err;
2133
2134	if (nl80211_get_wiphy_data_ap(bss) == NULL)
2135		goto out_err;
2136
2137	nl80211_mgmt_handle_register_eloop(bss);
2138	return 0;
2139
2140out_err:
2141	nl_destroy_handles(&bss->nl_mgmt);
2142	return -1;
2143}
2144
2145
2146static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss)
2147{
2148	if (nl80211_alloc_mgmt_handle(bss))
2149		return -1;
2150	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
2151		   "handle %p (device SME)", bss->nl_mgmt);
2152
2153	if (nl80211_action_subscribe_ap(bss))
2154		goto out_err;
2155
2156	nl80211_mgmt_handle_register_eloop(bss);
2157	return 0;
2158
2159out_err:
2160	nl_destroy_handles(&bss->nl_mgmt);
2161	return -1;
2162}
2163
2164
2165static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason)
2166{
2167	if (bss->nl_mgmt == NULL)
2168		return;
2169	wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p "
2170		   "(%s)", bss->nl_mgmt, reason);
2171	nl80211_destroy_eloop_handle(&bss->nl_mgmt);
2172
2173	nl80211_put_wiphy_data_ap(bss);
2174}
2175
2176
2177static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
2178{
2179	wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
2180}
2181
2182
2183static void nl80211_del_p2pdev(struct i802_bss *bss)
2184{
2185	struct nl_msg *msg;
2186	int ret;
2187
2188	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_DEL_INTERFACE);
2189	ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL);
2190
2191	wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s",
2192		   bss->ifname, (long long unsigned int) bss->wdev_id,
2193		   strerror(-ret));
2194}
2195
2196
2197static int nl80211_set_p2pdev(struct i802_bss *bss, int start)
2198{
2199	struct nl_msg *msg;
2200	int ret;
2201
2202	msg = nl80211_cmd_msg(bss, 0, start ? NL80211_CMD_START_P2P_DEVICE :
2203			      NL80211_CMD_STOP_P2P_DEVICE);
2204	ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL);
2205
2206	wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s",
2207		   start ? "Start" : "Stop",
2208		   bss->ifname, (long long unsigned int) bss->wdev_id,
2209		   strerror(-ret));
2210	return ret;
2211}
2212
2213
2214static int i802_set_iface_flags(struct i802_bss *bss, int up)
2215{
2216	enum nl80211_iftype nlmode;
2217
2218	nlmode = nl80211_get_ifmode(bss);
2219	if (nlmode != NL80211_IFTYPE_P2P_DEVICE) {
2220		return linux_set_iface_flags(bss->drv->global->ioctl_sock,
2221					     bss->ifname, up);
2222	}
2223
2224	/* P2P Device has start/stop which is equivalent */
2225	return nl80211_set_p2pdev(bss, up);
2226}
2227
2228
2229#ifdef CONFIG_TESTING_OPTIONS
2230static int qca_vendor_test_cmd_handler(struct nl_msg *msg, void *arg)
2231{
2232	/* struct wpa_driver_nl80211_data *drv = arg; */
2233	struct nlattr *tb[NL80211_ATTR_MAX + 1];
2234	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2235
2236
2237	wpa_printf(MSG_DEBUG,
2238		   "nl80211: QCA vendor test command response received");
2239
2240	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2241		  genlmsg_attrlen(gnlh, 0), NULL);
2242	if (!tb[NL80211_ATTR_VENDOR_DATA]) {
2243		wpa_printf(MSG_DEBUG, "nl80211: No vendor data attribute");
2244		return NL_SKIP;
2245	}
2246
2247	wpa_hexdump(MSG_DEBUG,
2248		    "nl80211: Received QCA vendor test command response",
2249		    nla_data(tb[NL80211_ATTR_VENDOR_DATA]),
2250		    nla_len(tb[NL80211_ATTR_VENDOR_DATA]));
2251
2252	return NL_SKIP;
2253}
2254#endif /* CONFIG_TESTING_OPTIONS */
2255
2256
2257static void qca_vendor_test(struct wpa_driver_nl80211_data *drv)
2258{
2259#ifdef CONFIG_TESTING_OPTIONS
2260	struct nl_msg *msg;
2261	struct nlattr *params;
2262	int ret;
2263
2264	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
2265	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
2266	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
2267			QCA_NL80211_VENDOR_SUBCMD_TEST) ||
2268	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
2269	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_TEST, 123)) {
2270		nlmsg_free(msg);
2271		return;
2272	}
2273	nla_nest_end(msg, params);
2274
2275	ret = send_and_recv_msgs(drv, msg, qca_vendor_test_cmd_handler, drv);
2276	wpa_printf(MSG_DEBUG,
2277		   "nl80211: QCA vendor test command returned %d (%s)",
2278		   ret, strerror(-ret));
2279#endif /* CONFIG_TESTING_OPTIONS */
2280}
2281
2282
2283static int
2284wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
2285				   const u8 *set_addr, int first,
2286				   const char *driver_params)
2287{
2288	struct i802_bss *bss = drv->first_bss;
2289	int send_rfkill_event = 0;
2290	enum nl80211_iftype nlmode;
2291
2292	drv->ifindex = if_nametoindex(bss->ifname);
2293	bss->ifindex = drv->ifindex;
2294	bss->wdev_id = drv->global->if_add_wdevid;
2295	bss->wdev_id_set = drv->global->if_add_wdevid_set;
2296
2297	bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex;
2298	bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set;
2299	drv->global->if_add_wdevid_set = 0;
2300
2301	if (!bss->if_dynamic && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP)
2302		bss->static_ap = 1;
2303
2304	if (first &&
2305	    nl80211_get_ifmode(bss) != NL80211_IFTYPE_P2P_DEVICE &&
2306	    linux_iface_up(drv->global->ioctl_sock, bss->ifname) > 0)
2307		drv->start_iface_up = 1;
2308
2309	if (wpa_driver_nl80211_capa(drv))
2310		return -1;
2311
2312	if (driver_params && nl80211_set_param(bss, driver_params) < 0)
2313		return -1;
2314
2315	wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
2316		   bss->ifname, drv->phyname);
2317
2318	if (set_addr &&
2319	    (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) ||
2320	     linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
2321				set_addr)))
2322		return -1;
2323
2324	if (first && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP)
2325		drv->start_mode_ap = 1;
2326
2327	if (drv->hostapd || bss->static_ap)
2328		nlmode = NL80211_IFTYPE_AP;
2329	else if (bss->if_dynamic)
2330		nlmode = nl80211_get_ifmode(bss);
2331	else
2332		nlmode = NL80211_IFTYPE_STATION;
2333
2334	if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) {
2335		wpa_printf(MSG_ERROR, "nl80211: Could not configure driver mode");
2336		return -1;
2337	}
2338
2339	if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
2340		nl80211_get_macaddr(bss);
2341
2342	wpa_driver_nl80211_drv_init_rfkill(drv);
2343
2344	if (!rfkill_is_blocked(drv->rfkill)) {
2345		int ret = i802_set_iface_flags(bss, 1);
2346		if (ret) {
2347			wpa_printf(MSG_ERROR, "nl80211: Could not set "
2348				   "interface '%s' UP", bss->ifname);
2349			return ret;
2350		}
2351
2352		if (is_p2p_net_interface(nlmode))
2353			nl80211_disable_11b_rates(bss->drv,
2354						  bss->drv->ifindex, 1);
2355
2356		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
2357			return ret;
2358	} else {
2359		wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
2360			   "interface '%s' due to rfkill", bss->ifname);
2361		if (nlmode != NL80211_IFTYPE_P2P_DEVICE)
2362			drv->if_disabled = 1;
2363
2364		send_rfkill_event = 1;
2365	}
2366
2367	if (!drv->hostapd && nlmode != NL80211_IFTYPE_P2P_DEVICE)
2368		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
2369				       1, IF_OPER_DORMANT);
2370
2371	if (nlmode != NL80211_IFTYPE_P2P_DEVICE) {
2372		if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
2373				       bss->addr))
2374			return -1;
2375		os_memcpy(drv->perm_addr, bss->addr, ETH_ALEN);
2376	}
2377
2378	if (send_rfkill_event) {
2379		eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
2380				       drv, drv->ctx);
2381	}
2382
2383	if (drv->vendor_cmd_test_avail)
2384		qca_vendor_test(drv);
2385
2386	return 0;
2387}
2388
2389
2390static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
2391{
2392	struct nl_msg *msg;
2393
2394	wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
2395		   drv->ifindex);
2396	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON);
2397	return send_and_recv_msgs(drv, msg, NULL, NULL);
2398}
2399
2400
2401/**
2402 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
2403 * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init()
2404 *
2405 * Shut down driver interface and processing of driver events. Free
2406 * private data buffer if one was allocated in wpa_driver_nl80211_init().
2407 */
2408static void wpa_driver_nl80211_deinit(struct i802_bss *bss)
2409{
2410	struct wpa_driver_nl80211_data *drv = bss->drv;
2411
2412	wpa_printf(MSG_INFO, "nl80211: deinit ifname=%s disabled_11b_rates=%d",
2413		   bss->ifname, drv->disabled_11b_rates);
2414
2415	bss->in_deinit = 1;
2416	if (drv->data_tx_status)
2417		eloop_unregister_read_sock(drv->eapol_tx_sock);
2418	if (drv->eapol_tx_sock >= 0)
2419		close(drv->eapol_tx_sock);
2420
2421	if (bss->nl_preq)
2422		wpa_driver_nl80211_probe_req_report(bss, 0);
2423	if (bss->added_if_into_bridge) {
2424		if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
2425				    bss->ifname) < 0)
2426			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
2427				   "interface %s from bridge %s: %s",
2428				   bss->ifname, bss->brname, strerror(errno));
2429		if (drv->rtnl_sk)
2430			nl80211_handle_destroy(drv->rtnl_sk);
2431	}
2432	if (bss->added_bridge) {
2433		if (linux_set_iface_flags(drv->global->ioctl_sock, bss->brname,
2434					  0) < 0)
2435			wpa_printf(MSG_INFO,
2436				   "nl80211: Could not set bridge %s down",
2437				   bss->brname);
2438		if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
2439			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
2440				   "bridge %s: %s",
2441				   bss->brname, strerror(errno));
2442	}
2443
2444	nl80211_remove_monitor_interface(drv);
2445
2446	if (is_ap_interface(drv->nlmode))
2447		wpa_driver_nl80211_del_beacon(drv);
2448
2449	if (drv->eapol_sock >= 0) {
2450		eloop_unregister_read_sock(drv->eapol_sock);
2451		close(drv->eapol_sock);
2452	}
2453
2454	if (drv->if_indices != drv->default_if_indices)
2455		os_free(drv->if_indices);
2456
2457	if (drv->if_indices_reason != drv->default_if_indices_reason)
2458		os_free(drv->if_indices_reason);
2459
2460	if (drv->disabled_11b_rates)
2461		nl80211_disable_11b_rates(drv, drv->ifindex, 0);
2462
2463	netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0,
2464			       IF_OPER_UP);
2465	eloop_cancel_timeout(wpa_driver_nl80211_send_rfkill, drv, drv->ctx);
2466	rfkill_deinit(drv->rfkill);
2467
2468	eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
2469
2470	if (!drv->start_iface_up)
2471		(void) i802_set_iface_flags(bss, 0);
2472
2473	if (drv->addr_changed) {
2474		if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname,
2475					  0) < 0) {
2476			wpa_printf(MSG_DEBUG,
2477				   "nl80211: Could not set interface down to restore permanent MAC address");
2478		}
2479		if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
2480				       drv->perm_addr) < 0) {
2481			wpa_printf(MSG_DEBUG,
2482				   "nl80211: Could not restore permanent MAC address");
2483		}
2484	}
2485
2486	if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) {
2487		if (!drv->hostapd || !drv->start_mode_ap)
2488			wpa_driver_nl80211_set_mode(bss,
2489						    NL80211_IFTYPE_STATION);
2490		nl80211_mgmt_unsubscribe(bss, "deinit");
2491	} else {
2492		nl80211_mgmt_unsubscribe(bss, "deinit");
2493		nl80211_del_p2pdev(bss);
2494	}
2495
2496	nl80211_destroy_bss(drv->first_bss);
2497
2498	os_free(drv->filter_ssids);
2499
2500	os_free(drv->auth_ie);
2501
2502	if (drv->in_interface_list)
2503		dl_list_del(&drv->list);
2504
2505	os_free(drv->extended_capa);
2506	os_free(drv->extended_capa_mask);
2507	os_free(drv->first_bss);
2508	os_free(drv);
2509}
2510
2511
2512static u32 wpa_alg_to_cipher_suite(enum wpa_alg alg, size_t key_len)
2513{
2514	switch (alg) {
2515	case WPA_ALG_WEP:
2516		if (key_len == 5)
2517			return WLAN_CIPHER_SUITE_WEP40;
2518		return WLAN_CIPHER_SUITE_WEP104;
2519	case WPA_ALG_TKIP:
2520		return WLAN_CIPHER_SUITE_TKIP;
2521	case WPA_ALG_CCMP:
2522		return WLAN_CIPHER_SUITE_CCMP;
2523	case WPA_ALG_GCMP:
2524		return WLAN_CIPHER_SUITE_GCMP;
2525	case WPA_ALG_CCMP_256:
2526		return WLAN_CIPHER_SUITE_CCMP_256;
2527	case WPA_ALG_GCMP_256:
2528		return WLAN_CIPHER_SUITE_GCMP_256;
2529	case WPA_ALG_IGTK:
2530		return WLAN_CIPHER_SUITE_AES_CMAC;
2531	case WPA_ALG_BIP_GMAC_128:
2532		return WLAN_CIPHER_SUITE_BIP_GMAC_128;
2533	case WPA_ALG_BIP_GMAC_256:
2534		return WLAN_CIPHER_SUITE_BIP_GMAC_256;
2535	case WPA_ALG_BIP_CMAC_256:
2536		return WLAN_CIPHER_SUITE_BIP_CMAC_256;
2537	case WPA_ALG_SMS4:
2538		return WLAN_CIPHER_SUITE_SMS4;
2539	case WPA_ALG_KRK:
2540		return WLAN_CIPHER_SUITE_KRK;
2541	case WPA_ALG_NONE:
2542	case WPA_ALG_PMK:
2543		wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm %d",
2544			   alg);
2545		return 0;
2546	}
2547
2548	wpa_printf(MSG_ERROR, "nl80211: Unsupported encryption algorithm %d",
2549		   alg);
2550	return 0;
2551}
2552
2553
2554static u32 wpa_cipher_to_cipher_suite(unsigned int cipher)
2555{
2556	switch (cipher) {
2557	case WPA_CIPHER_CCMP_256:
2558		return WLAN_CIPHER_SUITE_CCMP_256;
2559	case WPA_CIPHER_GCMP_256:
2560		return WLAN_CIPHER_SUITE_GCMP_256;
2561	case WPA_CIPHER_CCMP:
2562		return WLAN_CIPHER_SUITE_CCMP;
2563	case WPA_CIPHER_GCMP:
2564		return WLAN_CIPHER_SUITE_GCMP;
2565	case WPA_CIPHER_TKIP:
2566		return WLAN_CIPHER_SUITE_TKIP;
2567	case WPA_CIPHER_WEP104:
2568		return WLAN_CIPHER_SUITE_WEP104;
2569	case WPA_CIPHER_WEP40:
2570		return WLAN_CIPHER_SUITE_WEP40;
2571	case WPA_CIPHER_GTK_NOT_USED:
2572		return WLAN_CIPHER_SUITE_NO_GROUP_ADDR;
2573	}
2574
2575	return 0;
2576}
2577
2578
2579static int wpa_cipher_to_cipher_suites(unsigned int ciphers, u32 suites[],
2580				       int max_suites)
2581{
2582	int num_suites = 0;
2583
2584	if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP_256)
2585		suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP_256;
2586	if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP_256)
2587		suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP_256;
2588	if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP)
2589		suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP;
2590	if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP)
2591		suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP;
2592	if (num_suites < max_suites && ciphers & WPA_CIPHER_TKIP)
2593		suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP;
2594	if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP104)
2595		suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104;
2596	if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP40)
2597		suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40;
2598
2599	return num_suites;
2600}
2601
2602
2603#ifdef CONFIG_DRIVER_NL80211_QCA
2604static int issue_key_mgmt_set_key(struct wpa_driver_nl80211_data *drv,
2605				  const u8 *key, size_t key_len)
2606{
2607	struct nl_msg *msg;
2608	int ret;
2609
2610	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD))
2611		return 0;
2612
2613	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
2614	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
2615	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
2616			QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_SET_KEY) ||
2617	    nla_put(msg, NL80211_ATTR_VENDOR_DATA, key_len, key)) {
2618		nl80211_nlmsg_clear(msg);
2619		nlmsg_free(msg);
2620		return -1;
2621	}
2622	ret = send_and_recv_msgs(drv, msg, NULL, (void *) -1);
2623	if (ret) {
2624		wpa_printf(MSG_DEBUG,
2625			   "nl80211: Key management set key failed: ret=%d (%s)",
2626			   ret, strerror(-ret));
2627	}
2628
2629	return ret;
2630}
2631#endif /* CONFIG_DRIVER_NL80211_QCA */
2632
2633
2634static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
2635				      enum wpa_alg alg, const u8 *addr,
2636				      int key_idx, int set_tx,
2637				      const u8 *seq, size_t seq_len,
2638				      const u8 *key, size_t key_len)
2639{
2640	struct wpa_driver_nl80211_data *drv = bss->drv;
2641	int ifindex;
2642	struct nl_msg *msg = NULL;
2643	int ret;
2644	int tdls = 0;
2645
2646	/* Ignore for P2P Device */
2647	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
2648		return 0;
2649
2650	ifindex = if_nametoindex(ifname);
2651	wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d "
2652		   "set_tx=%d seq_len=%lu key_len=%lu",
2653		   __func__, ifindex, ifname, alg, addr, key_idx, set_tx,
2654		   (unsigned long) seq_len, (unsigned long) key_len);
2655#ifdef CONFIG_TDLS
2656	if (key_idx == -1) {
2657		key_idx = 0;
2658		tdls = 1;
2659	}
2660#endif /* CONFIG_TDLS */
2661
2662#ifdef CONFIG_DRIVER_NL80211_QCA
2663	if (alg == WPA_ALG_PMK &&
2664	    (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
2665		wpa_printf(MSG_DEBUG, "%s: calling issue_key_mgmt_set_key",
2666			   __func__);
2667		ret = issue_key_mgmt_set_key(drv, key, key_len);
2668		return ret;
2669	}
2670#endif /* CONFIG_DRIVER_NL80211_QCA */
2671
2672	if (alg == WPA_ALG_NONE) {
2673		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_DEL_KEY);
2674		if (!msg)
2675			return -ENOBUFS;
2676	} else {
2677		u32 suite;
2678
2679		suite = wpa_alg_to_cipher_suite(alg, key_len);
2680		if (!suite)
2681			goto fail;
2682		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_NEW_KEY);
2683		if (!msg ||
2684		    nla_put(msg, NL80211_ATTR_KEY_DATA, key_len, key) ||
2685		    nla_put_u32(msg, NL80211_ATTR_KEY_CIPHER, suite))
2686			goto fail;
2687		wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len);
2688	}
2689
2690	if (seq && seq_len) {
2691		if (nla_put(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq))
2692			goto fail;
2693		wpa_hexdump(MSG_DEBUG, "nl80211: KEY_SEQ", seq, seq_len);
2694	}
2695
2696	if (addr && !is_broadcast_ether_addr(addr)) {
2697		wpa_printf(MSG_DEBUG, "   addr=" MACSTR, MAC2STR(addr));
2698		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
2699			goto fail;
2700
2701		if (alg != WPA_ALG_WEP && key_idx && !set_tx) {
2702			wpa_printf(MSG_DEBUG, "   RSN IBSS RX GTK");
2703			if (nla_put_u32(msg, NL80211_ATTR_KEY_TYPE,
2704					NL80211_KEYTYPE_GROUP))
2705				goto fail;
2706		}
2707	} else if (addr && is_broadcast_ether_addr(addr)) {
2708		struct nlattr *types;
2709
2710		wpa_printf(MSG_DEBUG, "   broadcast key");
2711
2712		types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
2713		if (!types ||
2714		    nla_put_flag(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST))
2715			goto fail;
2716		nla_nest_end(msg, types);
2717	}
2718	if (nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2719		goto fail;
2720
2721	ret = send_and_recv_msgs(drv, msg, NULL, key ? (void *) -1 : NULL);
2722	if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
2723		ret = 0;
2724	if (ret)
2725		wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
2726			   ret, strerror(-ret));
2727
2728	/*
2729	 * If we failed or don't need to set the default TX key (below),
2730	 * we're done here.
2731	 */
2732	if (ret || !set_tx || alg == WPA_ALG_NONE || tdls)
2733		return ret;
2734	if (is_ap_interface(drv->nlmode) && addr &&
2735	    !is_broadcast_ether_addr(addr))
2736		return ret;
2737
2738	msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_SET_KEY);
2739	if (!msg ||
2740	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx) ||
2741	    nla_put_flag(msg, (alg == WPA_ALG_IGTK ||
2742			       alg == WPA_ALG_BIP_GMAC_128 ||
2743			       alg == WPA_ALG_BIP_GMAC_256 ||
2744			       alg == WPA_ALG_BIP_CMAC_256) ?
2745			 NL80211_ATTR_KEY_DEFAULT_MGMT :
2746			 NL80211_ATTR_KEY_DEFAULT))
2747		goto fail;
2748	if (addr && is_broadcast_ether_addr(addr)) {
2749		struct nlattr *types;
2750
2751		types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
2752		if (!types ||
2753		    nla_put_flag(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST))
2754			goto fail;
2755		nla_nest_end(msg, types);
2756	} else if (addr) {
2757		struct nlattr *types;
2758
2759		types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
2760		if (!types ||
2761		    nla_put_flag(msg, NL80211_KEY_DEFAULT_TYPE_UNICAST))
2762			goto fail;
2763		nla_nest_end(msg, types);
2764	}
2765
2766	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2767	if (ret == -ENOENT)
2768		ret = 0;
2769	if (ret)
2770		wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
2771			   "err=%d %s)", ret, strerror(-ret));
2772	return ret;
2773
2774fail:
2775	nl80211_nlmsg_clear(msg);
2776	nlmsg_free(msg);
2777	return -ENOBUFS;
2778}
2779
2780
2781static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
2782		      int key_idx, int defkey,
2783		      const u8 *seq, size_t seq_len,
2784		      const u8 *key, size_t key_len)
2785{
2786	struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
2787	u32 suite;
2788
2789	if (!key_attr)
2790		return -1;
2791
2792	suite = wpa_alg_to_cipher_suite(alg, key_len);
2793	if (!suite)
2794		return -1;
2795
2796	if (defkey && alg == WPA_ALG_IGTK) {
2797		if (nla_put_flag(msg, NL80211_KEY_DEFAULT_MGMT))
2798			return -1;
2799	} else if (defkey) {
2800		if (nla_put_flag(msg, NL80211_KEY_DEFAULT))
2801			return -1;
2802	}
2803
2804	if (nla_put_u8(msg, NL80211_KEY_IDX, key_idx) ||
2805	    nla_put_u32(msg, NL80211_KEY_CIPHER, suite) ||
2806	    (seq && seq_len &&
2807	     nla_put(msg, NL80211_KEY_SEQ, seq_len, seq)) ||
2808	    nla_put(msg, NL80211_KEY_DATA, key_len, key))
2809		return -1;
2810
2811	nla_nest_end(msg, key_attr);
2812
2813	return 0;
2814}
2815
2816
2817static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
2818				 struct nl_msg *msg)
2819{
2820	int i, privacy = 0;
2821	struct nlattr *nl_keys, *nl_key;
2822
2823	for (i = 0; i < 4; i++) {
2824		if (!params->wep_key[i])
2825			continue;
2826		privacy = 1;
2827		break;
2828	}
2829	if (params->wps == WPS_MODE_PRIVACY)
2830		privacy = 1;
2831	if (params->pairwise_suite &&
2832	    params->pairwise_suite != WPA_CIPHER_NONE)
2833		privacy = 1;
2834
2835	if (!privacy)
2836		return 0;
2837
2838	if (nla_put_flag(msg, NL80211_ATTR_PRIVACY))
2839		return -ENOBUFS;
2840
2841	nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
2842	if (!nl_keys)
2843		return -ENOBUFS;
2844
2845	for (i = 0; i < 4; i++) {
2846		if (!params->wep_key[i])
2847			continue;
2848
2849		nl_key = nla_nest_start(msg, i);
2850		if (!nl_key ||
2851		    nla_put(msg, NL80211_KEY_DATA, params->wep_key_len[i],
2852			    params->wep_key[i]) ||
2853		    nla_put_u32(msg, NL80211_KEY_CIPHER,
2854				params->wep_key_len[i] == 5 ?
2855				WLAN_CIPHER_SUITE_WEP40 :
2856				WLAN_CIPHER_SUITE_WEP104) ||
2857		    nla_put_u8(msg, NL80211_KEY_IDX, i) ||
2858		    (i == params->wep_tx_keyidx &&
2859		     nla_put_flag(msg, NL80211_KEY_DEFAULT)))
2860			return -ENOBUFS;
2861
2862		nla_nest_end(msg, nl_key);
2863	}
2864	nla_nest_end(msg, nl_keys);
2865
2866	return 0;
2867}
2868
2869
2870int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
2871			    const u8 *addr, int cmd, u16 reason_code,
2872			    int local_state_change)
2873{
2874	int ret;
2875	struct nl_msg *msg;
2876
2877	if (!(msg = nl80211_drv_msg(drv, 0, cmd)) ||
2878	    nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code) ||
2879	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
2880	    (local_state_change &&
2881	     nla_put_flag(msg, NL80211_ATTR_LOCAL_STATE_CHANGE))) {
2882		nlmsg_free(msg);
2883		return -1;
2884	}
2885
2886	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2887	if (ret) {
2888		wpa_dbg(drv->ctx, MSG_DEBUG,
2889			"nl80211: MLME command failed: reason=%u ret=%d (%s)",
2890			reason_code, ret, strerror(-ret));
2891	}
2892	return ret;
2893}
2894
2895
2896static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
2897					 int reason_code)
2898{
2899	int ret;
2900
2901	wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code);
2902	nl80211_mark_disconnected(drv);
2903	/* Disconnect command doesn't need BSSID - it uses cached value */
2904	ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT,
2905				      reason_code, 0);
2906	/*
2907	 * For locally generated disconnect, supplicant already generates a
2908	 * DEAUTH event, so ignore the event from NL80211.
2909	 */
2910	drv->ignore_next_local_disconnect = ret == 0;
2911
2912	return ret;
2913}
2914
2915
2916static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss,
2917					     const u8 *addr, int reason_code)
2918{
2919	struct wpa_driver_nl80211_data *drv = bss->drv;
2920	int ret;
2921
2922	if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
2923		nl80211_mark_disconnected(drv);
2924		return nl80211_leave_ibss(drv, 1);
2925	}
2926	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
2927		return wpa_driver_nl80211_disconnect(drv, reason_code);
2928	wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
2929		   __func__, MAC2STR(addr), reason_code);
2930	nl80211_mark_disconnected(drv);
2931	ret = wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
2932				      reason_code, 0);
2933	/*
2934	 * For locally generated deauthenticate, supplicant already generates a
2935	 * DEAUTH event, so ignore the event from NL80211.
2936	 */
2937	drv->ignore_next_local_deauth = ret == 0;
2938	return ret;
2939}
2940
2941
2942static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv,
2943				     struct wpa_driver_auth_params *params)
2944{
2945	int i;
2946
2947	drv->auth_freq = params->freq;
2948	drv->auth_alg = params->auth_alg;
2949	drv->auth_wep_tx_keyidx = params->wep_tx_keyidx;
2950	drv->auth_local_state_change = params->local_state_change;
2951	drv->auth_p2p = params->p2p;
2952
2953	if (params->bssid)
2954		os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN);
2955	else
2956		os_memset(drv->auth_bssid_, 0, ETH_ALEN);
2957
2958	if (params->ssid) {
2959		os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len);
2960		drv->auth_ssid_len = params->ssid_len;
2961	} else
2962		drv->auth_ssid_len = 0;
2963
2964
2965	os_free(drv->auth_ie);
2966	drv->auth_ie = NULL;
2967	drv->auth_ie_len = 0;
2968	if (params->ie) {
2969		drv->auth_ie = os_malloc(params->ie_len);
2970		if (drv->auth_ie) {
2971			os_memcpy(drv->auth_ie, params->ie, params->ie_len);
2972			drv->auth_ie_len = params->ie_len;
2973		}
2974	}
2975
2976	for (i = 0; i < 4; i++) {
2977		if (params->wep_key[i] && params->wep_key_len[i] &&
2978		    params->wep_key_len[i] <= 16) {
2979			os_memcpy(drv->auth_wep_key[i], params->wep_key[i],
2980				  params->wep_key_len[i]);
2981			drv->auth_wep_key_len[i] = params->wep_key_len[i];
2982		} else
2983			drv->auth_wep_key_len[i] = 0;
2984	}
2985}
2986
2987
2988static void nl80211_unmask_11b_rates(struct i802_bss *bss)
2989{
2990	struct wpa_driver_nl80211_data *drv = bss->drv;
2991
2992	if (is_p2p_net_interface(drv->nlmode) || !drv->disabled_11b_rates)
2993		return;
2994
2995	/*
2996	 * Looks like we failed to unmask 11b rates previously. This could
2997	 * happen, e.g., if the interface was down at the point in time when a
2998	 * P2P group was terminated.
2999	 */
3000	wpa_printf(MSG_DEBUG,
3001		   "nl80211: Interface %s mode is for non-P2P, but 11b rates were disabled - re-enable them",
3002		   bss->ifname);
3003	nl80211_disable_11b_rates(drv, drv->ifindex, 0);
3004}
3005
3006
3007static int wpa_driver_nl80211_authenticate(
3008	struct i802_bss *bss, struct wpa_driver_auth_params *params)
3009{
3010	struct wpa_driver_nl80211_data *drv = bss->drv;
3011	int ret = -1, i;
3012	struct nl_msg *msg;
3013	enum nl80211_auth_type type;
3014	enum nl80211_iftype nlmode;
3015	int count = 0;
3016	int is_retry;
3017
3018	nl80211_unmask_11b_rates(bss);
3019
3020	is_retry = drv->retry_auth;
3021	drv->retry_auth = 0;
3022	drv->ignore_deauth_event = 0;
3023
3024	nl80211_mark_disconnected(drv);
3025	os_memset(drv->auth_bssid, 0, ETH_ALEN);
3026	if (params->bssid)
3027		os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN);
3028	else
3029		os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
3030	/* FIX: IBSS mode */
3031	nlmode = params->p2p ?
3032		NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
3033	if (drv->nlmode != nlmode &&
3034	    wpa_driver_nl80211_set_mode(bss, nlmode) < 0)
3035		return -1;
3036
3037retry:
3038	wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
3039		   drv->ifindex);
3040
3041	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_AUTHENTICATE);
3042	if (!msg)
3043		goto fail;
3044
3045	for (i = 0; i < 4; i++) {
3046		if (!params->wep_key[i])
3047			continue;
3048		wpa_driver_nl80211_set_key(bss->ifname, bss, WPA_ALG_WEP,
3049					   NULL, i,
3050					   i == params->wep_tx_keyidx, NULL, 0,
3051					   params->wep_key[i],
3052					   params->wep_key_len[i]);
3053		if (params->wep_tx_keyidx != i)
3054			continue;
3055		if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
3056			       params->wep_key[i], params->wep_key_len[i]))
3057			goto fail;
3058	}
3059
3060	if (params->bssid) {
3061		wpa_printf(MSG_DEBUG, "  * bssid=" MACSTR,
3062			   MAC2STR(params->bssid));
3063		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
3064			goto fail;
3065	}
3066	if (params->freq) {
3067		wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq);
3068		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq))
3069			goto fail;
3070	}
3071	if (params->ssid) {
3072		wpa_hexdump_ascii(MSG_DEBUG, "  * SSID",
3073				  params->ssid, params->ssid_len);
3074		if (nla_put(msg, NL80211_ATTR_SSID, params->ssid_len,
3075			    params->ssid))
3076			goto fail;
3077	}
3078	wpa_hexdump(MSG_DEBUG, "  * IEs", params->ie, params->ie_len);
3079	if (params->ie &&
3080	    nla_put(msg, NL80211_ATTR_IE, params->ie_len, params->ie))
3081		goto fail;
3082	if (params->sae_data) {
3083		wpa_hexdump(MSG_DEBUG, "  * SAE data", params->sae_data,
3084			    params->sae_data_len);
3085		if (nla_put(msg, NL80211_ATTR_SAE_DATA, params->sae_data_len,
3086			    params->sae_data))
3087			goto fail;
3088	}
3089	if (params->auth_alg & WPA_AUTH_ALG_OPEN)
3090		type = NL80211_AUTHTYPE_OPEN_SYSTEM;
3091	else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
3092		type = NL80211_AUTHTYPE_SHARED_KEY;
3093	else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
3094		type = NL80211_AUTHTYPE_NETWORK_EAP;
3095	else if (params->auth_alg & WPA_AUTH_ALG_FT)
3096		type = NL80211_AUTHTYPE_FT;
3097	else if (params->auth_alg & WPA_AUTH_ALG_SAE)
3098		type = NL80211_AUTHTYPE_SAE;
3099	else
3100		goto fail;
3101	wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
3102	if (nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE, type))
3103		goto fail;
3104	if (params->local_state_change) {
3105		wpa_printf(MSG_DEBUG, "  * Local state change only");
3106		if (nla_put_flag(msg, NL80211_ATTR_LOCAL_STATE_CHANGE))
3107			goto fail;
3108	}
3109
3110	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3111	msg = NULL;
3112	if (ret) {
3113		wpa_dbg(drv->ctx, MSG_DEBUG,
3114			"nl80211: MLME command failed (auth): ret=%d (%s)",
3115			ret, strerror(-ret));
3116		count++;
3117		if (ret == -EALREADY && count == 1 && params->bssid &&
3118		    !params->local_state_change) {
3119			/*
3120			 * mac80211 does not currently accept new
3121			 * authentication if we are already authenticated. As a
3122			 * workaround, force deauthentication and try again.
3123			 */
3124			wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
3125				   "after forced deauthentication");
3126			drv->ignore_deauth_event = 1;
3127			wpa_driver_nl80211_deauthenticate(
3128				bss, params->bssid,
3129				WLAN_REASON_PREV_AUTH_NOT_VALID);
3130			nlmsg_free(msg);
3131			goto retry;
3132		}
3133
3134		if (ret == -ENOENT && params->freq && !is_retry) {
3135			/*
3136			 * cfg80211 has likely expired the BSS entry even
3137			 * though it was previously available in our internal
3138			 * BSS table. To recover quickly, start a single
3139			 * channel scan on the specified channel.
3140			 */
3141			struct wpa_driver_scan_params scan;
3142			int freqs[2];
3143
3144			os_memset(&scan, 0, sizeof(scan));
3145			scan.num_ssids = 1;
3146			if (params->ssid) {
3147				scan.ssids[0].ssid = params->ssid;
3148				scan.ssids[0].ssid_len = params->ssid_len;
3149			}
3150			freqs[0] = params->freq;
3151			freqs[1] = 0;
3152			scan.freqs = freqs;
3153			wpa_printf(MSG_DEBUG, "nl80211: Trigger single "
3154				   "channel scan to refresh cfg80211 BSS "
3155				   "entry");
3156			ret = wpa_driver_nl80211_scan(bss, &scan);
3157			if (ret == 0) {
3158				nl80211_copy_auth_params(drv, params);
3159				drv->scan_for_auth = 1;
3160			}
3161		} else if (is_retry) {
3162			/*
3163			 * Need to indicate this with an event since the return
3164			 * value from the retry is not delivered to core code.
3165			 */
3166			union wpa_event_data event;
3167			wpa_printf(MSG_DEBUG, "nl80211: Authentication retry "
3168				   "failed");
3169			os_memset(&event, 0, sizeof(event));
3170			os_memcpy(event.timeout_event.addr, drv->auth_bssid_,
3171				  ETH_ALEN);
3172			wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT,
3173					     &event);
3174		}
3175	} else {
3176		wpa_printf(MSG_DEBUG,
3177			   "nl80211: Authentication request send successfully");
3178	}
3179
3180fail:
3181	nlmsg_free(msg);
3182	return ret;
3183}
3184
3185
3186int wpa_driver_nl80211_authenticate_retry(struct wpa_driver_nl80211_data *drv)
3187{
3188	struct wpa_driver_auth_params params;
3189	struct i802_bss *bss = drv->first_bss;
3190	int i;
3191
3192	wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again");
3193
3194	os_memset(&params, 0, sizeof(params));
3195	params.freq = drv->auth_freq;
3196	params.auth_alg = drv->auth_alg;
3197	params.wep_tx_keyidx = drv->auth_wep_tx_keyidx;
3198	params.local_state_change = drv->auth_local_state_change;
3199	params.p2p = drv->auth_p2p;
3200
3201	if (!is_zero_ether_addr(drv->auth_bssid_))
3202		params.bssid = drv->auth_bssid_;
3203
3204	if (drv->auth_ssid_len) {
3205		params.ssid = drv->auth_ssid;
3206		params.ssid_len = drv->auth_ssid_len;
3207	}
3208
3209	params.ie = drv->auth_ie;
3210	params.ie_len = drv->auth_ie_len;
3211
3212	for (i = 0; i < 4; i++) {
3213		if (drv->auth_wep_key_len[i]) {
3214			params.wep_key[i] = drv->auth_wep_key[i];
3215			params.wep_key_len[i] = drv->auth_wep_key_len[i];
3216		}
3217	}
3218
3219	drv->retry_auth = 1;
3220	return wpa_driver_nl80211_authenticate(bss, &params);
3221}
3222
3223
3224static int wpa_driver_nl80211_send_frame(struct i802_bss *bss,
3225					 const void *data, size_t len,
3226					 int encrypt, int noack,
3227					 unsigned int freq, int no_cck,
3228					 int offchanok, unsigned int wait_time,
3229					 const u16 *csa_offs,
3230					 size_t csa_offs_len)
3231{
3232	struct wpa_driver_nl80211_data *drv = bss->drv;
3233	u64 cookie;
3234	int res;
3235
3236	if (freq == 0 && drv->nlmode == NL80211_IFTYPE_ADHOC) {
3237		freq = nl80211_get_assoc_freq(drv);
3238		wpa_printf(MSG_DEBUG,
3239			   "nl80211: send_frame - Use assoc_freq=%u for IBSS",
3240			   freq);
3241	}
3242	if (freq == 0) {
3243		wpa_printf(MSG_DEBUG, "nl80211: send_frame - Use bss->freq=%u",
3244			   bss->freq);
3245		freq = bss->freq;
3246	}
3247
3248	if (drv->use_monitor) {
3249		wpa_printf(MSG_DEBUG, "nl80211: send_frame(freq=%u bss->freq=%u) -> send_monitor",
3250			   freq, bss->freq);
3251		return nl80211_send_monitor(drv, data, len, encrypt, noack);
3252	}
3253
3254	wpa_printf(MSG_DEBUG, "nl80211: send_frame -> send_frame_cmd");
3255	res = nl80211_send_frame_cmd(bss, freq, wait_time, data, len,
3256				     &cookie, no_cck, noack, offchanok,
3257				     csa_offs, csa_offs_len);
3258	if (res == 0 && !noack) {
3259		const struct ieee80211_mgmt *mgmt;
3260		u16 fc;
3261
3262		mgmt = (const struct ieee80211_mgmt *) data;
3263		fc = le_to_host16(mgmt->frame_control);
3264		if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
3265		    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION) {
3266			wpa_printf(MSG_MSGDUMP,
3267				   "nl80211: Update send_action_cookie from 0x%llx to 0x%llx",
3268				   (long long unsigned int)
3269				   drv->send_action_cookie,
3270				   (long long unsigned int) cookie);
3271			drv->send_action_cookie = cookie;
3272		}
3273	}
3274
3275	return res;
3276}
3277
3278
3279static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data,
3280					size_t data_len, int noack,
3281					unsigned int freq, int no_cck,
3282					int offchanok,
3283					unsigned int wait_time,
3284					const u16 *csa_offs,
3285					size_t csa_offs_len)
3286{
3287	struct wpa_driver_nl80211_data *drv = bss->drv;
3288	struct ieee80211_mgmt *mgmt;
3289	int encrypt = 1;
3290	u16 fc;
3291
3292	mgmt = (struct ieee80211_mgmt *) data;
3293	fc = le_to_host16(mgmt->frame_control);
3294	wpa_printf(MSG_DEBUG, "nl80211: send_mlme - da= " MACSTR
3295		   " noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u fc=0x%x (%s) nlmode=%d",
3296		   MAC2STR(mgmt->da), noack, freq, no_cck, offchanok, wait_time,
3297		   fc, fc2str(fc), drv->nlmode);
3298
3299	if ((is_sta_interface(drv->nlmode) ||
3300	     drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) &&
3301	    WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
3302	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
3303		/*
3304		 * The use of last_mgmt_freq is a bit of a hack,
3305		 * but it works due to the single-threaded nature
3306		 * of wpa_supplicant.
3307		 */
3308		if (freq == 0) {
3309			wpa_printf(MSG_DEBUG, "nl80211: Use last_mgmt_freq=%d",
3310				   drv->last_mgmt_freq);
3311			freq = drv->last_mgmt_freq;
3312		}
3313		return nl80211_send_frame_cmd(bss, freq, 0,
3314					      data, data_len, NULL, 1, noack,
3315					      1, csa_offs, csa_offs_len);
3316	}
3317
3318	if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) {
3319		if (freq == 0) {
3320			wpa_printf(MSG_DEBUG, "nl80211: Use bss->freq=%d",
3321				   bss->freq);
3322			freq = bss->freq;
3323		}
3324		return nl80211_send_frame_cmd(bss, freq,
3325					      (int) freq == bss->freq ? 0 :
3326					      wait_time,
3327					      data, data_len,
3328					      &drv->send_action_cookie,
3329					      no_cck, noack, offchanok,
3330					      csa_offs, csa_offs_len);
3331	}
3332
3333	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
3334	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
3335		/*
3336		 * Only one of the authentication frame types is encrypted.
3337		 * In order for static WEP encryption to work properly (i.e.,
3338		 * to not encrypt the frame), we need to tell mac80211 about
3339		 * the frames that must not be encrypted.
3340		 */
3341		u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
3342		u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
3343		if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
3344			encrypt = 0;
3345	}
3346
3347	wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame");
3348	return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt,
3349					     noack, freq, no_cck, offchanok,
3350					     wait_time, csa_offs,
3351					     csa_offs_len);
3352}
3353
3354
3355static int nl80211_put_basic_rates(struct nl_msg *msg, const int *basic_rates)
3356{
3357	u8 rates[NL80211_MAX_SUPP_RATES];
3358	u8 rates_len = 0;
3359	int i;
3360
3361	if (!basic_rates)
3362		return 0;
3363
3364	for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
3365		rates[rates_len++] = basic_rates[i] / 5;
3366
3367	return nla_put(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
3368}
3369
3370
3371static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble,
3372			   int slot, int ht_opmode, int ap_isolate,
3373			   const int *basic_rates)
3374{
3375	struct wpa_driver_nl80211_data *drv = bss->drv;
3376	struct nl_msg *msg;
3377
3378	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_BSS)) ||
3379	    (cts >= 0 &&
3380	     nla_put_u8(msg, NL80211_ATTR_BSS_CTS_PROT, cts)) ||
3381	    (preamble >= 0 &&
3382	     nla_put_u8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble)) ||
3383	    (slot >= 0 &&
3384	     nla_put_u8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot)) ||
3385	    (ht_opmode >= 0 &&
3386	     nla_put_u16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode)) ||
3387	    (ap_isolate >= 0 &&
3388	     nla_put_u8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate)) ||
3389	    nl80211_put_basic_rates(msg, basic_rates)) {
3390		nlmsg_free(msg);
3391		return -ENOBUFS;
3392	}
3393
3394	return send_and_recv_msgs(drv, msg, NULL, NULL);
3395}
3396
3397
3398static int wpa_driver_nl80211_set_acl(void *priv,
3399				      struct hostapd_acl_params *params)
3400{
3401	struct i802_bss *bss = priv;
3402	struct wpa_driver_nl80211_data *drv = bss->drv;
3403	struct nl_msg *msg;
3404	struct nl_msg *acl;
3405	unsigned int i;
3406	int ret;
3407
3408	if (!(drv->capa.max_acl_mac_addrs))
3409		return -ENOTSUP;
3410
3411	if (params->num_mac_acl > drv->capa.max_acl_mac_addrs)
3412		return -ENOTSUP;
3413
3414	wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)",
3415		   params->acl_policy ? "Accept" : "Deny", params->num_mac_acl);
3416
3417	acl = nlmsg_alloc();
3418	if (!acl)
3419		return -ENOMEM;
3420	for (i = 0; i < params->num_mac_acl; i++) {
3421		if (nla_put(acl, i + 1, ETH_ALEN, params->mac_acl[i].addr)) {
3422			nlmsg_free(acl);
3423			return -ENOMEM;
3424		}
3425	}
3426
3427	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_MAC_ACL)) ||
3428	    nla_put_u32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ?
3429			NL80211_ACL_POLICY_DENY_UNLESS_LISTED :
3430			NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED) ||
3431	    nla_put_nested(msg, NL80211_ATTR_MAC_ADDRS, acl)) {
3432		nlmsg_free(msg);
3433		nlmsg_free(acl);
3434		return -ENOMEM;
3435	}
3436	nlmsg_free(acl);
3437
3438	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3439	if (ret) {
3440		wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)",
3441			   ret, strerror(-ret));
3442	}
3443
3444	return ret;
3445}
3446
3447
3448static int nl80211_put_beacon_int(struct nl_msg *msg, int beacon_int)
3449{
3450	if (beacon_int > 0) {
3451		wpa_printf(MSG_DEBUG, "  * beacon_int=%d", beacon_int);
3452		return nla_put_u32(msg, NL80211_ATTR_BEACON_INTERVAL,
3453				   beacon_int);
3454	}
3455
3456	return 0;
3457}
3458
3459
3460static int wpa_driver_nl80211_set_ap(void *priv,
3461				     struct wpa_driver_ap_params *params)
3462{
3463	struct i802_bss *bss = priv;
3464	struct wpa_driver_nl80211_data *drv = bss->drv;
3465	struct nl_msg *msg;
3466	u8 cmd = NL80211_CMD_NEW_BEACON;
3467	int ret;
3468	int beacon_set;
3469	int num_suites;
3470	int smps_mode;
3471	u32 suites[10], suite;
3472	u32 ver;
3473
3474	beacon_set = params->reenable ? 0 : bss->beacon_set;
3475
3476	wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
3477		   beacon_set);
3478	if (beacon_set)
3479		cmd = NL80211_CMD_SET_BEACON;
3480
3481	wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head",
3482		    params->head, params->head_len);
3483	wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail",
3484		    params->tail, params->tail_len);
3485	wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", bss->ifindex);
3486	wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int);
3487	wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period);
3488	wpa_hexdump_ascii(MSG_DEBUG, "nl80211: ssid",
3489			  params->ssid, params->ssid_len);
3490	if (!(msg = nl80211_bss_msg(bss, 0, cmd)) ||
3491	    nla_put(msg, NL80211_ATTR_BEACON_HEAD, params->head_len,
3492		    params->head) ||
3493	    nla_put(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len,
3494		    params->tail) ||
3495	    nl80211_put_beacon_int(msg, params->beacon_int) ||
3496	    nla_put_u32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period) ||
3497	    nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid))
3498		goto fail;
3499	if (params->proberesp && params->proberesp_len) {
3500		wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)",
3501			    params->proberesp, params->proberesp_len);
3502		if (nla_put(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len,
3503			    params->proberesp))
3504			goto fail;
3505	}
3506	switch (params->hide_ssid) {
3507	case NO_SSID_HIDING:
3508		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use");
3509		if (nla_put_u32(msg, NL80211_ATTR_HIDDEN_SSID,
3510				NL80211_HIDDEN_SSID_NOT_IN_USE))
3511			goto fail;
3512		break;
3513	case HIDDEN_SSID_ZERO_LEN:
3514		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len");
3515		if (nla_put_u32(msg, NL80211_ATTR_HIDDEN_SSID,
3516				NL80211_HIDDEN_SSID_ZERO_LEN))
3517			goto fail;
3518		break;
3519	case HIDDEN_SSID_ZERO_CONTENTS:
3520		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents");
3521		if (nla_put_u32(msg, NL80211_ATTR_HIDDEN_SSID,
3522				NL80211_HIDDEN_SSID_ZERO_CONTENTS))
3523			goto fail;
3524		break;
3525	}
3526	wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy);
3527	if (params->privacy &&
3528	    nla_put_flag(msg, NL80211_ATTR_PRIVACY))
3529		goto fail;
3530	wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs);
3531	if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) ==
3532	    (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) {
3533		/* Leave out the attribute */
3534	} else if (params->auth_algs & WPA_AUTH_ALG_SHARED) {
3535		if (nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE,
3536				NL80211_AUTHTYPE_SHARED_KEY))
3537			goto fail;
3538	} else {
3539		if (nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE,
3540				NL80211_AUTHTYPE_OPEN_SYSTEM))
3541			goto fail;
3542	}
3543
3544	wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version);
3545	ver = 0;
3546	if (params->wpa_version & WPA_PROTO_WPA)
3547		ver |= NL80211_WPA_VERSION_1;
3548	if (params->wpa_version & WPA_PROTO_RSN)
3549		ver |= NL80211_WPA_VERSION_2;
3550	if (ver &&
3551	    nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
3552		goto fail;
3553
3554	wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x",
3555		   params->key_mgmt_suites);
3556	num_suites = 0;
3557	if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X)
3558		suites[num_suites++] = WLAN_AKM_SUITE_8021X;
3559	if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)
3560		suites[num_suites++] = WLAN_AKM_SUITE_PSK;
3561	if (num_suites &&
3562	    nla_put(msg, NL80211_ATTR_AKM_SUITES, num_suites * sizeof(u32),
3563		    suites))
3564		goto fail;
3565
3566	if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
3567	    params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40) &&
3568	    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))
3569		goto fail;
3570
3571	wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x",
3572		   params->pairwise_ciphers);
3573	num_suites = wpa_cipher_to_cipher_suites(params->pairwise_ciphers,
3574						 suites, ARRAY_SIZE(suites));
3575	if (num_suites &&
3576	    nla_put(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
3577		    num_suites * sizeof(u32), suites))
3578		goto fail;
3579
3580	wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x",
3581		   params->group_cipher);
3582	suite = wpa_cipher_to_cipher_suite(params->group_cipher);
3583	if (suite &&
3584	    nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite))
3585		goto fail;
3586
3587	if (params->ht_opmode != -1) {
3588		switch (params->smps_mode) {
3589		case HT_CAP_INFO_SMPS_DYNAMIC:
3590			wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - dynamic");
3591			smps_mode = NL80211_SMPS_DYNAMIC;
3592			break;
3593		case HT_CAP_INFO_SMPS_STATIC:
3594			wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - static");
3595			smps_mode = NL80211_SMPS_STATIC;
3596			break;
3597		default:
3598			/* invalid - fallback to smps off */
3599		case HT_CAP_INFO_SMPS_DISABLED:
3600			wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - off");
3601			smps_mode = NL80211_SMPS_OFF;
3602			break;
3603		}
3604		if (nla_put_u32(msg, NL80211_ATTR_SMPS_MODE, smps_mode))
3605			goto fail;
3606	}
3607
3608	if (params->beacon_ies) {
3609		wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies",
3610				params->beacon_ies);
3611		if (nla_put(msg, NL80211_ATTR_IE,
3612			    wpabuf_len(params->beacon_ies),
3613			    wpabuf_head(params->beacon_ies)))
3614			goto fail;
3615	}
3616	if (params->proberesp_ies) {
3617		wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies",
3618				params->proberesp_ies);
3619		if (nla_put(msg, NL80211_ATTR_IE_PROBE_RESP,
3620			    wpabuf_len(params->proberesp_ies),
3621			    wpabuf_head(params->proberesp_ies)))
3622			goto fail;
3623	}
3624	if (params->assocresp_ies) {
3625		wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies",
3626				params->assocresp_ies);
3627		if (nla_put(msg, NL80211_ATTR_IE_ASSOC_RESP,
3628			    wpabuf_len(params->assocresp_ies),
3629			    wpabuf_head(params->assocresp_ies)))
3630			goto fail;
3631	}
3632
3633	if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)  {
3634		wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d",
3635			   params->ap_max_inactivity);
3636		if (nla_put_u16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT,
3637				params->ap_max_inactivity))
3638			goto fail;
3639	}
3640
3641#ifdef CONFIG_P2P
3642	if (params->p2p_go_ctwindow > 0) {
3643		if (drv->p2p_go_ctwindow_supported) {
3644			wpa_printf(MSG_DEBUG, "nl80211: P2P GO ctwindow=%d",
3645				   params->p2p_go_ctwindow);
3646			if (nla_put_u8(msg, NL80211_ATTR_P2P_CTWINDOW,
3647				       params->p2p_go_ctwindow))
3648				goto fail;
3649		} else {
3650			wpa_printf(MSG_INFO,
3651				   "nl80211: Driver does not support CTWindow configuration - ignore this parameter");
3652		}
3653	}
3654#endif /* CONFIG_P2P */
3655
3656	if (params->pbss) {
3657		wpa_printf(MSG_DEBUG, "nl80211: PBSS");
3658		if (nla_put_flag(msg, NL80211_ATTR_PBSS))
3659			goto fail;
3660	}
3661
3662	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3663	if (ret) {
3664		wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
3665			   ret, strerror(-ret));
3666	} else {
3667		bss->beacon_set = 1;
3668		nl80211_set_bss(bss, params->cts_protect, params->preamble,
3669				params->short_slot_time, params->ht_opmode,
3670				params->isolate, params->basic_rates);
3671		if (beacon_set && params->freq &&
3672		    params->freq->bandwidth != bss->bandwidth) {
3673			wpa_printf(MSG_DEBUG,
3674				   "nl80211: Update BSS %s bandwidth: %d -> %d",
3675				   bss->ifname, bss->bandwidth,
3676				   params->freq->bandwidth);
3677			ret = nl80211_set_channel(bss, params->freq, 1);
3678			if (ret) {
3679				wpa_printf(MSG_DEBUG,
3680					   "nl80211: Frequency set failed: %d (%s)",
3681					   ret, strerror(-ret));
3682			} else {
3683				wpa_printf(MSG_DEBUG,
3684					   "nl80211: Frequency set succeeded for ht2040 coex");
3685				bss->bandwidth = params->freq->bandwidth;
3686			}
3687		} else if (!beacon_set) {
3688			/*
3689			 * cfg80211 updates the driver on frequence change in AP
3690			 * mode only at the point when beaconing is started, so
3691			 * set the initial value here.
3692			 */
3693			bss->bandwidth = params->freq->bandwidth;
3694		}
3695	}
3696	return ret;
3697fail:
3698	nlmsg_free(msg);
3699	return -ENOBUFS;
3700}
3701
3702
3703static int nl80211_put_freq_params(struct nl_msg *msg,
3704				   const struct hostapd_freq_params *freq)
3705{
3706	wpa_printf(MSG_DEBUG, "  * freq=%d", freq->freq);
3707	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq))
3708		return -ENOBUFS;
3709
3710	wpa_printf(MSG_DEBUG, "  * vht_enabled=%d", freq->vht_enabled);
3711	wpa_printf(MSG_DEBUG, "  * ht_enabled=%d", freq->ht_enabled);
3712
3713	if (freq->vht_enabled) {
3714		enum nl80211_chan_width cw;
3715
3716		wpa_printf(MSG_DEBUG, "  * bandwidth=%d", freq->bandwidth);
3717		switch (freq->bandwidth) {
3718		case 20:
3719			cw = NL80211_CHAN_WIDTH_20;
3720			break;
3721		case 40:
3722			cw = NL80211_CHAN_WIDTH_40;
3723			break;
3724		case 80:
3725			if (freq->center_freq2)
3726				cw = NL80211_CHAN_WIDTH_80P80;
3727			else
3728				cw = NL80211_CHAN_WIDTH_80;
3729			break;
3730		case 160:
3731			cw = NL80211_CHAN_WIDTH_160;
3732			break;
3733		default:
3734			return -EINVAL;
3735		}
3736
3737		wpa_printf(MSG_DEBUG, "  * channel_width=%d", cw);
3738		wpa_printf(MSG_DEBUG, "  * center_freq1=%d",
3739			   freq->center_freq1);
3740		wpa_printf(MSG_DEBUG, "  * center_freq2=%d",
3741			   freq->center_freq2);
3742		if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, cw) ||
3743		    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1,
3744				freq->center_freq1) ||
3745		    (freq->center_freq2 &&
3746		     nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2,
3747				 freq->center_freq2)))
3748			return -ENOBUFS;
3749	} else if (freq->ht_enabled) {
3750		enum nl80211_channel_type ct;
3751
3752		wpa_printf(MSG_DEBUG, "  * sec_channel_offset=%d",
3753			   freq->sec_channel_offset);
3754		switch (freq->sec_channel_offset) {
3755		case -1:
3756			ct = NL80211_CHAN_HT40MINUS;
3757			break;
3758		case 1:
3759			ct = NL80211_CHAN_HT40PLUS;
3760			break;
3761		default:
3762			ct = NL80211_CHAN_HT20;
3763			break;
3764		}
3765
3766		wpa_printf(MSG_DEBUG, "  * channel_type=%d", ct);
3767		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, ct))
3768			return -ENOBUFS;
3769	}
3770	return 0;
3771}
3772
3773
3774static int nl80211_set_channel(struct i802_bss *bss,
3775			       struct hostapd_freq_params *freq, int set_chan)
3776{
3777	struct wpa_driver_nl80211_data *drv = bss->drv;
3778	struct nl_msg *msg;
3779	int ret;
3780
3781	wpa_printf(MSG_DEBUG,
3782		   "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
3783		   freq->freq, freq->ht_enabled, freq->vht_enabled,
3784		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
3785
3786	msg = nl80211_drv_msg(drv, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
3787			      NL80211_CMD_SET_WIPHY);
3788	if (!msg || nl80211_put_freq_params(msg, freq) < 0) {
3789		nlmsg_free(msg);
3790		return -1;
3791	}
3792
3793	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3794	if (ret == 0) {
3795		bss->freq = freq->freq;
3796		return 0;
3797	}
3798	wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
3799		   "%d (%s)", freq->freq, ret, strerror(-ret));
3800	return -1;
3801}
3802
3803
3804static u32 sta_flags_nl80211(int flags)
3805{
3806	u32 f = 0;
3807
3808	if (flags & WPA_STA_AUTHORIZED)
3809		f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
3810	if (flags & WPA_STA_WMM)
3811		f |= BIT(NL80211_STA_FLAG_WME);
3812	if (flags & WPA_STA_SHORT_PREAMBLE)
3813		f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
3814	if (flags & WPA_STA_MFP)
3815		f |= BIT(NL80211_STA_FLAG_MFP);
3816	if (flags & WPA_STA_TDLS_PEER)
3817		f |= BIT(NL80211_STA_FLAG_TDLS_PEER);
3818	if (flags & WPA_STA_AUTHENTICATED)
3819		f |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
3820	if (flags & WPA_STA_ASSOCIATED)
3821		f |= BIT(NL80211_STA_FLAG_ASSOCIATED);
3822
3823	return f;
3824}
3825
3826
3827#ifdef CONFIG_MESH
3828static u32 sta_plink_state_nl80211(enum mesh_plink_state state)
3829{
3830	switch (state) {
3831	case PLINK_LISTEN:
3832		return NL80211_PLINK_LISTEN;
3833	case PLINK_OPEN_SENT:
3834		return NL80211_PLINK_OPN_SNT;
3835	case PLINK_OPEN_RCVD:
3836		return NL80211_PLINK_OPN_RCVD;
3837	case PLINK_CNF_RCVD:
3838		return NL80211_PLINK_CNF_RCVD;
3839	case PLINK_ESTAB:
3840		return NL80211_PLINK_ESTAB;
3841	case PLINK_HOLDING:
3842		return NL80211_PLINK_HOLDING;
3843	case PLINK_BLOCKED:
3844		return NL80211_PLINK_BLOCKED;
3845	default:
3846		wpa_printf(MSG_ERROR, "nl80211: Invalid mesh plink state %d",
3847			   state);
3848	}
3849	return -1;
3850}
3851#endif /* CONFIG_MESH */
3852
3853
3854static int wpa_driver_nl80211_sta_add(void *priv,
3855				      struct hostapd_sta_add_params *params)
3856{
3857	struct i802_bss *bss = priv;
3858	struct wpa_driver_nl80211_data *drv = bss->drv;
3859	struct nl_msg *msg;
3860	struct nl80211_sta_flag_update upd;
3861	int ret = -ENOBUFS;
3862
3863	if ((params->flags & WPA_STA_TDLS_PEER) &&
3864	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
3865		return -EOPNOTSUPP;
3866
3867	wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR,
3868		   params->set ? "Set" : "Add", MAC2STR(params->addr));
3869	msg = nl80211_bss_msg(bss, 0, params->set ? NL80211_CMD_SET_STATION :
3870			      NL80211_CMD_NEW_STATION);
3871	if (!msg || nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr))
3872		goto fail;
3873
3874	/*
3875	 * Set the below properties only in one of the following cases:
3876	 * 1. New station is added, already associated.
3877	 * 2. Set WPA_STA_TDLS_PEER station.
3878	 * 3. Set an already added unassociated station, if driver supports
3879	 * full AP client state. (Set these properties after station became
3880	 * associated will be rejected by the driver).
3881	 */
3882	if (!params->set || (params->flags & WPA_STA_TDLS_PEER) ||
3883	    (params->set && FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags) &&
3884	     (params->flags & WPA_STA_ASSOCIATED))) {
3885		wpa_hexdump(MSG_DEBUG, "  * supported rates",
3886			    params->supp_rates, params->supp_rates_len);
3887		wpa_printf(MSG_DEBUG, "  * capability=0x%x",
3888			   params->capability);
3889		if (nla_put(msg, NL80211_ATTR_STA_SUPPORTED_RATES,
3890			    params->supp_rates_len, params->supp_rates) ||
3891		    nla_put_u16(msg, NL80211_ATTR_STA_CAPABILITY,
3892				params->capability))
3893			goto fail;
3894
3895		if (params->ht_capabilities) {
3896			wpa_hexdump(MSG_DEBUG, "  * ht_capabilities",
3897				    (u8 *) params->ht_capabilities,
3898				    sizeof(*params->ht_capabilities));
3899			if (nla_put(msg, NL80211_ATTR_HT_CAPABILITY,
3900				    sizeof(*params->ht_capabilities),
3901				    params->ht_capabilities))
3902				goto fail;
3903		}
3904
3905		if (params->vht_capabilities) {
3906			wpa_hexdump(MSG_DEBUG, "  * vht_capabilities",
3907				    (u8 *) params->vht_capabilities,
3908				    sizeof(*params->vht_capabilities));
3909			if (nla_put(msg, NL80211_ATTR_VHT_CAPABILITY,
3910				    sizeof(*params->vht_capabilities),
3911				    params->vht_capabilities))
3912				goto fail;
3913		}
3914
3915		if (params->ext_capab) {
3916			wpa_hexdump(MSG_DEBUG, "  * ext_capab",
3917				    params->ext_capab, params->ext_capab_len);
3918			if (nla_put(msg, NL80211_ATTR_STA_EXT_CAPABILITY,
3919				    params->ext_capab_len, params->ext_capab))
3920				goto fail;
3921		}
3922	}
3923	if (!params->set) {
3924		if (params->aid) {
3925			wpa_printf(MSG_DEBUG, "  * aid=%u", params->aid);
3926			if (nla_put_u16(msg, NL80211_ATTR_STA_AID, params->aid))
3927				goto fail;
3928		} else {
3929			/*
3930			 * cfg80211 validates that AID is non-zero, so we have
3931			 * to make this a non-zero value for the TDLS case where
3932			 * a dummy STA entry is used for now and for a station
3933			 * that is still not associated.
3934			 */
3935			wpa_printf(MSG_DEBUG, "  * aid=1 (%s workaround)",
3936				   (params->flags & WPA_STA_TDLS_PEER) ?
3937				   "TDLS" : "UNASSOC_STA");
3938			if (nla_put_u16(msg, NL80211_ATTR_STA_AID, 1))
3939				goto fail;
3940		}
3941		wpa_printf(MSG_DEBUG, "  * listen_interval=%u",
3942			   params->listen_interval);
3943		if (nla_put_u16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
3944				params->listen_interval))
3945			goto fail;
3946	} else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) {
3947		wpa_printf(MSG_DEBUG, "  * peer_aid=%u", params->aid);
3948		if (nla_put_u16(msg, NL80211_ATTR_PEER_AID, params->aid))
3949			goto fail;
3950	} else if (FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags) &&
3951		   (params->flags & WPA_STA_ASSOCIATED)) {
3952		wpa_printf(MSG_DEBUG, "  * aid=%u", params->aid);
3953		wpa_printf(MSG_DEBUG, "  * listen_interval=%u",
3954			   params->listen_interval);
3955		if (nla_put_u16(msg, NL80211_ATTR_STA_AID, params->aid) ||
3956		    nla_put_u16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
3957				params->listen_interval))
3958			goto fail;
3959	}
3960
3961	if (params->vht_opmode_enabled) {
3962		wpa_printf(MSG_DEBUG, "  * opmode=%u", params->vht_opmode);
3963		if (nla_put_u8(msg, NL80211_ATTR_OPMODE_NOTIF,
3964			       params->vht_opmode))
3965			goto fail;
3966	}
3967
3968	if (params->supp_channels) {
3969		wpa_hexdump(MSG_DEBUG, "  * supported channels",
3970			    params->supp_channels, params->supp_channels_len);
3971		if (nla_put(msg, NL80211_ATTR_STA_SUPPORTED_CHANNELS,
3972			    params->supp_channels_len, params->supp_channels))
3973			goto fail;
3974	}
3975
3976	if (params->supp_oper_classes) {
3977		wpa_hexdump(MSG_DEBUG, "  * supported operating classes",
3978			    params->supp_oper_classes,
3979			    params->supp_oper_classes_len);
3980		if (nla_put(msg, NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES,
3981			    params->supp_oper_classes_len,
3982			    params->supp_oper_classes))
3983			goto fail;
3984	}
3985
3986	os_memset(&upd, 0, sizeof(upd));
3987	upd.set = sta_flags_nl80211(params->flags);
3988	upd.mask = upd.set | sta_flags_nl80211(params->flags_mask);
3989
3990	/*
3991	 * If the driver doesn't support full AP client state, ignore ASSOC/AUTH
3992	 * flags, as nl80211 driver moves a new station, by default, into
3993	 * associated state.
3994	 *
3995	 * On the other hand, if the driver supports that feature and the
3996	 * station is added in unauthenticated state, set the
3997	 * authenticated/associated bits in the mask to prevent moving this
3998	 * station to associated state before it is actually associated.
3999	 *
4000	 * This is irrelevant for mesh mode where the station is added to the
4001	 * driver as authenticated already, and ASSOCIATED isn't part of the
4002	 * nl80211 API.
4003	 */
4004	if (!is_mesh_interface(drv->nlmode)) {
4005		if (!FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags)) {
4006			wpa_printf(MSG_DEBUG,
4007				   "nl80211: Ignore ASSOC/AUTH flags since driver doesn't support full AP client state");
4008			upd.mask &= ~(BIT(NL80211_STA_FLAG_ASSOCIATED) |
4009				      BIT(NL80211_STA_FLAG_AUTHENTICATED));
4010		} else if (!params->set &&
4011			   !(params->flags & WPA_STA_TDLS_PEER)) {
4012			if (!(params->flags & WPA_STA_AUTHENTICATED))
4013				upd.mask |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
4014			if (!(params->flags & WPA_STA_ASSOCIATED))
4015				upd.mask |= BIT(NL80211_STA_FLAG_ASSOCIATED);
4016		}
4017	}
4018
4019	wpa_printf(MSG_DEBUG, "  * flags set=0x%x mask=0x%x",
4020		   upd.set, upd.mask);
4021	if (nla_put(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd))
4022		goto fail;
4023
4024#ifdef CONFIG_MESH
4025	if (params->plink_state &&
4026	    nla_put_u8(msg, NL80211_ATTR_STA_PLINK_STATE,
4027		       sta_plink_state_nl80211(params->plink_state)))
4028		goto fail;
4029#endif /* CONFIG_MESH */
4030
4031	if (params->flags & WPA_STA_WMM) {
4032		struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME);
4033
4034		wpa_printf(MSG_DEBUG, "  * qosinfo=0x%x", params->qosinfo);
4035		if (!wme ||
4036		    nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
4037			       params->qosinfo & WMM_QOSINFO_STA_AC_MASK) ||
4038		    nla_put_u8(msg, NL80211_STA_WME_MAX_SP,
4039			       (params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) &
4040			       WMM_QOSINFO_STA_SP_MASK))
4041			goto fail;
4042		nla_nest_end(msg, wme);
4043	}
4044
4045	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4046	msg = NULL;
4047	if (ret)
4048		wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION "
4049			   "result: %d (%s)", params->set ? "SET" : "NEW", ret,
4050			   strerror(-ret));
4051	if (ret == -EEXIST)
4052		ret = 0;
4053fail:
4054	nlmsg_free(msg);
4055	return ret;
4056}
4057
4058
4059static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
4060{
4061#ifdef CONFIG_LIBNL3_ROUTE
4062	struct wpa_driver_nl80211_data *drv = bss->drv;
4063	struct rtnl_neigh *rn;
4064	struct nl_addr *nl_addr;
4065	int err;
4066
4067	rn = rtnl_neigh_alloc();
4068	if (!rn)
4069		return;
4070
4071	rtnl_neigh_set_family(rn, AF_BRIDGE);
4072	rtnl_neigh_set_ifindex(rn, bss->ifindex);
4073	nl_addr = nl_addr_build(AF_BRIDGE, (void *) addr, ETH_ALEN);
4074	if (!nl_addr) {
4075		rtnl_neigh_put(rn);
4076		return;
4077	}
4078	rtnl_neigh_set_lladdr(rn, nl_addr);
4079
4080	err = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
4081	if (err < 0) {
4082		wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
4083			   MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
4084			   bss->ifindex, nl_geterror(err));
4085	} else {
4086		wpa_printf(MSG_DEBUG, "nl80211: deleted bridge FDB entry for "
4087			   MACSTR, MAC2STR(addr));
4088	}
4089
4090	nl_addr_put(nl_addr);
4091	rtnl_neigh_put(rn);
4092#endif /* CONFIG_LIBNL3_ROUTE */
4093}
4094
4095
4096static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr,
4097					 int deauth, u16 reason_code)
4098{
4099	struct wpa_driver_nl80211_data *drv = bss->drv;
4100	struct nl_msg *msg;
4101	int ret;
4102
4103	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_STATION)) ||
4104	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
4105	    (deauth == 0 &&
4106	     nla_put_u8(msg, NL80211_ATTR_MGMT_SUBTYPE,
4107			WLAN_FC_STYPE_DISASSOC)) ||
4108	    (deauth == 1 &&
4109	     nla_put_u8(msg, NL80211_ATTR_MGMT_SUBTYPE,
4110			WLAN_FC_STYPE_DEAUTH)) ||
4111	    (reason_code &&
4112	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code))) {
4113		nlmsg_free(msg);
4114		return -ENOBUFS;
4115	}
4116
4117	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4118	wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR
4119		   " --> %d (%s)",
4120		   bss->ifname, MAC2STR(addr), ret, strerror(-ret));
4121
4122	if (drv->rtnl_sk)
4123		rtnl_neigh_delete_fdb_entry(bss, addr);
4124
4125	if (ret == -ENOENT)
4126		return 0;
4127	return ret;
4128}
4129
4130
4131void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, int ifidx)
4132{
4133	struct nl_msg *msg;
4134	struct wpa_driver_nl80211_data *drv2;
4135
4136	wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
4137
4138	/* stop listening for EAPOL on this interface */
4139	dl_list_for_each(drv2, &drv->global->interfaces,
4140			 struct wpa_driver_nl80211_data, list)
4141	{
4142		del_ifidx(drv2, ifidx, IFIDX_ANY);
4143		/* Remove all bridges learned for this iface */
4144		del_ifidx(drv2, IFIDX_ANY, ifidx);
4145	}
4146
4147	msg = nl80211_ifindex_msg(drv, ifidx, 0, NL80211_CMD_DEL_INTERFACE);
4148	if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
4149		return;
4150	wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
4151}
4152
4153
4154static const char * nl80211_iftype_str(enum nl80211_iftype mode)
4155{
4156	switch (mode) {
4157	case NL80211_IFTYPE_ADHOC:
4158		return "ADHOC";
4159	case NL80211_IFTYPE_STATION:
4160		return "STATION";
4161	case NL80211_IFTYPE_AP:
4162		return "AP";
4163	case NL80211_IFTYPE_AP_VLAN:
4164		return "AP_VLAN";
4165	case NL80211_IFTYPE_WDS:
4166		return "WDS";
4167	case NL80211_IFTYPE_MONITOR:
4168		return "MONITOR";
4169	case NL80211_IFTYPE_MESH_POINT:
4170		return "MESH_POINT";
4171	case NL80211_IFTYPE_P2P_CLIENT:
4172		return "P2P_CLIENT";
4173	case NL80211_IFTYPE_P2P_GO:
4174		return "P2P_GO";
4175	case NL80211_IFTYPE_P2P_DEVICE:
4176		return "P2P_DEVICE";
4177	default:
4178		return "unknown";
4179	}
4180}
4181
4182
4183static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
4184				     const char *ifname,
4185				     enum nl80211_iftype iftype,
4186				     const u8 *addr, int wds,
4187				     int (*handler)(struct nl_msg *, void *),
4188				     void *arg)
4189{
4190	struct nl_msg *msg;
4191	int ifidx;
4192	int ret = -ENOBUFS;
4193
4194	wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)",
4195		   iftype, nl80211_iftype_str(iftype));
4196
4197	msg = nl80211_cmd_msg(drv->first_bss, 0, NL80211_CMD_NEW_INTERFACE);
4198	if (!msg ||
4199	    nla_put_string(msg, NL80211_ATTR_IFNAME, ifname) ||
4200	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, iftype))
4201		goto fail;
4202
4203	if (iftype == NL80211_IFTYPE_MONITOR) {
4204		struct nlattr *flags;
4205
4206		flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS);
4207		if (!flags ||
4208		    nla_put_flag(msg, NL80211_MNTR_FLAG_COOK_FRAMES))
4209			goto fail;
4210
4211		nla_nest_end(msg, flags);
4212	} else if (wds) {
4213		if (nla_put_u8(msg, NL80211_ATTR_4ADDR, wds))
4214			goto fail;
4215	}
4216
4217	/*
4218	 * Tell cfg80211 that the interface belongs to the socket that created
4219	 * it, and the interface should be deleted when the socket is closed.
4220	 */
4221	if (nla_put_flag(msg, NL80211_ATTR_IFACE_SOCKET_OWNER))
4222		goto fail;
4223
4224	ret = send_and_recv_msgs(drv, msg, handler, arg);
4225	msg = NULL;
4226	if (ret) {
4227	fail:
4228		nlmsg_free(msg);
4229		wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
4230			   ifname, ret, strerror(-ret));
4231		return ret;
4232	}
4233
4234	if (iftype == NL80211_IFTYPE_P2P_DEVICE)
4235		return 0;
4236
4237	ifidx = if_nametoindex(ifname);
4238	wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
4239		   ifname, ifidx);
4240
4241	if (ifidx <= 0)
4242		return -1;
4243
4244	/*
4245	 * Some virtual interfaces need to process EAPOL packets and events on
4246	 * the parent interface. This is used mainly with hostapd.
4247	 */
4248	if (drv->hostapd ||
4249	    iftype == NL80211_IFTYPE_AP_VLAN ||
4250	    iftype == NL80211_IFTYPE_WDS ||
4251	    iftype == NL80211_IFTYPE_MONITOR) {
4252		/* start listening for EAPOL on this interface */
4253		add_ifidx(drv, ifidx, IFIDX_ANY);
4254	}
4255
4256	if (addr && iftype != NL80211_IFTYPE_MONITOR &&
4257	    linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) {
4258		nl80211_remove_iface(drv, ifidx);
4259		return -1;
4260	}
4261
4262	return ifidx;
4263}
4264
4265
4266int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
4267			 const char *ifname, enum nl80211_iftype iftype,
4268			 const u8 *addr, int wds,
4269			 int (*handler)(struct nl_msg *, void *),
4270			 void *arg, int use_existing)
4271{
4272	int ret;
4273
4274	ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler,
4275					arg);
4276
4277	/* if error occurred and interface exists already */
4278	if (ret == -ENFILE && if_nametoindex(ifname)) {
4279		if (use_existing) {
4280			wpa_printf(MSG_DEBUG, "nl80211: Continue using existing interface %s",
4281				   ifname);
4282			if (addr && iftype != NL80211_IFTYPE_MONITOR &&
4283			    linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
4284					       addr) < 0 &&
4285			    (linux_set_iface_flags(drv->global->ioctl_sock,
4286						   ifname, 0) < 0 ||
4287			     linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
4288						addr) < 0 ||
4289			     linux_set_iface_flags(drv->global->ioctl_sock,
4290						   ifname, 1) < 0))
4291					return -1;
4292			return -ENFILE;
4293		}
4294		wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
4295
4296		/* Try to remove the interface that was already there. */
4297		nl80211_remove_iface(drv, if_nametoindex(ifname));
4298
4299		/* Try to create the interface again */
4300		ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
4301						wds, handler, arg);
4302	}
4303
4304	if (ret >= 0 && is_p2p_net_interface(iftype)) {
4305		wpa_printf(MSG_DEBUG,
4306			   "nl80211: Interface %s created for P2P - disable 11b rates",
4307			   ifname);
4308		nl80211_disable_11b_rates(drv, ret, 1);
4309	}
4310
4311	return ret;
4312}
4313
4314
4315static int nl80211_setup_ap(struct i802_bss *bss)
4316{
4317	struct wpa_driver_nl80211_data *drv = bss->drv;
4318
4319	wpa_printf(MSG_DEBUG, "nl80211: Setup AP(%s) - device_ap_sme=%d use_monitor=%d",
4320		   bss->ifname, drv->device_ap_sme, drv->use_monitor);
4321
4322	/*
4323	 * Disable Probe Request reporting unless we need it in this way for
4324	 * devices that include the AP SME, in the other case (unless using
4325	 * monitor iface) we'll get it through the nl_mgmt socket instead.
4326	 */
4327	if (!drv->device_ap_sme)
4328		wpa_driver_nl80211_probe_req_report(bss, 0);
4329
4330	if (!drv->device_ap_sme && !drv->use_monitor)
4331		if (nl80211_mgmt_subscribe_ap(bss))
4332			return -1;
4333
4334	if (drv->device_ap_sme && !drv->use_monitor)
4335		if (nl80211_mgmt_subscribe_ap_dev_sme(bss))
4336			return -1;
4337
4338	if (!drv->device_ap_sme && drv->use_monitor &&
4339	    nl80211_create_monitor_interface(drv) &&
4340	    !drv->device_ap_sme)
4341		return -1;
4342
4343	if (drv->device_ap_sme &&
4344	    wpa_driver_nl80211_probe_req_report(bss, 1) < 0) {
4345		wpa_printf(MSG_DEBUG, "nl80211: Failed to enable "
4346			   "Probe Request frame reporting in AP mode");
4347		/* Try to survive without this */
4348	}
4349
4350	return 0;
4351}
4352
4353
4354static void nl80211_teardown_ap(struct i802_bss *bss)
4355{
4356	struct wpa_driver_nl80211_data *drv = bss->drv;
4357
4358	wpa_printf(MSG_DEBUG, "nl80211: Teardown AP(%s) - device_ap_sme=%d use_monitor=%d",
4359		   bss->ifname, drv->device_ap_sme, drv->use_monitor);
4360	if (drv->device_ap_sme) {
4361		wpa_driver_nl80211_probe_req_report(bss, 0);
4362		if (!drv->use_monitor)
4363			nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)");
4364	} else if (drv->use_monitor)
4365		nl80211_remove_monitor_interface(drv);
4366	else
4367		nl80211_mgmt_unsubscribe(bss, "AP teardown");
4368
4369	bss->beacon_set = 0;
4370}
4371
4372
4373static int nl80211_send_eapol_data(struct i802_bss *bss,
4374				   const u8 *addr, const u8 *data,
4375				   size_t data_len)
4376{
4377	struct sockaddr_ll ll;
4378	int ret;
4379
4380	if (bss->drv->eapol_tx_sock < 0) {
4381		wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL");
4382		return -1;
4383	}
4384
4385	os_memset(&ll, 0, sizeof(ll));
4386	ll.sll_family = AF_PACKET;
4387	ll.sll_ifindex = bss->ifindex;
4388	ll.sll_protocol = htons(ETH_P_PAE);
4389	ll.sll_halen = ETH_ALEN;
4390	os_memcpy(ll.sll_addr, addr, ETH_ALEN);
4391	ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0,
4392		     (struct sockaddr *) &ll, sizeof(ll));
4393	if (ret < 0)
4394		wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s",
4395			   strerror(errno));
4396
4397	return ret;
4398}
4399
4400
4401static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
4402
4403static int wpa_driver_nl80211_hapd_send_eapol(
4404	void *priv, const u8 *addr, const u8 *data,
4405	size_t data_len, int encrypt, const u8 *own_addr, u32 flags)
4406{
4407	struct i802_bss *bss = priv;
4408	struct wpa_driver_nl80211_data *drv = bss->drv;
4409	struct ieee80211_hdr *hdr;
4410	size_t len;
4411	u8 *pos;
4412	int res;
4413	int qos = flags & WPA_STA_WMM;
4414
4415	if (drv->device_ap_sme || !drv->use_monitor)
4416		return nl80211_send_eapol_data(bss, addr, data, data_len);
4417
4418	len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
4419		data_len;
4420	hdr = os_zalloc(len);
4421	if (hdr == NULL) {
4422		wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)",
4423			   (unsigned long) len);
4424		return -1;
4425	}
4426
4427	hdr->frame_control =
4428		IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
4429	hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
4430	if (encrypt)
4431		hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
4432	if (qos) {
4433		hdr->frame_control |=
4434			host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
4435	}
4436
4437	memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
4438	memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
4439	memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
4440	pos = (u8 *) (hdr + 1);
4441
4442	if (qos) {
4443		/* Set highest priority in QoS header */
4444		pos[0] = 7;
4445		pos[1] = 0;
4446		pos += 2;
4447	}
4448
4449	memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
4450	pos += sizeof(rfc1042_header);
4451	WPA_PUT_BE16(pos, ETH_P_PAE);
4452	pos += 2;
4453	memcpy(pos, data, data_len);
4454
4455	res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0,
4456					    0, 0, 0, 0, NULL, 0);
4457	if (res < 0) {
4458		wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
4459			   "failed: %d (%s)",
4460			   (unsigned long) len, errno, strerror(errno));
4461	}
4462	os_free(hdr);
4463
4464	return res;
4465}
4466
4467
4468static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
4469					    unsigned int total_flags,
4470					    unsigned int flags_or,
4471					    unsigned int flags_and)
4472{
4473	struct i802_bss *bss = priv;
4474	struct nl_msg *msg;
4475	struct nlattr *flags;
4476	struct nl80211_sta_flag_update upd;
4477
4478	wpa_printf(MSG_DEBUG, "nl80211: Set STA flags - ifname=%s addr=" MACSTR
4479		   " total_flags=0x%x flags_or=0x%x flags_and=0x%x authorized=%d",
4480		   bss->ifname, MAC2STR(addr), total_flags, flags_or, flags_and,
4481		   !!(total_flags & WPA_STA_AUTHORIZED));
4482
4483	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
4484	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
4485		goto fail;
4486
4487	/*
4488	 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
4489	 * can be removed eventually.
4490	 */
4491	flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS);
4492	if (!flags ||
4493	    ((total_flags & WPA_STA_AUTHORIZED) &&
4494	     nla_put_flag(msg, NL80211_STA_FLAG_AUTHORIZED)) ||
4495	    ((total_flags & WPA_STA_WMM) &&
4496	     nla_put_flag(msg, NL80211_STA_FLAG_WME)) ||
4497	    ((total_flags & WPA_STA_SHORT_PREAMBLE) &&
4498	     nla_put_flag(msg, NL80211_STA_FLAG_SHORT_PREAMBLE)) ||
4499	    ((total_flags & WPA_STA_MFP) &&
4500	     nla_put_flag(msg, NL80211_STA_FLAG_MFP)) ||
4501	    ((total_flags & WPA_STA_TDLS_PEER) &&
4502	     nla_put_flag(msg, NL80211_STA_FLAG_TDLS_PEER)))
4503		goto fail;
4504
4505	nla_nest_end(msg, flags);
4506
4507	os_memset(&upd, 0, sizeof(upd));
4508	upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
4509	upd.set = sta_flags_nl80211(flags_or);
4510	if (nla_put(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd))
4511		goto fail;
4512
4513	return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
4514fail:
4515	nlmsg_free(msg);
4516	return -ENOBUFS;
4517}
4518
4519
4520static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
4521				 struct wpa_driver_associate_params *params)
4522{
4523	enum nl80211_iftype nlmode, old_mode;
4524
4525	if (params->p2p) {
4526		wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P "
4527			   "group (GO)");
4528		nlmode = NL80211_IFTYPE_P2P_GO;
4529	} else
4530		nlmode = NL80211_IFTYPE_AP;
4531
4532	old_mode = drv->nlmode;
4533	if (wpa_driver_nl80211_set_mode(drv->first_bss, nlmode)) {
4534		nl80211_remove_monitor_interface(drv);
4535		return -1;
4536	}
4537
4538	if (params->freq.freq &&
4539	    nl80211_set_channel(drv->first_bss, &params->freq, 0)) {
4540		if (old_mode != nlmode)
4541			wpa_driver_nl80211_set_mode(drv->first_bss, old_mode);
4542		nl80211_remove_monitor_interface(drv);
4543		return -1;
4544	}
4545
4546	return 0;
4547}
4548
4549
4550static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv,
4551			      int reset_mode)
4552{
4553	struct nl_msg *msg;
4554	int ret;
4555
4556	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_IBSS);
4557	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4558	if (ret) {
4559		wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
4560			   "(%s)", ret, strerror(-ret));
4561	} else {
4562		wpa_printf(MSG_DEBUG,
4563			   "nl80211: Leave IBSS request sent successfully");
4564	}
4565
4566	if (reset_mode &&
4567	    wpa_driver_nl80211_set_mode(drv->first_bss,
4568					NL80211_IFTYPE_STATION)) {
4569		wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
4570			   "station mode");
4571	}
4572
4573	return ret;
4574}
4575
4576
4577static int nl80211_ht_vht_overrides(struct nl_msg *msg,
4578				    struct wpa_driver_associate_params *params)
4579{
4580	if (params->disable_ht && nla_put_flag(msg, NL80211_ATTR_DISABLE_HT))
4581		return -1;
4582
4583	if (params->htcaps && params->htcaps_mask) {
4584		int sz = sizeof(struct ieee80211_ht_capabilities);
4585		wpa_hexdump(MSG_DEBUG, "  * htcaps", params->htcaps, sz);
4586		wpa_hexdump(MSG_DEBUG, "  * htcaps_mask",
4587			    params->htcaps_mask, sz);
4588		if (nla_put(msg, NL80211_ATTR_HT_CAPABILITY, sz,
4589			    params->htcaps) ||
4590		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz,
4591			    params->htcaps_mask))
4592			return -1;
4593	}
4594
4595#ifdef CONFIG_VHT_OVERRIDES
4596	if (params->disable_vht) {
4597		wpa_printf(MSG_DEBUG, "  * VHT disabled");
4598		if (nla_put_flag(msg, NL80211_ATTR_DISABLE_VHT))
4599			return -1;
4600	}
4601
4602	if (params->vhtcaps && params->vhtcaps_mask) {
4603		int sz = sizeof(struct ieee80211_vht_capabilities);
4604		wpa_hexdump(MSG_DEBUG, "  * vhtcaps", params->vhtcaps, sz);
4605		wpa_hexdump(MSG_DEBUG, "  * vhtcaps_mask",
4606			    params->vhtcaps_mask, sz);
4607		if (nla_put(msg, NL80211_ATTR_VHT_CAPABILITY, sz,
4608			    params->vhtcaps) ||
4609		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz,
4610			    params->vhtcaps_mask))
4611			return -1;
4612	}
4613#endif /* CONFIG_VHT_OVERRIDES */
4614
4615	return 0;
4616}
4617
4618
4619static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
4620				   struct wpa_driver_associate_params *params)
4621{
4622	struct nl_msg *msg;
4623	int ret = -1;
4624	int count = 0;
4625
4626	wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
4627
4628	if (wpa_driver_nl80211_set_mode_ibss(drv->first_bss, &params->freq)) {
4629		wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
4630			   "IBSS mode");
4631		return -1;
4632	}
4633
4634retry:
4635	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_JOIN_IBSS)) ||
4636	    params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
4637		goto fail;
4638
4639	wpa_hexdump_ascii(MSG_DEBUG, "  * SSID",
4640			  params->ssid, params->ssid_len);
4641	if (nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid))
4642		goto fail;
4643	os_memcpy(drv->ssid, params->ssid, params->ssid_len);
4644	drv->ssid_len = params->ssid_len;
4645
4646	if (nl80211_put_freq_params(msg, &params->freq) < 0 ||
4647	    nl80211_put_beacon_int(msg, params->beacon_int))
4648		goto fail;
4649
4650	ret = nl80211_set_conn_keys(params, msg);
4651	if (ret)
4652		goto fail;
4653
4654	if (params->bssid && params->fixed_bssid) {
4655		wpa_printf(MSG_DEBUG, "  * BSSID=" MACSTR,
4656			   MAC2STR(params->bssid));
4657		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
4658			goto fail;
4659	}
4660
4661	if (params->fixed_freq) {
4662		wpa_printf(MSG_DEBUG, "  * fixed_freq");
4663		if (nla_put_flag(msg, NL80211_ATTR_FREQ_FIXED))
4664			goto fail;
4665	}
4666
4667	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
4668	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
4669	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
4670	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) {
4671		wpa_printf(MSG_DEBUG, "  * control port");
4672		if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT))
4673			goto fail;
4674	}
4675
4676	if (params->wpa_ie) {
4677		wpa_hexdump(MSG_DEBUG,
4678			    "  * Extra IEs for Beacon/Probe Response frames",
4679			    params->wpa_ie, params->wpa_ie_len);
4680		if (nla_put(msg, NL80211_ATTR_IE, params->wpa_ie_len,
4681			    params->wpa_ie))
4682			goto fail;
4683	}
4684
4685	ret = nl80211_ht_vht_overrides(msg, params);
4686	if (ret < 0)
4687		goto fail;
4688
4689	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4690	msg = NULL;
4691	if (ret) {
4692		wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
4693			   ret, strerror(-ret));
4694		count++;
4695		if (ret == -EALREADY && count == 1) {
4696			wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
4697				   "forced leave");
4698			nl80211_leave_ibss(drv, 0);
4699			nlmsg_free(msg);
4700			goto retry;
4701		}
4702	} else {
4703		wpa_printf(MSG_DEBUG,
4704			   "nl80211: Join IBSS request sent successfully");
4705	}
4706
4707fail:
4708	nlmsg_free(msg);
4709	return ret;
4710}
4711
4712
4713static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
4714				  struct wpa_driver_associate_params *params,
4715				  struct nl_msg *msg)
4716{
4717	if (params->bssid) {
4718		wpa_printf(MSG_DEBUG, "  * bssid=" MACSTR,
4719			   MAC2STR(params->bssid));
4720		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
4721			return -1;
4722	}
4723
4724	if (params->bssid_hint) {
4725		wpa_printf(MSG_DEBUG, "  * bssid_hint=" MACSTR,
4726			   MAC2STR(params->bssid_hint));
4727		if (nla_put(msg, NL80211_ATTR_MAC_HINT, ETH_ALEN,
4728			    params->bssid_hint))
4729			return -1;
4730	}
4731
4732	if (params->freq.freq) {
4733		wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq.freq);
4734		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
4735				params->freq.freq))
4736			return -1;
4737		drv->assoc_freq = params->freq.freq;
4738	} else
4739		drv->assoc_freq = 0;
4740
4741	if (params->freq_hint) {
4742		wpa_printf(MSG_DEBUG, "  * freq_hint=%d", params->freq_hint);
4743		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_HINT,
4744				params->freq_hint))
4745			return -1;
4746	}
4747
4748	if (params->bg_scan_period >= 0) {
4749		wpa_printf(MSG_DEBUG, "  * bg scan period=%d",
4750			   params->bg_scan_period);
4751		if (nla_put_u16(msg, NL80211_ATTR_BG_SCAN_PERIOD,
4752				params->bg_scan_period))
4753			return -1;
4754	}
4755
4756	if (params->ssid) {
4757		wpa_hexdump_ascii(MSG_DEBUG, "  * SSID",
4758				  params->ssid, params->ssid_len);
4759		if (nla_put(msg, NL80211_ATTR_SSID, params->ssid_len,
4760			    params->ssid))
4761			return -1;
4762		if (params->ssid_len > sizeof(drv->ssid))
4763			return -1;
4764		os_memcpy(drv->ssid, params->ssid, params->ssid_len);
4765		drv->ssid_len = params->ssid_len;
4766	}
4767
4768	wpa_hexdump(MSG_DEBUG, "  * IEs", params->wpa_ie, params->wpa_ie_len);
4769	if (params->wpa_ie &&
4770	    nla_put(msg, NL80211_ATTR_IE, params->wpa_ie_len, params->wpa_ie))
4771		return -1;
4772
4773	if (params->wpa_proto) {
4774		enum nl80211_wpa_versions ver = 0;
4775
4776		if (params->wpa_proto & WPA_PROTO_WPA)
4777			ver |= NL80211_WPA_VERSION_1;
4778		if (params->wpa_proto & WPA_PROTO_RSN)
4779			ver |= NL80211_WPA_VERSION_2;
4780
4781		wpa_printf(MSG_DEBUG, "  * WPA Versions 0x%x", ver);
4782		if (nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
4783			return -1;
4784	}
4785
4786	if (params->pairwise_suite != WPA_CIPHER_NONE) {
4787		u32 cipher = wpa_cipher_to_cipher_suite(params->pairwise_suite);
4788		wpa_printf(MSG_DEBUG, "  * pairwise=0x%x", cipher);
4789		if (nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
4790				cipher))
4791			return -1;
4792	}
4793
4794	if (params->group_suite == WPA_CIPHER_GTK_NOT_USED &&
4795	    !(drv->capa.enc & WPA_DRIVER_CAPA_ENC_GTK_NOT_USED)) {
4796		/*
4797		 * This is likely to work even though many drivers do not
4798		 * advertise support for operations without GTK.
4799		 */
4800		wpa_printf(MSG_DEBUG, "  * skip group cipher configuration for GTK_NOT_USED due to missing driver support advertisement");
4801	} else if (params->group_suite != WPA_CIPHER_NONE) {
4802		u32 cipher = wpa_cipher_to_cipher_suite(params->group_suite);
4803		wpa_printf(MSG_DEBUG, "  * group=0x%x", cipher);
4804		if (nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher))
4805			return -1;
4806	}
4807
4808	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
4809	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
4810	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X ||
4811	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK ||
4812	    params->key_mgmt_suite == WPA_KEY_MGMT_CCKM ||
4813	    params->key_mgmt_suite == WPA_KEY_MGMT_OSEN ||
4814	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
4815	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
4816	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
4817	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
4818		int mgmt = WLAN_AKM_SUITE_PSK;
4819
4820		switch (params->key_mgmt_suite) {
4821		case WPA_KEY_MGMT_CCKM:
4822			mgmt = WLAN_AKM_SUITE_CCKM;
4823			break;
4824		case WPA_KEY_MGMT_IEEE8021X:
4825			mgmt = WLAN_AKM_SUITE_8021X;
4826			break;
4827		case WPA_KEY_MGMT_FT_IEEE8021X:
4828			mgmt = WLAN_AKM_SUITE_FT_8021X;
4829			break;
4830		case WPA_KEY_MGMT_FT_PSK:
4831			mgmt = WLAN_AKM_SUITE_FT_PSK;
4832			break;
4833		case WPA_KEY_MGMT_IEEE8021X_SHA256:
4834			mgmt = WLAN_AKM_SUITE_8021X_SHA256;
4835			break;
4836		case WPA_KEY_MGMT_PSK_SHA256:
4837			mgmt = WLAN_AKM_SUITE_PSK_SHA256;
4838			break;
4839		case WPA_KEY_MGMT_OSEN:
4840			mgmt = WLAN_AKM_SUITE_OSEN;
4841			break;
4842		case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
4843			mgmt = WLAN_AKM_SUITE_8021X_SUITE_B;
4844			break;
4845		case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
4846			mgmt = WLAN_AKM_SUITE_8021X_SUITE_B_192;
4847			break;
4848		case WPA_KEY_MGMT_PSK:
4849		default:
4850			mgmt = WLAN_AKM_SUITE_PSK;
4851			break;
4852		}
4853		wpa_printf(MSG_DEBUG, "  * akm=0x%x", mgmt);
4854		if (nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, mgmt))
4855			return -1;
4856	}
4857
4858	if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT))
4859		return -1;
4860
4861	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
4862	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
4863		return -1;
4864
4865	if (params->rrm_used) {
4866		u32 drv_rrm_flags = drv->capa.rrm_flags;
4867		if (!(drv_rrm_flags &
4868		      WPA_DRIVER_FLAGS_DS_PARAM_SET_IE_IN_PROBES) ||
4869		    !(drv_rrm_flags & WPA_DRIVER_FLAGS_QUIET) ||
4870		    nla_put_flag(msg, NL80211_ATTR_USE_RRM))
4871			return -1;
4872	}
4873
4874	if (nl80211_ht_vht_overrides(msg, params) < 0)
4875		return -1;
4876
4877	if (params->p2p)
4878		wpa_printf(MSG_DEBUG, "  * P2P group");
4879
4880	if (params->pbss) {
4881		wpa_printf(MSG_DEBUG, "  * PBSS");
4882		if (nla_put_flag(msg, NL80211_ATTR_PBSS))
4883			return -1;
4884	}
4885
4886	drv->connect_reassoc = 0;
4887	if (params->prev_bssid) {
4888		wpa_printf(MSG_DEBUG, "  * prev_bssid=" MACSTR,
4889			   MAC2STR(params->prev_bssid));
4890		if (nla_put(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
4891			    params->prev_bssid))
4892			return -1;
4893		drv->connect_reassoc = 1;
4894	}
4895
4896	return 0;
4897}
4898
4899
4900static int wpa_driver_nl80211_try_connect(
4901	struct wpa_driver_nl80211_data *drv,
4902	struct wpa_driver_associate_params *params)
4903{
4904	struct nl_msg *msg;
4905	enum nl80211_auth_type type;
4906	int ret;
4907	int algs;
4908
4909#ifdef CONFIG_DRIVER_NL80211_QCA
4910	if (params->req_key_mgmt_offload && params->psk &&
4911	    (params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
4912	     params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
4913	     params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
4914		wpa_printf(MSG_DEBUG, "nl80211: Key management set PSK");
4915		ret = issue_key_mgmt_set_key(drv, params->psk, 32);
4916		if (ret)
4917			return ret;
4918	}
4919#endif /* CONFIG_DRIVER_NL80211_QCA */
4920
4921	wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
4922	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_CONNECT);
4923	if (!msg)
4924		return -1;
4925
4926	ret = nl80211_connect_common(drv, params, msg);
4927	if (ret)
4928		goto fail;
4929
4930	algs = 0;
4931	if (params->auth_alg & WPA_AUTH_ALG_OPEN)
4932		algs++;
4933	if (params->auth_alg & WPA_AUTH_ALG_SHARED)
4934		algs++;
4935	if (params->auth_alg & WPA_AUTH_ALG_LEAP)
4936		algs++;
4937	if (algs > 1) {
4938		wpa_printf(MSG_DEBUG, "  * Leave out Auth Type for automatic "
4939			   "selection");
4940		goto skip_auth_type;
4941	}
4942
4943	if (params->auth_alg & WPA_AUTH_ALG_OPEN)
4944		type = NL80211_AUTHTYPE_OPEN_SYSTEM;
4945	else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
4946		type = NL80211_AUTHTYPE_SHARED_KEY;
4947	else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
4948		type = NL80211_AUTHTYPE_NETWORK_EAP;
4949	else if (params->auth_alg & WPA_AUTH_ALG_FT)
4950		type = NL80211_AUTHTYPE_FT;
4951	else
4952		goto fail;
4953
4954	wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
4955	if (nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE, type))
4956		goto fail;
4957
4958skip_auth_type:
4959	ret = nl80211_set_conn_keys(params, msg);
4960	if (ret)
4961		goto fail;
4962
4963	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4964	msg = NULL;
4965	if (ret) {
4966		wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
4967			   "(%s)", ret, strerror(-ret));
4968	} else {
4969		wpa_printf(MSG_DEBUG,
4970			   "nl80211: Connect request send successfully");
4971	}
4972
4973fail:
4974	nlmsg_free(msg);
4975	return ret;
4976
4977}
4978
4979
4980static int wpa_driver_nl80211_connect(
4981	struct wpa_driver_nl80211_data *drv,
4982	struct wpa_driver_associate_params *params)
4983{
4984	int ret;
4985
4986	/* Store the connection attempted bssid for future use */
4987	if (params->bssid)
4988		os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN);
4989	else
4990		os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
4991
4992	ret = wpa_driver_nl80211_try_connect(drv, params);
4993	if (ret == -EALREADY) {
4994		/*
4995		 * cfg80211 does not currently accept new connections if
4996		 * we are already connected. As a workaround, force
4997		 * disconnection and try again.
4998		 */
4999		wpa_printf(MSG_DEBUG, "nl80211: Explicitly "
5000			   "disconnecting before reassociation "
5001			   "attempt");
5002		if (wpa_driver_nl80211_disconnect(
5003			    drv, WLAN_REASON_PREV_AUTH_NOT_VALID))
5004			return -1;
5005		ret = wpa_driver_nl80211_try_connect(drv, params);
5006	}
5007	return ret;
5008}
5009
5010
5011static int wpa_driver_nl80211_associate(
5012	void *priv, struct wpa_driver_associate_params *params)
5013{
5014	struct i802_bss *bss = priv;
5015	struct wpa_driver_nl80211_data *drv = bss->drv;
5016	int ret = -1;
5017	struct nl_msg *msg;
5018
5019	nl80211_unmask_11b_rates(bss);
5020
5021	if (params->mode == IEEE80211_MODE_AP)
5022		return wpa_driver_nl80211_ap(drv, params);
5023
5024	if (params->mode == IEEE80211_MODE_IBSS)
5025		return wpa_driver_nl80211_ibss(drv, params);
5026
5027	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
5028		enum nl80211_iftype nlmode = params->p2p ?
5029			NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
5030
5031		if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
5032			return -1;
5033		return wpa_driver_nl80211_connect(drv, params);
5034	}
5035
5036	nl80211_mark_disconnected(drv);
5037
5038	wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
5039		   drv->ifindex);
5040	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_ASSOCIATE);
5041	if (!msg)
5042		return -1;
5043
5044	ret = nl80211_connect_common(drv, params, msg);
5045	if (ret)
5046		goto fail;
5047
5048	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5049	msg = NULL;
5050	if (ret) {
5051		wpa_dbg(drv->ctx, MSG_DEBUG,
5052			"nl80211: MLME command failed (assoc): ret=%d (%s)",
5053			ret, strerror(-ret));
5054		nl80211_dump_scan(drv);
5055	} else {
5056		wpa_printf(MSG_DEBUG,
5057			   "nl80211: Association request send successfully");
5058	}
5059
5060fail:
5061	nlmsg_free(msg);
5062	return ret;
5063}
5064
5065
5066static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
5067			    int ifindex, enum nl80211_iftype mode)
5068{
5069	struct nl_msg *msg;
5070	int ret = -ENOBUFS;
5071
5072	wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)",
5073		   ifindex, mode, nl80211_iftype_str(mode));
5074
5075	msg = nl80211_cmd_msg(drv->first_bss, 0, NL80211_CMD_SET_INTERFACE);
5076	if (!msg || nla_put_u32(msg, NL80211_ATTR_IFTYPE, mode))
5077		goto fail;
5078
5079	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5080	msg = NULL;
5081	if (!ret)
5082		return 0;
5083fail:
5084	nlmsg_free(msg);
5085	wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
5086		   " %d (%s)", ifindex, mode, ret, strerror(-ret));
5087	return ret;
5088}
5089
5090
5091static int wpa_driver_nl80211_set_mode_impl(
5092		struct i802_bss *bss,
5093		enum nl80211_iftype nlmode,
5094		struct hostapd_freq_params *desired_freq_params)
5095{
5096	struct wpa_driver_nl80211_data *drv = bss->drv;
5097	int ret = -1;
5098	int i;
5099	int was_ap = is_ap_interface(drv->nlmode);
5100	int res;
5101	int mode_switch_res;
5102
5103	mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode);
5104	if (mode_switch_res && nlmode == nl80211_get_ifmode(bss))
5105		mode_switch_res = 0;
5106
5107	if (mode_switch_res == 0) {
5108		drv->nlmode = nlmode;
5109		ret = 0;
5110		goto done;
5111	}
5112
5113	if (mode_switch_res == -ENODEV)
5114		return -1;
5115
5116	if (nlmode == drv->nlmode) {
5117		wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
5118			   "requested mode - ignore error");
5119		ret = 0;
5120		goto done; /* Already in the requested mode */
5121	}
5122
5123	/* mac80211 doesn't allow mode changes while the device is up, so
5124	 * take the device down, try to set the mode again, and bring the
5125	 * device back up.
5126	 */
5127	wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
5128		   "interface down");
5129	for (i = 0; i < 10; i++) {
5130		res = i802_set_iface_flags(bss, 0);
5131		if (res == -EACCES || res == -ENODEV)
5132			break;
5133		if (res != 0) {
5134			wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
5135				   "interface down");
5136			os_sleep(0, 100000);
5137			continue;
5138		}
5139
5140		/*
5141		 * Setting the mode will fail for some drivers if the phy is
5142		 * on a frequency that the mode is disallowed in.
5143		 */
5144		if (desired_freq_params) {
5145			res = nl80211_set_channel(bss, desired_freq_params, 0);
5146			if (res) {
5147				wpa_printf(MSG_DEBUG,
5148					   "nl80211: Failed to set frequency on interface");
5149			}
5150		}
5151
5152		/* Try to set the mode again while the interface is down */
5153		mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode);
5154		if (mode_switch_res == -EBUSY) {
5155			wpa_printf(MSG_DEBUG,
5156				   "nl80211: Delaying mode set while interface going down");
5157			os_sleep(0, 100000);
5158			continue;
5159		}
5160		ret = mode_switch_res;
5161		break;
5162	}
5163
5164	if (!ret) {
5165		wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
5166			   "interface is down");
5167		drv->nlmode = nlmode;
5168		drv->ignore_if_down_event = 1;
5169	}
5170
5171	/* Bring the interface back up */
5172	res = linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1);
5173	if (res != 0) {
5174		wpa_printf(MSG_DEBUG,
5175			   "nl80211: Failed to set interface up after switching mode");
5176		ret = -1;
5177	}
5178
5179done:
5180	if (ret) {
5181		wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
5182			   "from %d failed", nlmode, drv->nlmode);
5183		return ret;
5184	}
5185
5186	if (is_p2p_net_interface(nlmode)) {
5187		wpa_printf(MSG_DEBUG,
5188			   "nl80211: Interface %s mode change to P2P - disable 11b rates",
5189			   bss->ifname);
5190		nl80211_disable_11b_rates(drv, drv->ifindex, 1);
5191	} else if (drv->disabled_11b_rates) {
5192		wpa_printf(MSG_DEBUG,
5193			   "nl80211: Interface %s mode changed to non-P2P - re-enable 11b rates",
5194			   bss->ifname);
5195		nl80211_disable_11b_rates(drv, drv->ifindex, 0);
5196	}
5197
5198	if (is_ap_interface(nlmode)) {
5199		nl80211_mgmt_unsubscribe(bss, "start AP");
5200		/* Setup additional AP mode functionality if needed */
5201		if (nl80211_setup_ap(bss))
5202			return -1;
5203	} else if (was_ap) {
5204		/* Remove additional AP mode functionality */
5205		nl80211_teardown_ap(bss);
5206	} else {
5207		nl80211_mgmt_unsubscribe(bss, "mode change");
5208	}
5209
5210	if (is_mesh_interface(nlmode) &&
5211	    nl80211_mgmt_subscribe_mesh(bss))
5212		return -1;
5213
5214	if (!bss->in_deinit && !is_ap_interface(nlmode) &&
5215	    !is_mesh_interface(nlmode) &&
5216	    nl80211_mgmt_subscribe_non_ap(bss) < 0)
5217		wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
5218			   "frame processing - ignore for now");
5219
5220	return 0;
5221}
5222
5223
5224int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
5225				enum nl80211_iftype nlmode)
5226{
5227	return wpa_driver_nl80211_set_mode_impl(bss, nlmode, NULL);
5228}
5229
5230
5231static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss,
5232					    struct hostapd_freq_params *freq)
5233{
5234	return wpa_driver_nl80211_set_mode_impl(bss, NL80211_IFTYPE_ADHOC,
5235						freq);
5236}
5237
5238
5239static int wpa_driver_nl80211_get_capa(void *priv,
5240				       struct wpa_driver_capa *capa)
5241{
5242	struct i802_bss *bss = priv;
5243	struct wpa_driver_nl80211_data *drv = bss->drv;
5244
5245	if (!drv->has_capability)
5246		return -1;
5247	os_memcpy(capa, &drv->capa, sizeof(*capa));
5248	if (drv->extended_capa && drv->extended_capa_mask) {
5249		capa->extended_capa = drv->extended_capa;
5250		capa->extended_capa_mask = drv->extended_capa_mask;
5251		capa->extended_capa_len = drv->extended_capa_len;
5252	}
5253
5254	return 0;
5255}
5256
5257
5258static int wpa_driver_nl80211_set_operstate(void *priv, int state)
5259{
5260	struct i802_bss *bss = priv;
5261	struct wpa_driver_nl80211_data *drv = bss->drv;
5262
5263	wpa_printf(MSG_DEBUG, "nl80211: Set %s operstate %d->%d (%s)",
5264		   bss->ifname, drv->operstate, state,
5265		   state ? "UP" : "DORMANT");
5266	drv->operstate = state;
5267	return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1,
5268				      state ? IF_OPER_UP : IF_OPER_DORMANT);
5269}
5270
5271
5272static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
5273{
5274	struct i802_bss *bss = priv;
5275	struct wpa_driver_nl80211_data *drv = bss->drv;
5276	struct nl_msg *msg;
5277	struct nl80211_sta_flag_update upd;
5278	int ret;
5279
5280	if (!drv->associated && is_zero_ether_addr(drv->bssid) && !authorized) {
5281		wpa_printf(MSG_DEBUG, "nl80211: Skip set_supp_port(unauthorized) while not associated");
5282		return 0;
5283	}
5284
5285	wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for "
5286		   MACSTR, authorized ? "" : "un", MAC2STR(drv->bssid));
5287
5288	os_memset(&upd, 0, sizeof(upd));
5289	upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
5290	if (authorized)
5291		upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
5292
5293	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
5294	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid) ||
5295	    nla_put(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd)) {
5296		nlmsg_free(msg);
5297		return -ENOBUFS;
5298	}
5299
5300	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5301	if (!ret)
5302		return 0;
5303	wpa_printf(MSG_DEBUG, "nl80211: Failed to set STA flag: %d (%s)",
5304		   ret, strerror(-ret));
5305	return ret;
5306}
5307
5308
5309/* Set kernel driver on given frequency (MHz) */
5310static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
5311{
5312	struct i802_bss *bss = priv;
5313	return nl80211_set_channel(bss, freq, 0);
5314}
5315
5316
5317static inline int min_int(int a, int b)
5318{
5319	if (a < b)
5320		return a;
5321	return b;
5322}
5323
5324
5325static int get_key_handler(struct nl_msg *msg, void *arg)
5326{
5327	struct nlattr *tb[NL80211_ATTR_MAX + 1];
5328	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5329
5330	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5331		  genlmsg_attrlen(gnlh, 0), NULL);
5332
5333	/*
5334	 * TODO: validate the key index and mac address!
5335	 * Otherwise, there's a race condition as soon as
5336	 * the kernel starts sending key notifications.
5337	 */
5338
5339	if (tb[NL80211_ATTR_KEY_SEQ])
5340		memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
5341		       min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
5342	return NL_SKIP;
5343}
5344
5345
5346static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
5347			   int idx, u8 *seq)
5348{
5349	struct i802_bss *bss = priv;
5350	struct wpa_driver_nl80211_data *drv = bss->drv;
5351	struct nl_msg *msg;
5352
5353	msg = nl80211_ifindex_msg(drv, if_nametoindex(iface), 0,
5354				  NL80211_CMD_GET_KEY);
5355	if (!msg ||
5356	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
5357	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, idx)) {
5358		nlmsg_free(msg);
5359		return -ENOBUFS;
5360	}
5361
5362	memset(seq, 0, 6);
5363
5364	return send_and_recv_msgs(drv, msg, get_key_handler, seq);
5365}
5366
5367
5368static int i802_set_rts(void *priv, int rts)
5369{
5370	struct i802_bss *bss = priv;
5371	struct wpa_driver_nl80211_data *drv = bss->drv;
5372	struct nl_msg *msg;
5373	int ret;
5374	u32 val;
5375
5376	if (rts >= 2347)
5377		val = (u32) -1;
5378	else
5379		val = rts;
5380
5381	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_WIPHY)) ||
5382	    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val)) {
5383		nlmsg_free(msg);
5384		return -ENOBUFS;
5385	}
5386
5387	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5388	if (!ret)
5389		return 0;
5390	wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
5391		   "%d (%s)", rts, ret, strerror(-ret));
5392	return ret;
5393}
5394
5395
5396static int i802_set_frag(void *priv, int frag)
5397{
5398	struct i802_bss *bss = priv;
5399	struct wpa_driver_nl80211_data *drv = bss->drv;
5400	struct nl_msg *msg;
5401	int ret;
5402	u32 val;
5403
5404	if (frag >= 2346)
5405		val = (u32) -1;
5406	else
5407		val = frag;
5408
5409	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_WIPHY)) ||
5410	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val)) {
5411		nlmsg_free(msg);
5412		return -ENOBUFS;
5413	}
5414
5415	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5416	if (!ret)
5417		return 0;
5418	wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
5419		   "%d: %d (%s)", frag, ret, strerror(-ret));
5420	return ret;
5421}
5422
5423
5424static int i802_flush(void *priv)
5425{
5426	struct i802_bss *bss = priv;
5427	struct nl_msg *msg;
5428	int res;
5429
5430	wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)",
5431		   bss->ifname);
5432
5433	/*
5434	 * XXX: FIX! this needs to flush all VLANs too
5435	 */
5436	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_STATION);
5437	res = send_and_recv_msgs(bss->drv, msg, NULL, NULL);
5438	if (res) {
5439		wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d "
5440			   "(%s)", res, strerror(-res));
5441	}
5442	return res;
5443}
5444
5445
5446static int get_sta_handler(struct nl_msg *msg, void *arg)
5447{
5448	struct nlattr *tb[NL80211_ATTR_MAX + 1];
5449	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5450	struct hostap_sta_driver_data *data = arg;
5451	struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
5452	static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
5453		[NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
5454		[NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
5455		[NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
5456		[NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
5457		[NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
5458		[NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 },
5459		[NL80211_STA_INFO_RX_BYTES64] = { .type = NLA_U64 },
5460		[NL80211_STA_INFO_TX_BYTES64] = { .type = NLA_U64 },
5461	};
5462
5463	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5464		  genlmsg_attrlen(gnlh, 0), NULL);
5465
5466	/*
5467	 * TODO: validate the interface and mac address!
5468	 * Otherwise, there's a race condition as soon as
5469	 * the kernel starts sending station notifications.
5470	 */
5471
5472	if (!tb[NL80211_ATTR_STA_INFO]) {
5473		wpa_printf(MSG_DEBUG, "sta stats missing!");
5474		return NL_SKIP;
5475	}
5476	if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
5477			     tb[NL80211_ATTR_STA_INFO],
5478			     stats_policy)) {
5479		wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
5480		return NL_SKIP;
5481	}
5482
5483	if (stats[NL80211_STA_INFO_INACTIVE_TIME])
5484		data->inactive_msec =
5485			nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
5486	/* For backwards compatibility, fetch the 32-bit counters first. */
5487	if (stats[NL80211_STA_INFO_RX_BYTES])
5488		data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
5489	if (stats[NL80211_STA_INFO_TX_BYTES])
5490		data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
5491	if (stats[NL80211_STA_INFO_RX_BYTES64] &&
5492	    stats[NL80211_STA_INFO_TX_BYTES64]) {
5493		/*
5494		 * The driver supports 64-bit counters, so use them to override
5495		 * the 32-bit values.
5496		 */
5497		data->rx_bytes =
5498			nla_get_u64(stats[NL80211_STA_INFO_RX_BYTES64]);
5499		data->tx_bytes =
5500			nla_get_u64(stats[NL80211_STA_INFO_TX_BYTES64]);
5501		data->bytes_64bit = 1;
5502	}
5503	if (stats[NL80211_STA_INFO_RX_PACKETS])
5504		data->rx_packets =
5505			nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
5506	if (stats[NL80211_STA_INFO_TX_PACKETS])
5507		data->tx_packets =
5508			nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
5509	if (stats[NL80211_STA_INFO_TX_FAILED])
5510		data->tx_retry_failed =
5511			nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]);
5512
5513	return NL_SKIP;
5514}
5515
5516static int i802_read_sta_data(struct i802_bss *bss,
5517			      struct hostap_sta_driver_data *data,
5518			      const u8 *addr)
5519{
5520	struct nl_msg *msg;
5521
5522	os_memset(data, 0, sizeof(*data));
5523
5524	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_GET_STATION)) ||
5525	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
5526		nlmsg_free(msg);
5527		return -ENOBUFS;
5528	}
5529
5530	return send_and_recv_msgs(bss->drv, msg, get_sta_handler, data);
5531}
5532
5533
5534static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
5535				    int cw_min, int cw_max, int burst_time)
5536{
5537	struct i802_bss *bss = priv;
5538	struct wpa_driver_nl80211_data *drv = bss->drv;
5539	struct nl_msg *msg;
5540	struct nlattr *txq, *params;
5541
5542	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_WIPHY);
5543	if (!msg)
5544		return -1;
5545
5546	txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
5547	if (!txq)
5548		goto fail;
5549
5550	/* We are only sending parameters for a single TXQ at a time */
5551	params = nla_nest_start(msg, 1);
5552	if (!params)
5553		goto fail;
5554
5555	switch (queue) {
5556	case 0:
5557		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO))
5558			goto fail;
5559		break;
5560	case 1:
5561		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI))
5562			goto fail;
5563		break;
5564	case 2:
5565		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE))
5566			goto fail;
5567		break;
5568	case 3:
5569		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK))
5570			goto fail;
5571		break;
5572	}
5573	/* Burst time is configured in units of 0.1 msec and TXOP parameter in
5574	 * 32 usec, so need to convert the value here. */
5575	if (nla_put_u16(msg, NL80211_TXQ_ATTR_TXOP,
5576			(burst_time * 100 + 16) / 32) ||
5577	    nla_put_u16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min) ||
5578	    nla_put_u16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max) ||
5579	    nla_put_u8(msg, NL80211_TXQ_ATTR_AIFS, aifs))
5580		goto fail;
5581
5582	nla_nest_end(msg, params);
5583
5584	nla_nest_end(msg, txq);
5585
5586	if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
5587		return 0;
5588	msg = NULL;
5589fail:
5590	nlmsg_free(msg);
5591	return -1;
5592}
5593
5594
5595static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr,
5596			     const char *ifname, int vlan_id)
5597{
5598	struct wpa_driver_nl80211_data *drv = bss->drv;
5599	struct nl_msg *msg;
5600	int ret;
5601
5602	wpa_printf(MSG_DEBUG, "nl80211: %s[%d]: set_sta_vlan(" MACSTR
5603		   ", ifname=%s[%d], vlan_id=%d)",
5604		   bss->ifname, if_nametoindex(bss->ifname),
5605		   MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id);
5606	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
5607	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
5608	    nla_put_u32(msg, NL80211_ATTR_STA_VLAN, if_nametoindex(ifname))) {
5609		nlmsg_free(msg);
5610		return -ENOBUFS;
5611	}
5612
5613	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5614	if (ret < 0) {
5615		wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
5616			   MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
5617			   MAC2STR(addr), ifname, vlan_id, ret,
5618			   strerror(-ret));
5619	}
5620	return ret;
5621}
5622
5623
5624static int i802_get_inact_sec(void *priv, const u8 *addr)
5625{
5626	struct hostap_sta_driver_data data;
5627	int ret;
5628
5629	data.inactive_msec = (unsigned long) -1;
5630	ret = i802_read_sta_data(priv, &data, addr);
5631	if (ret == -ENOENT)
5632		return -ENOENT;
5633	if (ret || data.inactive_msec == (unsigned long) -1)
5634		return -1;
5635	return data.inactive_msec / 1000;
5636}
5637
5638
5639static int i802_sta_clear_stats(void *priv, const u8 *addr)
5640{
5641#if 0
5642	/* TODO */
5643#endif
5644	return 0;
5645}
5646
5647
5648static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
5649			   int reason)
5650{
5651	struct i802_bss *bss = priv;
5652	struct wpa_driver_nl80211_data *drv = bss->drv;
5653	struct ieee80211_mgmt mgmt;
5654
5655	if (is_mesh_interface(drv->nlmode))
5656		return -1;
5657
5658	if (drv->device_ap_sme)
5659		return wpa_driver_nl80211_sta_remove(bss, addr, 1, reason);
5660
5661	memset(&mgmt, 0, sizeof(mgmt));
5662	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
5663					  WLAN_FC_STYPE_DEAUTH);
5664	memcpy(mgmt.da, addr, ETH_ALEN);
5665	memcpy(mgmt.sa, own_addr, ETH_ALEN);
5666	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
5667	mgmt.u.deauth.reason_code = host_to_le16(reason);
5668	return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
5669					    IEEE80211_HDRLEN +
5670					    sizeof(mgmt.u.deauth), 0, 0, 0, 0,
5671					    0, NULL, 0);
5672}
5673
5674
5675static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
5676			     int reason)
5677{
5678	struct i802_bss *bss = priv;
5679	struct wpa_driver_nl80211_data *drv = bss->drv;
5680	struct ieee80211_mgmt mgmt;
5681
5682	if (is_mesh_interface(drv->nlmode))
5683		return -1;
5684
5685	if (drv->device_ap_sme)
5686		return wpa_driver_nl80211_sta_remove(bss, addr, 0, reason);
5687
5688	memset(&mgmt, 0, sizeof(mgmt));
5689	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
5690					  WLAN_FC_STYPE_DISASSOC);
5691	memcpy(mgmt.da, addr, ETH_ALEN);
5692	memcpy(mgmt.sa, own_addr, ETH_ALEN);
5693	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
5694	mgmt.u.disassoc.reason_code = host_to_le16(reason);
5695	return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
5696					    IEEE80211_HDRLEN +
5697					    sizeof(mgmt.u.disassoc), 0, 0, 0, 0,
5698					    0, NULL, 0);
5699}
5700
5701
5702static void dump_ifidx(struct wpa_driver_nl80211_data *drv)
5703{
5704	char buf[200], *pos, *end;
5705	int i, res;
5706
5707	pos = buf;
5708	end = pos + sizeof(buf);
5709
5710	for (i = 0; i < drv->num_if_indices; i++) {
5711		if (!drv->if_indices[i])
5712			continue;
5713		res = os_snprintf(pos, end - pos, " %d(%d)",
5714				  drv->if_indices[i],
5715				  drv->if_indices_reason[i]);
5716		if (os_snprintf_error(end - pos, res))
5717			break;
5718		pos += res;
5719	}
5720	*pos = '\0';
5721
5722	wpa_printf(MSG_DEBUG, "nl80211: if_indices[%d]:%s",
5723		   drv->num_if_indices, buf);
5724}
5725
5726
5727static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
5728		      int ifidx_reason)
5729{
5730	int i;
5731	int *old, *old_reason;
5732
5733	wpa_printf(MSG_DEBUG,
5734		   "nl80211: Add own interface ifindex %d (ifidx_reason %d)",
5735		   ifidx, ifidx_reason);
5736	if (have_ifidx(drv, ifidx, ifidx_reason)) {
5737		wpa_printf(MSG_DEBUG, "nl80211: ifindex %d already in the list",
5738			   ifidx);
5739		return;
5740	}
5741	for (i = 0; i < drv->num_if_indices; i++) {
5742		if (drv->if_indices[i] == 0) {
5743			drv->if_indices[i] = ifidx;
5744			drv->if_indices_reason[i] = ifidx_reason;
5745			dump_ifidx(drv);
5746			return;
5747		}
5748	}
5749
5750	if (drv->if_indices != drv->default_if_indices)
5751		old = drv->if_indices;
5752	else
5753		old = NULL;
5754
5755	if (drv->if_indices_reason != drv->default_if_indices_reason)
5756		old_reason = drv->if_indices_reason;
5757	else
5758		old_reason = NULL;
5759
5760	drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1,
5761					   sizeof(int));
5762	drv->if_indices_reason = os_realloc_array(old_reason,
5763						  drv->num_if_indices + 1,
5764						  sizeof(int));
5765	if (!drv->if_indices) {
5766		if (!old)
5767			drv->if_indices = drv->default_if_indices;
5768		else
5769			drv->if_indices = old;
5770	}
5771	if (!drv->if_indices_reason) {
5772		if (!old_reason)
5773			drv->if_indices_reason = drv->default_if_indices_reason;
5774		else
5775			drv->if_indices_reason = old_reason;
5776	}
5777	if (!drv->if_indices || !drv->if_indices_reason) {
5778		wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
5779			   "interfaces");
5780		wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
5781		return;
5782	}
5783	if (!old)
5784		os_memcpy(drv->if_indices, drv->default_if_indices,
5785			  sizeof(drv->default_if_indices));
5786	if (!old_reason)
5787		os_memcpy(drv->if_indices_reason,
5788			  drv->default_if_indices_reason,
5789			  sizeof(drv->default_if_indices_reason));
5790	drv->if_indices[drv->num_if_indices] = ifidx;
5791	drv->if_indices_reason[drv->num_if_indices] = ifidx_reason;
5792	drv->num_if_indices++;
5793	dump_ifidx(drv);
5794}
5795
5796
5797static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
5798		      int ifidx_reason)
5799{
5800	int i;
5801
5802	for (i = 0; i < drv->num_if_indices; i++) {
5803		if ((drv->if_indices[i] == ifidx || ifidx == IFIDX_ANY) &&
5804		    (drv->if_indices_reason[i] == ifidx_reason ||
5805		     ifidx_reason == IFIDX_ANY)) {
5806			drv->if_indices[i] = 0;
5807			break;
5808		}
5809	}
5810	dump_ifidx(drv);
5811}
5812
5813
5814static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
5815		      int ifidx_reason)
5816{
5817	int i;
5818
5819	for (i = 0; i < drv->num_if_indices; i++)
5820		if (drv->if_indices[i] == ifidx &&
5821		    (drv->if_indices_reason[i] == ifidx_reason ||
5822		     ifidx_reason == IFIDX_ANY))
5823			return 1;
5824
5825	return 0;
5826}
5827
5828
5829static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val,
5830			    const char *bridge_ifname, char *ifname_wds)
5831{
5832	struct i802_bss *bss = priv;
5833	struct wpa_driver_nl80211_data *drv = bss->drv;
5834	char name[IFNAMSIZ + 1];
5835
5836	os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
5837	if (ifname_wds)
5838		os_strlcpy(ifname_wds, name, IFNAMSIZ + 1);
5839
5840	wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
5841		   " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
5842	if (val) {
5843		if (!if_nametoindex(name)) {
5844			if (nl80211_create_iface(drv, name,
5845						 NL80211_IFTYPE_AP_VLAN,
5846						 bss->addr, 1, NULL, NULL, 0) <
5847			    0)
5848				return -1;
5849			if (bridge_ifname &&
5850			    linux_br_add_if(drv->global->ioctl_sock,
5851					    bridge_ifname, name) < 0)
5852				return -1;
5853		}
5854		if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) {
5855			wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA "
5856				   "interface %s up", name);
5857		}
5858		return i802_set_sta_vlan(priv, addr, name, 0);
5859	} else {
5860		if (bridge_ifname)
5861			linux_br_del_if(drv->global->ioctl_sock, bridge_ifname,
5862					name);
5863
5864		i802_set_sta_vlan(priv, addr, bss->ifname, 0);
5865		nl80211_remove_iface(drv, if_nametoindex(name));
5866		return 0;
5867	}
5868}
5869
5870
5871static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
5872{
5873	struct wpa_driver_nl80211_data *drv = eloop_ctx;
5874	struct sockaddr_ll lladdr;
5875	unsigned char buf[3000];
5876	int len;
5877	socklen_t fromlen = sizeof(lladdr);
5878
5879	len = recvfrom(sock, buf, sizeof(buf), 0,
5880		       (struct sockaddr *)&lladdr, &fromlen);
5881	if (len < 0) {
5882		wpa_printf(MSG_ERROR, "nl80211: EAPOL recv failed: %s",
5883			   strerror(errno));
5884		return;
5885	}
5886
5887	if (have_ifidx(drv, lladdr.sll_ifindex, IFIDX_ANY))
5888		drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
5889}
5890
5891
5892static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
5893			     struct i802_bss *bss,
5894			     const char *brname, const char *ifname)
5895{
5896	int br_ifindex;
5897	char in_br[IFNAMSIZ];
5898
5899	os_strlcpy(bss->brname, brname, IFNAMSIZ);
5900	br_ifindex = if_nametoindex(brname);
5901	if (br_ifindex == 0) {
5902		/*
5903		 * Bridge was configured, but the bridge device does
5904		 * not exist. Try to add it now.
5905		 */
5906		if (linux_br_add(drv->global->ioctl_sock, brname) < 0) {
5907			wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
5908				   "bridge interface %s: %s",
5909				   brname, strerror(errno));
5910			return -1;
5911		}
5912		bss->added_bridge = 1;
5913		br_ifindex = if_nametoindex(brname);
5914		add_ifidx(drv, br_ifindex, drv->ifindex);
5915	}
5916	bss->br_ifindex = br_ifindex;
5917
5918	if (linux_br_get(in_br, ifname) == 0) {
5919		if (os_strcmp(in_br, brname) == 0)
5920			return 0; /* already in the bridge */
5921
5922		wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
5923			   "bridge %s", ifname, in_br);
5924		if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) <
5925		    0) {
5926			wpa_printf(MSG_ERROR, "nl80211: Failed to "
5927				   "remove interface %s from bridge "
5928				   "%s: %s",
5929				   ifname, brname, strerror(errno));
5930			return -1;
5931		}
5932	}
5933
5934	wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
5935		   ifname, brname);
5936	if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) {
5937		wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s "
5938			   "into bridge %s: %s",
5939			   ifname, brname, strerror(errno));
5940		return -1;
5941	}
5942	bss->added_if_into_bridge = 1;
5943
5944	return 0;
5945}
5946
5947
5948static void *i802_init(struct hostapd_data *hapd,
5949		       struct wpa_init_params *params)
5950{
5951	struct wpa_driver_nl80211_data *drv;
5952	struct i802_bss *bss;
5953	size_t i;
5954	char master_ifname[IFNAMSIZ];
5955	int ifindex, br_ifindex = 0;
5956	int br_added = 0;
5957
5958	bss = wpa_driver_nl80211_drv_init(hapd, params->ifname,
5959					  params->global_priv, 1,
5960					  params->bssid, params->driver_params);
5961	if (bss == NULL)
5962		return NULL;
5963
5964	drv = bss->drv;
5965
5966	if (linux_br_get(master_ifname, params->ifname) == 0) {
5967		wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
5968			   params->ifname, master_ifname);
5969		br_ifindex = if_nametoindex(master_ifname);
5970		os_strlcpy(bss->brname, master_ifname, IFNAMSIZ);
5971	} else if ((params->num_bridge == 0 || !params->bridge[0]) &&
5972		   linux_master_get(master_ifname, params->ifname) == 0) {
5973		wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in master %s",
5974			params->ifname, master_ifname);
5975		/* start listening for EAPOL on the master interface */
5976		add_ifidx(drv, if_nametoindex(master_ifname), drv->ifindex);
5977
5978		/* check if master itself is under bridge */
5979		if (linux_br_get(master_ifname, master_ifname) == 0) {
5980			wpa_printf(MSG_DEBUG, "nl80211: which is in bridge %s",
5981				   master_ifname);
5982			br_ifindex = if_nametoindex(master_ifname);
5983			os_strlcpy(bss->brname, master_ifname, IFNAMSIZ);
5984		}
5985	} else {
5986		master_ifname[0] = '\0';
5987	}
5988
5989	bss->br_ifindex = br_ifindex;
5990
5991	for (i = 0; i < params->num_bridge; i++) {
5992		if (params->bridge[i]) {
5993			ifindex = if_nametoindex(params->bridge[i]);
5994			if (ifindex)
5995				add_ifidx(drv, ifindex, drv->ifindex);
5996			if (ifindex == br_ifindex)
5997				br_added = 1;
5998		}
5999	}
6000
6001	/* start listening for EAPOL on the default AP interface */
6002	add_ifidx(drv, drv->ifindex, IFIDX_ANY);
6003
6004	if (params->num_bridge && params->bridge[0]) {
6005		if (i802_check_bridge(drv, bss, params->bridge[0],
6006				      params->ifname) < 0)
6007			goto failed;
6008		if (os_strcmp(params->bridge[0], master_ifname) != 0)
6009			br_added = 1;
6010	}
6011
6012	if (!br_added && br_ifindex &&
6013	    (params->num_bridge == 0 || !params->bridge[0]))
6014		add_ifidx(drv, br_ifindex, drv->ifindex);
6015
6016#ifdef CONFIG_LIBNL3_ROUTE
6017	if (bss->added_if_into_bridge) {
6018		drv->rtnl_sk = nl_socket_alloc();
6019		if (drv->rtnl_sk == NULL) {
6020			wpa_printf(MSG_ERROR, "nl80211: Failed to allocate nl_sock");
6021			goto failed;
6022		}
6023
6024		if (nl_connect(drv->rtnl_sk, NETLINK_ROUTE)) {
6025			wpa_printf(MSG_ERROR, "nl80211: Failed to connect nl_sock to NETLINK_ROUTE: %s",
6026				   strerror(errno));
6027			goto failed;
6028		}
6029	}
6030#endif /* CONFIG_LIBNL3_ROUTE */
6031
6032	drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
6033	if (drv->eapol_sock < 0) {
6034		wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s",
6035			   strerror(errno));
6036		goto failed;
6037	}
6038
6039	if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
6040	{
6041		wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol");
6042		goto failed;
6043	}
6044
6045	if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
6046			       params->own_addr))
6047		goto failed;
6048	os_memcpy(drv->perm_addr, params->own_addr, ETH_ALEN);
6049
6050	memcpy(bss->addr, params->own_addr, ETH_ALEN);
6051
6052	return bss;
6053
6054failed:
6055	wpa_driver_nl80211_deinit(bss);
6056	return NULL;
6057}
6058
6059
6060static void i802_deinit(void *priv)
6061{
6062	struct i802_bss *bss = priv;
6063	wpa_driver_nl80211_deinit(bss);
6064}
6065
6066
6067static enum nl80211_iftype wpa_driver_nl80211_if_type(
6068	enum wpa_driver_if_type type)
6069{
6070	switch (type) {
6071	case WPA_IF_STATION:
6072		return NL80211_IFTYPE_STATION;
6073	case WPA_IF_P2P_CLIENT:
6074	case WPA_IF_P2P_GROUP:
6075		return NL80211_IFTYPE_P2P_CLIENT;
6076	case WPA_IF_AP_VLAN:
6077		return NL80211_IFTYPE_AP_VLAN;
6078	case WPA_IF_AP_BSS:
6079		return NL80211_IFTYPE_AP;
6080	case WPA_IF_P2P_GO:
6081		return NL80211_IFTYPE_P2P_GO;
6082	case WPA_IF_P2P_DEVICE:
6083		return NL80211_IFTYPE_P2P_DEVICE;
6084	case WPA_IF_MESH:
6085		return NL80211_IFTYPE_MESH_POINT;
6086	default:
6087		return -1;
6088	}
6089}
6090
6091
6092static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
6093{
6094	struct wpa_driver_nl80211_data *drv;
6095	dl_list_for_each(drv, &global->interfaces,
6096			 struct wpa_driver_nl80211_data, list) {
6097		if (os_memcmp(addr, drv->first_bss->addr, ETH_ALEN) == 0)
6098			return 1;
6099	}
6100	return 0;
6101}
6102
6103
6104static int nl80211_vif_addr(struct wpa_driver_nl80211_data *drv, u8 *new_addr)
6105{
6106	unsigned int idx;
6107
6108	if (!drv->global)
6109		return -1;
6110
6111	os_memcpy(new_addr, drv->first_bss->addr, ETH_ALEN);
6112	for (idx = 0; idx < 64; idx++) {
6113		new_addr[0] = drv->first_bss->addr[0] | 0x02;
6114		new_addr[0] ^= idx << 2;
6115		if (!nl80211_addr_in_use(drv->global, new_addr))
6116			break;
6117	}
6118	if (idx == 64)
6119		return -1;
6120
6121	wpa_printf(MSG_DEBUG, "nl80211: Assigned new virtual interface address "
6122		   MACSTR, MAC2STR(new_addr));
6123
6124	return 0;
6125}
6126
6127
6128struct wdev_info {
6129	u64 wdev_id;
6130	int wdev_id_set;
6131	u8 macaddr[ETH_ALEN];
6132};
6133
6134static int nl80211_wdev_handler(struct nl_msg *msg, void *arg)
6135{
6136	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6137	struct nlattr *tb[NL80211_ATTR_MAX + 1];
6138	struct wdev_info *wi = arg;
6139
6140	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6141		  genlmsg_attrlen(gnlh, 0), NULL);
6142	if (tb[NL80211_ATTR_WDEV]) {
6143		wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
6144		wi->wdev_id_set = 1;
6145	}
6146
6147	if (tb[NL80211_ATTR_MAC])
6148		os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
6149			  ETH_ALEN);
6150
6151	return NL_SKIP;
6152}
6153
6154
6155static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
6156				     const char *ifname, const u8 *addr,
6157				     void *bss_ctx, void **drv_priv,
6158				     char *force_ifname, u8 *if_addr,
6159				     const char *bridge, int use_existing,
6160				     int setup_ap)
6161{
6162	enum nl80211_iftype nlmode;
6163	struct i802_bss *bss = priv;
6164	struct wpa_driver_nl80211_data *drv = bss->drv;
6165	int ifidx;
6166	int added = 1;
6167
6168	if (addr)
6169		os_memcpy(if_addr, addr, ETH_ALEN);
6170	nlmode = wpa_driver_nl80211_if_type(type);
6171	if (nlmode == NL80211_IFTYPE_P2P_DEVICE) {
6172		struct wdev_info p2pdev_info;
6173
6174		os_memset(&p2pdev_info, 0, sizeof(p2pdev_info));
6175		ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
6176					     0, nl80211_wdev_handler,
6177					     &p2pdev_info, use_existing);
6178		if (!p2pdev_info.wdev_id_set || ifidx != 0) {
6179			wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s",
6180				   ifname);
6181			return -1;
6182		}
6183
6184		drv->global->if_add_wdevid = p2pdev_info.wdev_id;
6185		drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set;
6186		if (!is_zero_ether_addr(p2pdev_info.macaddr))
6187			os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN);
6188		wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created",
6189			   ifname,
6190			   (long long unsigned int) p2pdev_info.wdev_id);
6191	} else {
6192		ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
6193					     0, NULL, NULL, use_existing);
6194		if (use_existing && ifidx == -ENFILE) {
6195			added = 0;
6196			ifidx = if_nametoindex(ifname);
6197		} else if (ifidx < 0) {
6198			return -1;
6199		}
6200	}
6201
6202	if (!addr) {
6203		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
6204			os_memcpy(if_addr, bss->addr, ETH_ALEN);
6205		else if (linux_get_ifhwaddr(drv->global->ioctl_sock,
6206					    ifname, if_addr) < 0) {
6207			if (added)
6208				nl80211_remove_iface(drv, ifidx);
6209			return -1;
6210		}
6211	}
6212
6213	if (!addr &&
6214	    (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
6215	     type == WPA_IF_P2P_GO || type == WPA_IF_MESH ||
6216	     type == WPA_IF_STATION)) {
6217		/* Enforce unique address */
6218		u8 new_addr[ETH_ALEN];
6219
6220		if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname,
6221				       new_addr) < 0) {
6222			if (added)
6223				nl80211_remove_iface(drv, ifidx);
6224			return -1;
6225		}
6226		if (nl80211_addr_in_use(drv->global, new_addr)) {
6227			wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
6228				   "for interface %s type %d", ifname, type);
6229			if (nl80211_vif_addr(drv, new_addr) < 0) {
6230				if (added)
6231					nl80211_remove_iface(drv, ifidx);
6232				return -1;
6233			}
6234			if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
6235					       new_addr) < 0) {
6236				if (added)
6237					nl80211_remove_iface(drv, ifidx);
6238				return -1;
6239			}
6240		}
6241		os_memcpy(if_addr, new_addr, ETH_ALEN);
6242	}
6243
6244	if (type == WPA_IF_AP_BSS && setup_ap) {
6245		struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss));
6246		if (new_bss == NULL) {
6247			if (added)
6248				nl80211_remove_iface(drv, ifidx);
6249			return -1;
6250		}
6251
6252		if (bridge &&
6253		    i802_check_bridge(drv, new_bss, bridge, ifname) < 0) {
6254			wpa_printf(MSG_ERROR, "nl80211: Failed to add the new "
6255				   "interface %s to a bridge %s",
6256				   ifname, bridge);
6257			if (added)
6258				nl80211_remove_iface(drv, ifidx);
6259			os_free(new_bss);
6260			return -1;
6261		}
6262
6263		if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1))
6264		{
6265			if (added)
6266				nl80211_remove_iface(drv, ifidx);
6267			os_free(new_bss);
6268			return -1;
6269		}
6270		os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
6271		os_memcpy(new_bss->addr, if_addr, ETH_ALEN);
6272		new_bss->ifindex = ifidx;
6273		new_bss->drv = drv;
6274		new_bss->next = drv->first_bss->next;
6275		new_bss->freq = drv->first_bss->freq;
6276		new_bss->ctx = bss_ctx;
6277		new_bss->added_if = added;
6278		drv->first_bss->next = new_bss;
6279		if (drv_priv)
6280			*drv_priv = new_bss;
6281		nl80211_init_bss(new_bss);
6282
6283		/* Subscribe management frames for this WPA_IF_AP_BSS */
6284		if (nl80211_setup_ap(new_bss))
6285			return -1;
6286	}
6287
6288	if (drv->global)
6289		drv->global->if_add_ifindex = ifidx;
6290
6291	/*
6292	 * Some virtual interfaces need to process EAPOL packets and events on
6293	 * the parent interface. This is used mainly with hostapd.
6294	 */
6295	if (ifidx > 0 &&
6296	    (drv->hostapd ||
6297	     nlmode == NL80211_IFTYPE_AP_VLAN ||
6298	     nlmode == NL80211_IFTYPE_WDS ||
6299	     nlmode == NL80211_IFTYPE_MONITOR))
6300		add_ifidx(drv, ifidx, IFIDX_ANY);
6301
6302	return 0;
6303}
6304
6305
6306static int wpa_driver_nl80211_if_remove(struct i802_bss *bss,
6307					enum wpa_driver_if_type type,
6308					const char *ifname)
6309{
6310	struct wpa_driver_nl80211_data *drv = bss->drv;
6311	int ifindex = if_nametoindex(ifname);
6312
6313	wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d added_if=%d",
6314		   __func__, type, ifname, ifindex, bss->added_if);
6315	if (ifindex > 0 && (bss->added_if || bss->ifindex != ifindex))
6316		nl80211_remove_iface(drv, ifindex);
6317	else if (ifindex > 0 && !bss->added_if) {
6318		struct wpa_driver_nl80211_data *drv2;
6319		dl_list_for_each(drv2, &drv->global->interfaces,
6320				 struct wpa_driver_nl80211_data, list) {
6321			del_ifidx(drv2, ifindex, IFIDX_ANY);
6322			del_ifidx(drv2, IFIDX_ANY, ifindex);
6323		}
6324	}
6325
6326	if (type != WPA_IF_AP_BSS)
6327		return 0;
6328
6329	if (bss->added_if_into_bridge) {
6330		if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
6331				    bss->ifname) < 0)
6332			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
6333				   "interface %s from bridge %s: %s",
6334				   bss->ifname, bss->brname, strerror(errno));
6335	}
6336	if (bss->added_bridge) {
6337		if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
6338			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
6339				   "bridge %s: %s",
6340				   bss->brname, strerror(errno));
6341	}
6342
6343	if (bss != drv->first_bss) {
6344		struct i802_bss *tbss;
6345
6346		wpa_printf(MSG_DEBUG, "nl80211: Not the first BSS - remove it");
6347		for (tbss = drv->first_bss; tbss; tbss = tbss->next) {
6348			if (tbss->next == bss) {
6349				tbss->next = bss->next;
6350				/* Unsubscribe management frames */
6351				nl80211_teardown_ap(bss);
6352				nl80211_destroy_bss(bss);
6353				if (!bss->added_if)
6354					i802_set_iface_flags(bss, 0);
6355				os_free(bss);
6356				bss = NULL;
6357				break;
6358			}
6359		}
6360		if (bss)
6361			wpa_printf(MSG_INFO, "nl80211: %s - could not find "
6362				   "BSS %p in the list", __func__, bss);
6363	} else {
6364		wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
6365		nl80211_teardown_ap(bss);
6366		if (!bss->added_if && !drv->first_bss->next)
6367			wpa_driver_nl80211_del_beacon(drv);
6368		nl80211_destroy_bss(bss);
6369		if (!bss->added_if)
6370			i802_set_iface_flags(bss, 0);
6371		if (drv->first_bss->next) {
6372			drv->first_bss = drv->first_bss->next;
6373			drv->ctx = drv->first_bss->ctx;
6374			os_free(bss);
6375		} else {
6376			wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to");
6377		}
6378	}
6379
6380	return 0;
6381}
6382
6383
6384static int cookie_handler(struct nl_msg *msg, void *arg)
6385{
6386	struct nlattr *tb[NL80211_ATTR_MAX + 1];
6387	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6388	u64 *cookie = arg;
6389	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6390		  genlmsg_attrlen(gnlh, 0), NULL);
6391	if (tb[NL80211_ATTR_COOKIE])
6392		*cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
6393	return NL_SKIP;
6394}
6395
6396
6397static int nl80211_send_frame_cmd(struct i802_bss *bss,
6398				  unsigned int freq, unsigned int wait,
6399				  const u8 *buf, size_t buf_len,
6400				  u64 *cookie_out, int no_cck, int no_ack,
6401				  int offchanok, const u16 *csa_offs,
6402				  size_t csa_offs_len)
6403{
6404	struct wpa_driver_nl80211_data *drv = bss->drv;
6405	struct nl_msg *msg;
6406	u64 cookie;
6407	int ret = -1;
6408
6409	wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d "
6410		   "no_ack=%d offchanok=%d",
6411		   freq, wait, no_cck, no_ack, offchanok);
6412	wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len);
6413
6414	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_FRAME)) ||
6415	    (freq && nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
6416	    (wait && nla_put_u32(msg, NL80211_ATTR_DURATION, wait)) ||
6417	    (offchanok && ((drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
6418			   drv->test_use_roc_tx) &&
6419	     nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) ||
6420	    (no_cck && nla_put_flag(msg, NL80211_ATTR_TX_NO_CCK_RATE)) ||
6421	    (no_ack && nla_put_flag(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK)) ||
6422	    (csa_offs && nla_put(msg, NL80211_ATTR_CSA_C_OFFSETS_TX,
6423				 csa_offs_len * sizeof(u16), csa_offs)) ||
6424	    nla_put(msg, NL80211_ATTR_FRAME, buf_len, buf))
6425		goto fail;
6426
6427	cookie = 0;
6428	ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
6429	msg = NULL;
6430	if (ret) {
6431		wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d "
6432			   "(%s) (freq=%u wait=%u)", ret, strerror(-ret),
6433			   freq, wait);
6434	} else {
6435		wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; "
6436			   "cookie 0x%llx", no_ack ? " (no ACK)" : "",
6437			   (long long unsigned int) cookie);
6438
6439		if (cookie_out)
6440			*cookie_out = no_ack ? (u64) -1 : cookie;
6441
6442		if (drv->num_send_action_cookies == MAX_SEND_ACTION_COOKIES) {
6443			wpa_printf(MSG_DEBUG,
6444				   "nl80211: Drop oldest pending send action cookie 0x%llx",
6445				   (long long unsigned int)
6446				   drv->send_action_cookies[0]);
6447			os_memmove(&drv->send_action_cookies[0],
6448				   &drv->send_action_cookies[1],
6449				   (MAX_SEND_ACTION_COOKIES - 1) *
6450				   sizeof(u64));
6451			drv->num_send_action_cookies--;
6452		}
6453		drv->send_action_cookies[drv->num_send_action_cookies] = cookie;
6454		drv->num_send_action_cookies++;
6455	}
6456
6457fail:
6458	nlmsg_free(msg);
6459	return ret;
6460}
6461
6462
6463static int wpa_driver_nl80211_send_action(struct i802_bss *bss,
6464					  unsigned int freq,
6465					  unsigned int wait_time,
6466					  const u8 *dst, const u8 *src,
6467					  const u8 *bssid,
6468					  const u8 *data, size_t data_len,
6469					  int no_cck)
6470{
6471	struct wpa_driver_nl80211_data *drv = bss->drv;
6472	int ret = -1;
6473	u8 *buf;
6474	struct ieee80211_hdr *hdr;
6475
6476	wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
6477		   "freq=%u MHz wait=%d ms no_cck=%d)",
6478		   drv->ifindex, freq, wait_time, no_cck);
6479
6480	buf = os_zalloc(24 + data_len);
6481	if (buf == NULL)
6482		return ret;
6483	os_memcpy(buf + 24, data, data_len);
6484	hdr = (struct ieee80211_hdr *) buf;
6485	hdr->frame_control =
6486		IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
6487	os_memcpy(hdr->addr1, dst, ETH_ALEN);
6488	os_memcpy(hdr->addr2, src, ETH_ALEN);
6489	os_memcpy(hdr->addr3, bssid, ETH_ALEN);
6490
6491	if (is_ap_interface(drv->nlmode) &&
6492	    (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
6493	     (int) freq == bss->freq || drv->device_ap_sme ||
6494	     !drv->use_monitor))
6495		ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len,
6496						   0, freq, no_cck, 1,
6497						   wait_time, NULL, 0);
6498	else
6499		ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
6500					     24 + data_len,
6501					     &drv->send_action_cookie,
6502					     no_cck, 0, 1, NULL, 0);
6503
6504	os_free(buf);
6505	return ret;
6506}
6507
6508
6509static void nl80211_frame_wait_cancel(struct i802_bss *bss, u64 cookie)
6510{
6511	struct wpa_driver_nl80211_data *drv = bss->drv;
6512	struct nl_msg *msg;
6513	int ret;
6514
6515	wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx",
6516		   (long long unsigned int) cookie);
6517	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_FRAME_WAIT_CANCEL)) ||
6518	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) {
6519		nlmsg_free(msg);
6520		return;
6521	}
6522
6523	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6524	if (ret)
6525		wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d "
6526			   "(%s)", ret, strerror(-ret));
6527}
6528
6529
6530static void wpa_driver_nl80211_send_action_cancel_wait(void *priv)
6531{
6532	struct i802_bss *bss = priv;
6533	struct wpa_driver_nl80211_data *drv = bss->drv;
6534	unsigned int i;
6535	u64 cookie;
6536
6537	/* Cancel the last pending TX cookie */
6538	nl80211_frame_wait_cancel(bss, drv->send_action_cookie);
6539
6540	/*
6541	 * Cancel the other pending TX cookies, if any. This is needed since
6542	 * the driver may keep a list of all pending offchannel TX operations
6543	 * and free up the radio only once they have expired or cancelled.
6544	 */
6545	for (i = drv->num_send_action_cookies; i > 0; i--) {
6546		cookie = drv->send_action_cookies[i - 1];
6547		if (cookie != drv->send_action_cookie)
6548			nl80211_frame_wait_cancel(bss, cookie);
6549	}
6550	drv->num_send_action_cookies = 0;
6551}
6552
6553
6554static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
6555						unsigned int duration)
6556{
6557	struct i802_bss *bss = priv;
6558	struct wpa_driver_nl80211_data *drv = bss->drv;
6559	struct nl_msg *msg;
6560	int ret;
6561	u64 cookie;
6562
6563	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_REMAIN_ON_CHANNEL)) ||
6564	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
6565	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) {
6566		nlmsg_free(msg);
6567		return -1;
6568	}
6569
6570	cookie = 0;
6571	ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
6572	if (ret == 0) {
6573		wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
6574			   "0x%llx for freq=%u MHz duration=%u",
6575			   (long long unsigned int) cookie, freq, duration);
6576		drv->remain_on_chan_cookie = cookie;
6577		drv->pending_remain_on_chan = 1;
6578		return 0;
6579	}
6580	wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
6581		   "(freq=%d duration=%u): %d (%s)",
6582		   freq, duration, ret, strerror(-ret));
6583	return -1;
6584}
6585
6586
6587static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
6588{
6589	struct i802_bss *bss = priv;
6590	struct wpa_driver_nl80211_data *drv = bss->drv;
6591	struct nl_msg *msg;
6592	int ret;
6593
6594	if (!drv->pending_remain_on_chan) {
6595		wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
6596			   "to cancel");
6597		return -1;
6598	}
6599
6600	wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
6601		   "0x%llx",
6602		   (long long unsigned int) drv->remain_on_chan_cookie);
6603
6604	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL);
6605	if (!msg ||
6606	    nla_put_u64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie)) {
6607		nlmsg_free(msg);
6608		return -1;
6609	}
6610
6611	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6612	if (ret == 0)
6613		return 0;
6614	wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
6615		   "%d (%s)", ret, strerror(-ret));
6616	return -1;
6617}
6618
6619
6620static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report)
6621{
6622	struct wpa_driver_nl80211_data *drv = bss->drv;
6623
6624	if (!report) {
6625		if (bss->nl_preq && drv->device_ap_sme &&
6626		    is_ap_interface(drv->nlmode) && !bss->in_deinit &&
6627		    !bss->static_ap) {
6628			/*
6629			 * Do not disable Probe Request reporting that was
6630			 * enabled in nl80211_setup_ap().
6631			 */
6632			wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of "
6633				   "Probe Request reporting nl_preq=%p while "
6634				   "in AP mode", bss->nl_preq);
6635		} else if (bss->nl_preq) {
6636			wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request "
6637				   "reporting nl_preq=%p", bss->nl_preq);
6638			nl80211_destroy_eloop_handle(&bss->nl_preq);
6639		}
6640		return 0;
6641	}
6642
6643	if (bss->nl_preq) {
6644		wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting "
6645			   "already on! nl_preq=%p", bss->nl_preq);
6646		return 0;
6647	}
6648
6649	bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq");
6650	if (bss->nl_preq == NULL)
6651		return -1;
6652	wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request "
6653		   "reporting nl_preq=%p", bss->nl_preq);
6654
6655	if (nl80211_register_frame(bss, bss->nl_preq,
6656				   (WLAN_FC_TYPE_MGMT << 2) |
6657				   (WLAN_FC_STYPE_PROBE_REQ << 4),
6658				   NULL, 0) < 0)
6659		goto out_err;
6660
6661	nl80211_register_eloop_read(&bss->nl_preq,
6662				    wpa_driver_nl80211_event_receive,
6663				    bss->nl_cb);
6664
6665	return 0;
6666
6667 out_err:
6668	nl_destroy_handles(&bss->nl_preq);
6669	return -1;
6670}
6671
6672
6673static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
6674				     int ifindex, int disabled)
6675{
6676	struct nl_msg *msg;
6677	struct nlattr *bands, *band;
6678	int ret;
6679
6680	wpa_printf(MSG_DEBUG,
6681		   "nl80211: NL80211_CMD_SET_TX_BITRATE_MASK (ifindex=%d %s)",
6682		   ifindex, disabled ? "NL80211_TXRATE_LEGACY=OFDM-only" :
6683		   "no NL80211_TXRATE_LEGACY constraint");
6684
6685	msg = nl80211_ifindex_msg(drv, ifindex, 0,
6686				  NL80211_CMD_SET_TX_BITRATE_MASK);
6687	if (!msg)
6688		return -1;
6689
6690	bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
6691	if (!bands)
6692		goto fail;
6693
6694	/*
6695	 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
6696	 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
6697	 * rates. All 5 GHz rates are left enabled.
6698	 */
6699	band = nla_nest_start(msg, NL80211_BAND_2GHZ);
6700	if (!band ||
6701	    (disabled && nla_put(msg, NL80211_TXRATE_LEGACY, 8,
6702				 "\x0c\x12\x18\x24\x30\x48\x60\x6c")))
6703		goto fail;
6704	nla_nest_end(msg, band);
6705
6706	nla_nest_end(msg, bands);
6707
6708	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6709	if (ret) {
6710		wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
6711			   "(%s)", ret, strerror(-ret));
6712	} else
6713		drv->disabled_11b_rates = disabled;
6714
6715	return ret;
6716
6717fail:
6718	nlmsg_free(msg);
6719	return -1;
6720}
6721
6722
6723static int wpa_driver_nl80211_deinit_ap(void *priv)
6724{
6725	struct i802_bss *bss = priv;
6726	struct wpa_driver_nl80211_data *drv = bss->drv;
6727	if (!is_ap_interface(drv->nlmode))
6728		return -1;
6729	wpa_driver_nl80211_del_beacon(drv);
6730	bss->beacon_set = 0;
6731
6732	/*
6733	 * If the P2P GO interface was dynamically added, then it is
6734	 * possible that the interface change to station is not possible.
6735	 */
6736	if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic)
6737		return 0;
6738
6739	return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
6740}
6741
6742
6743static int wpa_driver_nl80211_stop_ap(void *priv)
6744{
6745	struct i802_bss *bss = priv;
6746	struct wpa_driver_nl80211_data *drv = bss->drv;
6747	if (!is_ap_interface(drv->nlmode))
6748		return -1;
6749	wpa_driver_nl80211_del_beacon(drv);
6750	bss->beacon_set = 0;
6751	return 0;
6752}
6753
6754
6755static int wpa_driver_nl80211_deinit_p2p_cli(void *priv)
6756{
6757	struct i802_bss *bss = priv;
6758	struct wpa_driver_nl80211_data *drv = bss->drv;
6759	if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT)
6760		return -1;
6761
6762	/*
6763	 * If the P2P Client interface was dynamically added, then it is
6764	 * possible that the interface change to station is not possible.
6765	 */
6766	if (bss->if_dynamic)
6767		return 0;
6768
6769	return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
6770}
6771
6772
6773static void wpa_driver_nl80211_resume(void *priv)
6774{
6775	struct i802_bss *bss = priv;
6776	enum nl80211_iftype nlmode = nl80211_get_ifmode(bss);
6777
6778	if (i802_set_iface_flags(bss, 1))
6779		wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event");
6780
6781	if (is_p2p_net_interface(nlmode))
6782		nl80211_disable_11b_rates(bss->drv, bss->drv->ifindex, 1);
6783}
6784
6785
6786static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
6787{
6788	struct i802_bss *bss = priv;
6789	struct wpa_driver_nl80211_data *drv = bss->drv;
6790	struct nl_msg *msg;
6791	struct nlattr *cqm;
6792
6793	wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
6794		   "hysteresis=%d", threshold, hysteresis);
6795
6796	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_CQM)) ||
6797	    !(cqm = nla_nest_start(msg, NL80211_ATTR_CQM)) ||
6798	    nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold) ||
6799	    nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis)) {
6800		nlmsg_free(msg);
6801		return -1;
6802	}
6803	nla_nest_end(msg, cqm);
6804
6805	return send_and_recv_msgs(drv, msg, NULL, NULL);
6806}
6807
6808
6809static int get_channel_width(struct nl_msg *msg, void *arg)
6810{
6811	struct nlattr *tb[NL80211_ATTR_MAX + 1];
6812	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6813	struct wpa_signal_info *sig_change = arg;
6814
6815	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6816		  genlmsg_attrlen(gnlh, 0), NULL);
6817
6818	sig_change->center_frq1 = -1;
6819	sig_change->center_frq2 = -1;
6820	sig_change->chanwidth = CHAN_WIDTH_UNKNOWN;
6821
6822	if (tb[NL80211_ATTR_CHANNEL_WIDTH]) {
6823		sig_change->chanwidth = convert2width(
6824			nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH]));
6825		if (tb[NL80211_ATTR_CENTER_FREQ1])
6826			sig_change->center_frq1 =
6827				nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
6828		if (tb[NL80211_ATTR_CENTER_FREQ2])
6829			sig_change->center_frq2 =
6830				nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
6831	}
6832
6833	return NL_SKIP;
6834}
6835
6836
6837static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv,
6838				     struct wpa_signal_info *sig)
6839{
6840	struct nl_msg *msg;
6841
6842	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_INTERFACE);
6843	return send_and_recv_msgs(drv, msg, get_channel_width, sig);
6844}
6845
6846
6847static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si)
6848{
6849	struct i802_bss *bss = priv;
6850	struct wpa_driver_nl80211_data *drv = bss->drv;
6851	int res;
6852
6853	os_memset(si, 0, sizeof(*si));
6854	res = nl80211_get_link_signal(drv, si);
6855	if (res) {
6856		if (drv->nlmode != NL80211_IFTYPE_ADHOC &&
6857		    drv->nlmode != NL80211_IFTYPE_MESH_POINT)
6858			return res;
6859		si->current_signal = 0;
6860	}
6861
6862	res = nl80211_get_channel_width(drv, si);
6863	if (res != 0)
6864		return res;
6865
6866	return nl80211_get_link_noise(drv, si);
6867}
6868
6869
6870static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len,
6871			      int encrypt)
6872{
6873	struct i802_bss *bss = priv;
6874	return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0,
6875					     0, 0, 0, 0, NULL, 0);
6876}
6877
6878
6879static int nl80211_set_param(void *priv, const char *param)
6880{
6881	if (param == NULL)
6882		return 0;
6883	wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param);
6884
6885#ifdef CONFIG_P2P
6886	if (os_strstr(param, "use_p2p_group_interface=1")) {
6887		struct i802_bss *bss = priv;
6888		struct wpa_driver_nl80211_data *drv = bss->drv;
6889
6890		wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
6891			   "interface");
6892		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
6893		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
6894	}
6895#endif /* CONFIG_P2P */
6896
6897	if (os_strstr(param, "use_monitor=1")) {
6898		struct i802_bss *bss = priv;
6899		struct wpa_driver_nl80211_data *drv = bss->drv;
6900		drv->use_monitor = 1;
6901	}
6902
6903	if (os_strstr(param, "force_connect_cmd=1")) {
6904		struct i802_bss *bss = priv;
6905		struct wpa_driver_nl80211_data *drv = bss->drv;
6906		drv->capa.flags &= ~WPA_DRIVER_FLAGS_SME;
6907		drv->force_connect_cmd = 1;
6908	}
6909
6910	if (os_strstr(param, "no_offchannel_tx=1")) {
6911		struct i802_bss *bss = priv;
6912		struct wpa_driver_nl80211_data *drv = bss->drv;
6913		drv->capa.flags &= ~WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
6914		drv->test_use_roc_tx = 1;
6915	}
6916
6917	return 0;
6918}
6919
6920
6921static void * nl80211_global_init(void *ctx)
6922{
6923	struct nl80211_global *global;
6924	struct netlink_config *cfg;
6925
6926	global = os_zalloc(sizeof(*global));
6927	if (global == NULL)
6928		return NULL;
6929	global->ctx = ctx;
6930	global->ioctl_sock = -1;
6931	dl_list_init(&global->interfaces);
6932	global->if_add_ifindex = -1;
6933
6934	cfg = os_zalloc(sizeof(*cfg));
6935	if (cfg == NULL)
6936		goto err;
6937
6938	cfg->ctx = global;
6939	cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
6940	cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
6941	global->netlink = netlink_init(cfg);
6942	if (global->netlink == NULL) {
6943		os_free(cfg);
6944		goto err;
6945	}
6946
6947	if (wpa_driver_nl80211_init_nl_global(global) < 0)
6948		goto err;
6949
6950	global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
6951	if (global->ioctl_sock < 0) {
6952		wpa_printf(MSG_ERROR, "nl80211: socket(PF_INET,SOCK_DGRAM) failed: %s",
6953			   strerror(errno));
6954		goto err;
6955	}
6956
6957	return global;
6958
6959err:
6960	nl80211_global_deinit(global);
6961	return NULL;
6962}
6963
6964
6965static void nl80211_global_deinit(void *priv)
6966{
6967	struct nl80211_global *global = priv;
6968	if (global == NULL)
6969		return;
6970	if (!dl_list_empty(&global->interfaces)) {
6971		wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at "
6972			   "nl80211_global_deinit",
6973			   dl_list_len(&global->interfaces));
6974	}
6975
6976	if (global->netlink)
6977		netlink_deinit(global->netlink);
6978
6979	nl_destroy_handles(&global->nl);
6980
6981	if (global->nl_event)
6982		nl80211_destroy_eloop_handle(&global->nl_event);
6983
6984	nl_cb_put(global->nl_cb);
6985
6986	if (global->ioctl_sock >= 0)
6987		close(global->ioctl_sock);
6988
6989	os_free(global);
6990}
6991
6992
6993static const char * nl80211_get_radio_name(void *priv)
6994{
6995	struct i802_bss *bss = priv;
6996	struct wpa_driver_nl80211_data *drv = bss->drv;
6997	return drv->phyname;
6998}
6999
7000
7001static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid,
7002			 const u8 *pmkid)
7003{
7004	struct nl_msg *msg;
7005
7006	if (!(msg = nl80211_bss_msg(bss, 0, cmd)) ||
7007	    (pmkid && nla_put(msg, NL80211_ATTR_PMKID, 16, pmkid)) ||
7008	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))) {
7009		nlmsg_free(msg);
7010		return -ENOBUFS;
7011	}
7012
7013	return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
7014}
7015
7016
7017static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
7018{
7019	struct i802_bss *bss = priv;
7020	wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid));
7021	return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid);
7022}
7023
7024
7025static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
7026{
7027	struct i802_bss *bss = priv;
7028	wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR,
7029		   MAC2STR(bssid));
7030	return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid);
7031}
7032
7033
7034static int nl80211_flush_pmkid(void *priv)
7035{
7036	struct i802_bss *bss = priv;
7037	wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs");
7038	return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL);
7039}
7040
7041
7042static void clean_survey_results(struct survey_results *survey_results)
7043{
7044	struct freq_survey *survey, *tmp;
7045
7046	if (dl_list_empty(&survey_results->survey_list))
7047		return;
7048
7049	dl_list_for_each_safe(survey, tmp, &survey_results->survey_list,
7050			      struct freq_survey, list) {
7051		dl_list_del(&survey->list);
7052		os_free(survey);
7053	}
7054}
7055
7056
7057static void add_survey(struct nlattr **sinfo, u32 ifidx,
7058		       struct dl_list *survey_list)
7059{
7060	struct freq_survey *survey;
7061
7062	survey = os_zalloc(sizeof(struct freq_survey));
7063	if  (!survey)
7064		return;
7065
7066	survey->ifidx = ifidx;
7067	survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
7068	survey->filled = 0;
7069
7070	if (sinfo[NL80211_SURVEY_INFO_NOISE]) {
7071		survey->nf = (int8_t)
7072			nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
7073		survey->filled |= SURVEY_HAS_NF;
7074	}
7075
7076	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) {
7077		survey->channel_time =
7078			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]);
7079		survey->filled |= SURVEY_HAS_CHAN_TIME;
7080	}
7081
7082	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) {
7083		survey->channel_time_busy =
7084			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]);
7085		survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY;
7086	}
7087
7088	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) {
7089		survey->channel_time_rx =
7090			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]);
7091		survey->filled |= SURVEY_HAS_CHAN_TIME_RX;
7092	}
7093
7094	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) {
7095		survey->channel_time_tx =
7096			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]);
7097		survey->filled |= SURVEY_HAS_CHAN_TIME_TX;
7098	}
7099
7100	wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)",
7101		   survey->freq,
7102		   survey->nf,
7103		   (unsigned long int) survey->channel_time,
7104		   (unsigned long int) survey->channel_time_busy,
7105		   (unsigned long int) survey->channel_time_tx,
7106		   (unsigned long int) survey->channel_time_rx,
7107		   survey->filled);
7108
7109	dl_list_add_tail(survey_list, &survey->list);
7110}
7111
7112
7113static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq,
7114			   unsigned int freq_filter)
7115{
7116	if (!freq_filter)
7117		return 1;
7118
7119	return freq_filter == surveyed_freq;
7120}
7121
7122
7123static int survey_handler(struct nl_msg *msg, void *arg)
7124{
7125	struct nlattr *tb[NL80211_ATTR_MAX + 1];
7126	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
7127	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
7128	struct survey_results *survey_results;
7129	u32 surveyed_freq = 0;
7130	u32 ifidx;
7131
7132	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
7133		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
7134		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
7135	};
7136
7137	survey_results = (struct survey_results *) arg;
7138
7139	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
7140		  genlmsg_attrlen(gnlh, 0), NULL);
7141
7142	if (!tb[NL80211_ATTR_IFINDEX])
7143		return NL_SKIP;
7144
7145	ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
7146
7147	if (!tb[NL80211_ATTR_SURVEY_INFO])
7148		return NL_SKIP;
7149
7150	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
7151			     tb[NL80211_ATTR_SURVEY_INFO],
7152			     survey_policy))
7153		return NL_SKIP;
7154
7155	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) {
7156		wpa_printf(MSG_ERROR, "nl80211: Invalid survey data");
7157		return NL_SKIP;
7158	}
7159
7160	surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
7161
7162	if (!check_survey_ok(sinfo, surveyed_freq,
7163			     survey_results->freq_filter))
7164		return NL_SKIP;
7165
7166	if (survey_results->freq_filter &&
7167	    survey_results->freq_filter != surveyed_freq) {
7168		wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz",
7169			   surveyed_freq);
7170		return NL_SKIP;
7171	}
7172
7173	add_survey(sinfo, ifidx, &survey_results->survey_list);
7174
7175	return NL_SKIP;
7176}
7177
7178
7179static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq)
7180{
7181	struct i802_bss *bss = priv;
7182	struct wpa_driver_nl80211_data *drv = bss->drv;
7183	struct nl_msg *msg;
7184	int err;
7185	union wpa_event_data data;
7186	struct survey_results *survey_results;
7187
7188	os_memset(&data, 0, sizeof(data));
7189	survey_results = &data.survey_results;
7190
7191	dl_list_init(&survey_results->survey_list);
7192
7193	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
7194	if (!msg)
7195		return -ENOBUFS;
7196
7197	if (freq)
7198		data.survey_results.freq_filter = freq;
7199
7200	do {
7201		wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data");
7202		err = send_and_recv_msgs(drv, msg, survey_handler,
7203					 survey_results);
7204	} while (err > 0);
7205
7206	if (err)
7207		wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data");
7208	else
7209		wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data);
7210
7211	clean_survey_results(survey_results);
7212	return err;
7213}
7214
7215
7216static void nl80211_set_rekey_info(void *priv, const u8 *kek, size_t kek_len,
7217				   const u8 *kck, size_t kck_len,
7218				   const u8 *replay_ctr)
7219{
7220	struct i802_bss *bss = priv;
7221	struct wpa_driver_nl80211_data *drv = bss->drv;
7222	struct nlattr *replay_nested;
7223	struct nl_msg *msg;
7224	int ret;
7225
7226	if (!drv->set_rekey_offload)
7227		return;
7228
7229	wpa_printf(MSG_DEBUG, "nl80211: Set rekey offload");
7230	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_REKEY_OFFLOAD)) ||
7231	    !(replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA)) ||
7232	    nla_put(msg, NL80211_REKEY_DATA_KEK, kek_len, kek) ||
7233	    nla_put(msg, NL80211_REKEY_DATA_KCK, kck_len, kck) ||
7234	    nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN,
7235		    replay_ctr)) {
7236		nl80211_nlmsg_clear(msg);
7237		nlmsg_free(msg);
7238		return;
7239	}
7240
7241	nla_nest_end(msg, replay_nested);
7242
7243	ret = send_and_recv_msgs(drv, msg, NULL, (void *) -1);
7244	if (ret == -EOPNOTSUPP) {
7245		wpa_printf(MSG_DEBUG,
7246			   "nl80211: Driver does not support rekey offload");
7247		drv->set_rekey_offload = 0;
7248	}
7249}
7250
7251
7252static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr,
7253				    const u8 *addr, int qos)
7254{
7255	/* send data frame to poll STA and check whether
7256	 * this frame is ACKed */
7257	struct {
7258		struct ieee80211_hdr hdr;
7259		u16 qos_ctl;
7260	} STRUCT_PACKED nulldata;
7261	size_t size;
7262
7263	/* Send data frame to poll STA and check whether this frame is ACKed */
7264
7265	os_memset(&nulldata, 0, sizeof(nulldata));
7266
7267	if (qos) {
7268		nulldata.hdr.frame_control =
7269			IEEE80211_FC(WLAN_FC_TYPE_DATA,
7270				     WLAN_FC_STYPE_QOS_NULL);
7271		size = sizeof(nulldata);
7272	} else {
7273		nulldata.hdr.frame_control =
7274			IEEE80211_FC(WLAN_FC_TYPE_DATA,
7275				     WLAN_FC_STYPE_NULLFUNC);
7276		size = sizeof(struct ieee80211_hdr);
7277	}
7278
7279	nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS);
7280	os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN);
7281	os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
7282	os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
7283
7284	if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0,
7285					 0, 0, NULL, 0) < 0)
7286		wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to "
7287			   "send poll frame");
7288}
7289
7290static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr,
7291				int qos)
7292{
7293	struct i802_bss *bss = priv;
7294	struct wpa_driver_nl80211_data *drv = bss->drv;
7295	struct nl_msg *msg;
7296	int ret;
7297
7298	if (!drv->poll_command_supported) {
7299		nl80211_send_null_frame(bss, own_addr, addr, qos);
7300		return;
7301	}
7302
7303	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_PROBE_CLIENT)) ||
7304	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
7305		nlmsg_free(msg);
7306		return;
7307	}
7308
7309	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7310	if (ret < 0) {
7311		wpa_printf(MSG_DEBUG, "nl80211: Client probe request for "
7312			   MACSTR " failed: ret=%d (%s)",
7313			   MAC2STR(addr), ret, strerror(-ret));
7314	}
7315}
7316
7317
7318static int nl80211_set_power_save(struct i802_bss *bss, int enabled)
7319{
7320	struct nl_msg *msg;
7321
7322	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_POWER_SAVE)) ||
7323	    nla_put_u32(msg, NL80211_ATTR_PS_STATE,
7324			enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED)) {
7325		nlmsg_free(msg);
7326		return -ENOBUFS;
7327	}
7328	return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
7329}
7330
7331
7332static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps,
7333				     int ctwindow)
7334{
7335	struct i802_bss *bss = priv;
7336
7337	wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d "
7338		   "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow);
7339
7340	if (opp_ps != -1 || ctwindow != -1) {
7341#ifdef ANDROID_P2P
7342		wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow);
7343#else /* ANDROID_P2P */
7344		return -1; /* Not yet supported */
7345#endif /* ANDROID_P2P */
7346	}
7347
7348	if (legacy_ps == -1)
7349		return 0;
7350	if (legacy_ps != 0 && legacy_ps != 1)
7351		return -1; /* Not yet supported */
7352
7353	return nl80211_set_power_save(bss, legacy_ps);
7354}
7355
7356
7357static int nl80211_start_radar_detection(void *priv,
7358					 struct hostapd_freq_params *freq)
7359{
7360	struct i802_bss *bss = priv;
7361	struct wpa_driver_nl80211_data *drv = bss->drv;
7362	struct nl_msg *msg;
7363	int ret;
7364
7365	wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
7366		   freq->freq, freq->ht_enabled, freq->vht_enabled,
7367		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
7368
7369	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) {
7370		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar "
7371			   "detection");
7372		return -1;
7373	}
7374
7375	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_RADAR_DETECT)) ||
7376	    nl80211_put_freq_params(msg, freq) < 0) {
7377		nlmsg_free(msg);
7378		return -1;
7379	}
7380
7381	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7382	if (ret == 0)
7383		return 0;
7384	wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: "
7385		   "%d (%s)", ret, strerror(-ret));
7386	return -1;
7387}
7388
7389#ifdef CONFIG_TDLS
7390
7391static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code,
7392				  u8 dialog_token, u16 status_code,
7393				  u32 peer_capab, int initiator, const u8 *buf,
7394				  size_t len)
7395{
7396	struct i802_bss *bss = priv;
7397	struct wpa_driver_nl80211_data *drv = bss->drv;
7398	struct nl_msg *msg;
7399
7400	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
7401		return -EOPNOTSUPP;
7402
7403	if (!dst)
7404		return -EINVAL;
7405
7406	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_TDLS_MGMT)) ||
7407	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
7408	    nla_put_u8(msg, NL80211_ATTR_TDLS_ACTION, action_code) ||
7409	    nla_put_u8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token) ||
7410	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status_code))
7411		goto fail;
7412	if (peer_capab) {
7413		/*
7414		 * The internal enum tdls_peer_capability definition is
7415		 * currently identical with the nl80211 enum
7416		 * nl80211_tdls_peer_capability, so no conversion is needed
7417		 * here.
7418		 */
7419		if (nla_put_u32(msg, NL80211_ATTR_TDLS_PEER_CAPABILITY,
7420				peer_capab))
7421			goto fail;
7422	}
7423	if ((initiator &&
7424	     nla_put_flag(msg, NL80211_ATTR_TDLS_INITIATOR)) ||
7425	    nla_put(msg, NL80211_ATTR_IE, len, buf))
7426		goto fail;
7427
7428	return send_and_recv_msgs(drv, msg, NULL, NULL);
7429
7430fail:
7431	nlmsg_free(msg);
7432	return -ENOBUFS;
7433}
7434
7435
7436static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer)
7437{
7438	struct i802_bss *bss = priv;
7439	struct wpa_driver_nl80211_data *drv = bss->drv;
7440	struct nl_msg *msg;
7441	enum nl80211_tdls_operation nl80211_oper;
7442
7443	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
7444		return -EOPNOTSUPP;
7445
7446	switch (oper) {
7447	case TDLS_DISCOVERY_REQ:
7448		nl80211_oper = NL80211_TDLS_DISCOVERY_REQ;
7449		break;
7450	case TDLS_SETUP:
7451		nl80211_oper = NL80211_TDLS_SETUP;
7452		break;
7453	case TDLS_TEARDOWN:
7454		nl80211_oper = NL80211_TDLS_TEARDOWN;
7455		break;
7456	case TDLS_ENABLE_LINK:
7457		nl80211_oper = NL80211_TDLS_ENABLE_LINK;
7458		break;
7459	case TDLS_DISABLE_LINK:
7460		nl80211_oper = NL80211_TDLS_DISABLE_LINK;
7461		break;
7462	case TDLS_ENABLE:
7463		return 0;
7464	case TDLS_DISABLE:
7465		return 0;
7466	default:
7467		return -EINVAL;
7468	}
7469
7470	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_TDLS_OPER)) ||
7471	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper) ||
7472	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) {
7473		nlmsg_free(msg);
7474		return -ENOBUFS;
7475	}
7476
7477	return send_and_recv_msgs(drv, msg, NULL, NULL);
7478}
7479
7480
7481static int
7482nl80211_tdls_enable_channel_switch(void *priv, const u8 *addr, u8 oper_class,
7483				   const struct hostapd_freq_params *params)
7484{
7485	struct i802_bss *bss = priv;
7486	struct wpa_driver_nl80211_data *drv = bss->drv;
7487	struct nl_msg *msg;
7488	int ret = -ENOBUFS;
7489
7490	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT) ||
7491	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH))
7492		return -EOPNOTSUPP;
7493
7494	wpa_printf(MSG_DEBUG, "nl80211: Enable TDLS channel switch " MACSTR
7495		   " oper_class=%u freq=%u",
7496		   MAC2STR(addr), oper_class, params->freq);
7497	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_TDLS_CHANNEL_SWITCH);
7498	if (!msg ||
7499	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
7500	    nla_put_u8(msg, NL80211_ATTR_OPER_CLASS, oper_class) ||
7501	    (ret = nl80211_put_freq_params(msg, params))) {
7502		nlmsg_free(msg);
7503		wpa_printf(MSG_DEBUG, "nl80211: Could not build TDLS chan switch");
7504		return ret;
7505	}
7506
7507	return send_and_recv_msgs(drv, msg, NULL, NULL);
7508}
7509
7510
7511static int
7512nl80211_tdls_disable_channel_switch(void *priv, const u8 *addr)
7513{
7514	struct i802_bss *bss = priv;
7515	struct wpa_driver_nl80211_data *drv = bss->drv;
7516	struct nl_msg *msg;
7517
7518	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT) ||
7519	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH))
7520		return -EOPNOTSUPP;
7521
7522	wpa_printf(MSG_DEBUG, "nl80211: Disable TDLS channel switch " MACSTR,
7523		   MAC2STR(addr));
7524	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH);
7525	if (!msg ||
7526	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
7527		nlmsg_free(msg);
7528		wpa_printf(MSG_DEBUG,
7529			   "nl80211: Could not build TDLS cancel chan switch");
7530		return -ENOBUFS;
7531	}
7532
7533	return send_and_recv_msgs(drv, msg, NULL, NULL);
7534}
7535
7536#endif /* CONFIG TDLS */
7537
7538
7539static int driver_nl80211_set_key(const char *ifname, void *priv,
7540				  enum wpa_alg alg, const u8 *addr,
7541				  int key_idx, int set_tx,
7542				  const u8 *seq, size_t seq_len,
7543				  const u8 *key, size_t key_len)
7544{
7545	struct i802_bss *bss = priv;
7546	return wpa_driver_nl80211_set_key(ifname, bss, alg, addr, key_idx,
7547					  set_tx, seq, seq_len, key, key_len);
7548}
7549
7550
7551static int driver_nl80211_scan2(void *priv,
7552				struct wpa_driver_scan_params *params)
7553{
7554	struct i802_bss *bss = priv;
7555#ifdef CONFIG_DRIVER_NL80211_QCA
7556	struct wpa_driver_nl80211_data *drv = bss->drv;
7557
7558	/*
7559	 * Do a vendor specific scan if possible. If only_new_results is
7560	 * set, do a normal scan since a kernel (cfg80211) BSS cache flush
7561	 * cannot be achieved through a vendor scan. The below condition may
7562	 * need to be modified if new scan flags are added in the future whose
7563	 * functionality can only be achieved through a normal scan.
7564	 */
7565	if (drv->scan_vendor_cmd_avail && !params->only_new_results)
7566		return wpa_driver_nl80211_vendor_scan(bss, params);
7567#endif /* CONFIG_DRIVER_NL80211_QCA */
7568	return wpa_driver_nl80211_scan(bss, params);
7569}
7570
7571
7572static int driver_nl80211_deauthenticate(void *priv, const u8 *addr,
7573					 int reason_code)
7574{
7575	struct i802_bss *bss = priv;
7576	return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code);
7577}
7578
7579
7580static int driver_nl80211_authenticate(void *priv,
7581				       struct wpa_driver_auth_params *params)
7582{
7583	struct i802_bss *bss = priv;
7584	return wpa_driver_nl80211_authenticate(bss, params);
7585}
7586
7587
7588static void driver_nl80211_deinit(void *priv)
7589{
7590	struct i802_bss *bss = priv;
7591	wpa_driver_nl80211_deinit(bss);
7592}
7593
7594
7595static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type,
7596				    const char *ifname)
7597{
7598	struct i802_bss *bss = priv;
7599	return wpa_driver_nl80211_if_remove(bss, type, ifname);
7600}
7601
7602
7603static int driver_nl80211_send_mlme(void *priv, const u8 *data,
7604				    size_t data_len, int noack,
7605				    unsigned int freq,
7606				    const u16 *csa_offs, size_t csa_offs_len)
7607{
7608	struct i802_bss *bss = priv;
7609	return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack,
7610					    freq, 0, 0, 0, csa_offs,
7611					    csa_offs_len);
7612}
7613
7614
7615static int driver_nl80211_sta_remove(void *priv, const u8 *addr)
7616{
7617	struct i802_bss *bss = priv;
7618	return wpa_driver_nl80211_sta_remove(bss, addr, -1, 0);
7619}
7620
7621
7622static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr,
7623				       const char *ifname, int vlan_id)
7624{
7625	struct i802_bss *bss = priv;
7626	return i802_set_sta_vlan(bss, addr, ifname, vlan_id);
7627}
7628
7629
7630static int driver_nl80211_read_sta_data(void *priv,
7631					struct hostap_sta_driver_data *data,
7632					const u8 *addr)
7633{
7634	struct i802_bss *bss = priv;
7635	return i802_read_sta_data(bss, data, addr);
7636}
7637
7638
7639static int driver_nl80211_send_action(void *priv, unsigned int freq,
7640				      unsigned int wait_time,
7641				      const u8 *dst, const u8 *src,
7642				      const u8 *bssid,
7643				      const u8 *data, size_t data_len,
7644				      int no_cck)
7645{
7646	struct i802_bss *bss = priv;
7647	return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src,
7648					      bssid, data, data_len, no_cck);
7649}
7650
7651
7652static int driver_nl80211_probe_req_report(void *priv, int report)
7653{
7654	struct i802_bss *bss = priv;
7655	return wpa_driver_nl80211_probe_req_report(bss, report);
7656}
7657
7658
7659static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md,
7660					    const u8 *ies, size_t ies_len)
7661{
7662	int ret;
7663	struct nl_msg *msg;
7664	struct i802_bss *bss = priv;
7665	struct wpa_driver_nl80211_data *drv = bss->drv;
7666	u16 mdid = WPA_GET_LE16(md);
7667
7668	wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs");
7669	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_UPDATE_FT_IES)) ||
7670	    nla_put(msg, NL80211_ATTR_IE, ies_len, ies) ||
7671	    nla_put_u16(msg, NL80211_ATTR_MDID, mdid)) {
7672		nlmsg_free(msg);
7673		return -ENOBUFS;
7674	}
7675
7676	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7677	if (ret) {
7678		wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed "
7679			   "err=%d (%s)", ret, strerror(-ret));
7680	}
7681
7682	return ret;
7683}
7684
7685
7686const u8 * wpa_driver_nl80211_get_macaddr(void *priv)
7687{
7688	struct i802_bss *bss = priv;
7689	struct wpa_driver_nl80211_data *drv = bss->drv;
7690
7691	if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE)
7692		return NULL;
7693
7694	return bss->addr;
7695}
7696
7697
7698static const char * scan_state_str(enum scan_states scan_state)
7699{
7700	switch (scan_state) {
7701	case NO_SCAN:
7702		return "NO_SCAN";
7703	case SCAN_REQUESTED:
7704		return "SCAN_REQUESTED";
7705	case SCAN_STARTED:
7706		return "SCAN_STARTED";
7707	case SCAN_COMPLETED:
7708		return "SCAN_COMPLETED";
7709	case SCAN_ABORTED:
7710		return "SCAN_ABORTED";
7711	case SCHED_SCAN_STARTED:
7712		return "SCHED_SCAN_STARTED";
7713	case SCHED_SCAN_STOPPED:
7714		return "SCHED_SCAN_STOPPED";
7715	case SCHED_SCAN_RESULTS:
7716		return "SCHED_SCAN_RESULTS";
7717	}
7718
7719	return "??";
7720}
7721
7722
7723static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen)
7724{
7725	struct i802_bss *bss = priv;
7726	struct wpa_driver_nl80211_data *drv = bss->drv;
7727	int res;
7728	char *pos, *end;
7729
7730	pos = buf;
7731	end = buf + buflen;
7732
7733	res = os_snprintf(pos, end - pos,
7734			  "ifindex=%d\n"
7735			  "ifname=%s\n"
7736			  "brname=%s\n"
7737			  "addr=" MACSTR "\n"
7738			  "freq=%d\n"
7739			  "%s%s%s%s%s",
7740			  bss->ifindex,
7741			  bss->ifname,
7742			  bss->brname,
7743			  MAC2STR(bss->addr),
7744			  bss->freq,
7745			  bss->beacon_set ? "beacon_set=1\n" : "",
7746			  bss->added_if_into_bridge ?
7747			  "added_if_into_bridge=1\n" : "",
7748			  bss->added_bridge ? "added_bridge=1\n" : "",
7749			  bss->in_deinit ? "in_deinit=1\n" : "",
7750			  bss->if_dynamic ? "if_dynamic=1\n" : "");
7751	if (os_snprintf_error(end - pos, res))
7752		return pos - buf;
7753	pos += res;
7754
7755	if (bss->wdev_id_set) {
7756		res = os_snprintf(pos, end - pos, "wdev_id=%llu\n",
7757				  (unsigned long long) bss->wdev_id);
7758		if (os_snprintf_error(end - pos, res))
7759			return pos - buf;
7760		pos += res;
7761	}
7762
7763	res = os_snprintf(pos, end - pos,
7764			  "phyname=%s\n"
7765			  "perm_addr=" MACSTR "\n"
7766			  "drv_ifindex=%d\n"
7767			  "operstate=%d\n"
7768			  "scan_state=%s\n"
7769			  "auth_bssid=" MACSTR "\n"
7770			  "auth_attempt_bssid=" MACSTR "\n"
7771			  "bssid=" MACSTR "\n"
7772			  "prev_bssid=" MACSTR "\n"
7773			  "associated=%d\n"
7774			  "assoc_freq=%u\n"
7775			  "monitor_sock=%d\n"
7776			  "monitor_ifidx=%d\n"
7777			  "monitor_refcount=%d\n"
7778			  "last_mgmt_freq=%u\n"
7779			  "eapol_tx_sock=%d\n"
7780			  "%s%s%s%s%s%s%s%s%s%s%s%s%s",
7781			  drv->phyname,
7782			  MAC2STR(drv->perm_addr),
7783			  drv->ifindex,
7784			  drv->operstate,
7785			  scan_state_str(drv->scan_state),
7786			  MAC2STR(drv->auth_bssid),
7787			  MAC2STR(drv->auth_attempt_bssid),
7788			  MAC2STR(drv->bssid),
7789			  MAC2STR(drv->prev_bssid),
7790			  drv->associated,
7791			  drv->assoc_freq,
7792			  drv->monitor_sock,
7793			  drv->monitor_ifidx,
7794			  drv->monitor_refcount,
7795			  drv->last_mgmt_freq,
7796			  drv->eapol_tx_sock,
7797			  drv->ignore_if_down_event ?
7798			  "ignore_if_down_event=1\n" : "",
7799			  drv->scan_complete_events ?
7800			  "scan_complete_events=1\n" : "",
7801			  drv->disabled_11b_rates ?
7802			  "disabled_11b_rates=1\n" : "",
7803			  drv->pending_remain_on_chan ?
7804			  "pending_remain_on_chan=1\n" : "",
7805			  drv->in_interface_list ? "in_interface_list=1\n" : "",
7806			  drv->device_ap_sme ? "device_ap_sme=1\n" : "",
7807			  drv->poll_command_supported ?
7808			  "poll_command_supported=1\n" : "",
7809			  drv->data_tx_status ? "data_tx_status=1\n" : "",
7810			  drv->scan_for_auth ? "scan_for_auth=1\n" : "",
7811			  drv->retry_auth ? "retry_auth=1\n" : "",
7812			  drv->use_monitor ? "use_monitor=1\n" : "",
7813			  drv->ignore_next_local_disconnect ?
7814			  "ignore_next_local_disconnect=1\n" : "",
7815			  drv->ignore_next_local_deauth ?
7816			  "ignore_next_local_deauth=1\n" : "");
7817	if (os_snprintf_error(end - pos, res))
7818		return pos - buf;
7819	pos += res;
7820
7821	if (drv->has_capability) {
7822		res = os_snprintf(pos, end - pos,
7823				  "capa.key_mgmt=0x%x\n"
7824				  "capa.enc=0x%x\n"
7825				  "capa.auth=0x%x\n"
7826				  "capa.flags=0x%llx\n"
7827				  "capa.rrm_flags=0x%x\n"
7828				  "capa.max_scan_ssids=%d\n"
7829				  "capa.max_sched_scan_ssids=%d\n"
7830				  "capa.sched_scan_supported=%d\n"
7831				  "capa.max_match_sets=%d\n"
7832				  "capa.max_remain_on_chan=%u\n"
7833				  "capa.max_stations=%u\n"
7834				  "capa.probe_resp_offloads=0x%x\n"
7835				  "capa.max_acl_mac_addrs=%u\n"
7836				  "capa.num_multichan_concurrent=%u\n"
7837				  "capa.mac_addr_rand_sched_scan_supported=%d\n"
7838				  "capa.mac_addr_rand_scan_supported=%d\n"
7839				  "capa.conc_capab=%u\n"
7840				  "capa.max_conc_chan_2_4=%u\n"
7841				  "capa.max_conc_chan_5_0=%u\n"
7842				  "capa.max_sched_scan_plans=%u\n"
7843				  "capa.max_sched_scan_plan_interval=%u\n"
7844				  "capa.max_sched_scan_plan_iterations=%u\n",
7845				  drv->capa.key_mgmt,
7846				  drv->capa.enc,
7847				  drv->capa.auth,
7848				  (unsigned long long) drv->capa.flags,
7849				  drv->capa.rrm_flags,
7850				  drv->capa.max_scan_ssids,
7851				  drv->capa.max_sched_scan_ssids,
7852				  drv->capa.sched_scan_supported,
7853				  drv->capa.max_match_sets,
7854				  drv->capa.max_remain_on_chan,
7855				  drv->capa.max_stations,
7856				  drv->capa.probe_resp_offloads,
7857				  drv->capa.max_acl_mac_addrs,
7858				  drv->capa.num_multichan_concurrent,
7859				  drv->capa.mac_addr_rand_sched_scan_supported,
7860				  drv->capa.mac_addr_rand_scan_supported,
7861				  drv->capa.conc_capab,
7862				  drv->capa.max_conc_chan_2_4,
7863				  drv->capa.max_conc_chan_5_0,
7864				  drv->capa.max_sched_scan_plans,
7865				  drv->capa.max_sched_scan_plan_interval,
7866				  drv->capa.max_sched_scan_plan_iterations);
7867		if (os_snprintf_error(end - pos, res))
7868			return pos - buf;
7869		pos += res;
7870	}
7871
7872	return pos - buf;
7873}
7874
7875
7876static int set_beacon_data(struct nl_msg *msg, struct beacon_data *settings)
7877{
7878	if ((settings->head &&
7879	     nla_put(msg, NL80211_ATTR_BEACON_HEAD,
7880		     settings->head_len, settings->head)) ||
7881	    (settings->tail &&
7882	     nla_put(msg, NL80211_ATTR_BEACON_TAIL,
7883		     settings->tail_len, settings->tail)) ||
7884	    (settings->beacon_ies &&
7885	     nla_put(msg, NL80211_ATTR_IE,
7886		     settings->beacon_ies_len, settings->beacon_ies)) ||
7887	    (settings->proberesp_ies &&
7888	     nla_put(msg, NL80211_ATTR_IE_PROBE_RESP,
7889		     settings->proberesp_ies_len, settings->proberesp_ies)) ||
7890	    (settings->assocresp_ies &&
7891	     nla_put(msg, NL80211_ATTR_IE_ASSOC_RESP,
7892		     settings->assocresp_ies_len, settings->assocresp_ies)) ||
7893	    (settings->probe_resp &&
7894	     nla_put(msg, NL80211_ATTR_PROBE_RESP,
7895		     settings->probe_resp_len, settings->probe_resp)))
7896		return -ENOBUFS;
7897
7898	return 0;
7899}
7900
7901
7902static int nl80211_switch_channel(void *priv, struct csa_settings *settings)
7903{
7904	struct nl_msg *msg;
7905	struct i802_bss *bss = priv;
7906	struct wpa_driver_nl80211_data *drv = bss->drv;
7907	struct nlattr *beacon_csa;
7908	int ret = -ENOBUFS;
7909	int csa_off_len = 0;
7910	int i;
7911
7912	wpa_printf(MSG_DEBUG, "nl80211: Channel switch request (cs_count=%u block_tx=%u freq=%d width=%d cf1=%d cf2=%d)",
7913		   settings->cs_count, settings->block_tx,
7914		   settings->freq_params.freq, settings->freq_params.bandwidth,
7915		   settings->freq_params.center_freq1,
7916		   settings->freq_params.center_freq2);
7917
7918	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_AP_CSA)) {
7919		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support channel switch command");
7920		return -EOPNOTSUPP;
7921	}
7922
7923	if ((drv->nlmode != NL80211_IFTYPE_AP) &&
7924	    (drv->nlmode != NL80211_IFTYPE_P2P_GO))
7925		return -EOPNOTSUPP;
7926
7927	/*
7928	 * Remove empty counters, assuming Probe Response and Beacon frame
7929	 * counters match. This implementation assumes that there are only two
7930	 * counters.
7931	 */
7932	if (settings->counter_offset_beacon[0] &&
7933	    !settings->counter_offset_beacon[1]) {
7934		csa_off_len = 1;
7935	} else if (settings->counter_offset_beacon[1] &&
7936		   !settings->counter_offset_beacon[0]) {
7937		csa_off_len = 1;
7938		settings->counter_offset_beacon[0] =
7939			settings->counter_offset_beacon[1];
7940		settings->counter_offset_presp[0] =
7941			settings->counter_offset_presp[1];
7942	} else if (settings->counter_offset_beacon[1] &&
7943		   settings->counter_offset_beacon[0]) {
7944		csa_off_len = 2;
7945	} else {
7946		wpa_printf(MSG_ERROR, "nl80211: No CSA counters provided");
7947		return -EINVAL;
7948	}
7949
7950	/* Check CSA counters validity */
7951	if (drv->capa.max_csa_counters &&
7952	    csa_off_len > drv->capa.max_csa_counters) {
7953		wpa_printf(MSG_ERROR,
7954			   "nl80211: Too many CSA counters provided");
7955		return -EINVAL;
7956	}
7957
7958	if (!settings->beacon_csa.tail)
7959		return -EINVAL;
7960
7961	for (i = 0; i < csa_off_len; i++) {
7962		u16 csa_c_off_bcn = settings->counter_offset_beacon[i];
7963		u16 csa_c_off_presp = settings->counter_offset_presp[i];
7964
7965		if ((settings->beacon_csa.tail_len <= csa_c_off_bcn) ||
7966		    (settings->beacon_csa.tail[csa_c_off_bcn] !=
7967		     settings->cs_count))
7968			return -EINVAL;
7969
7970		if (settings->beacon_csa.probe_resp &&
7971		    ((settings->beacon_csa.probe_resp_len <=
7972		      csa_c_off_presp) ||
7973		     (settings->beacon_csa.probe_resp[csa_c_off_presp] !=
7974		      settings->cs_count)))
7975			return -EINVAL;
7976	}
7977
7978	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_CHANNEL_SWITCH)) ||
7979	    nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT,
7980			settings->cs_count) ||
7981	    (ret = nl80211_put_freq_params(msg, &settings->freq_params)) ||
7982	    (settings->block_tx &&
7983	     nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX)))
7984		goto error;
7985
7986	/* beacon_after params */
7987	ret = set_beacon_data(msg, &settings->beacon_after);
7988	if (ret)
7989		goto error;
7990
7991	/* beacon_csa params */
7992	beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES);
7993	if (!beacon_csa)
7994		goto fail;
7995
7996	ret = set_beacon_data(msg, &settings->beacon_csa);
7997	if (ret)
7998		goto error;
7999
8000	if (nla_put(msg, NL80211_ATTR_CSA_C_OFF_BEACON,
8001		    csa_off_len * sizeof(u16),
8002		    settings->counter_offset_beacon) ||
8003	    (settings->beacon_csa.probe_resp &&
8004	     nla_put(msg, NL80211_ATTR_CSA_C_OFF_PRESP,
8005		     csa_off_len * sizeof(u16),
8006		     settings->counter_offset_presp)))
8007		goto fail;
8008
8009	nla_nest_end(msg, beacon_csa);
8010	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8011	if (ret) {
8012		wpa_printf(MSG_DEBUG, "nl80211: switch_channel failed err=%d (%s)",
8013			   ret, strerror(-ret));
8014	}
8015	return ret;
8016
8017fail:
8018	ret = -ENOBUFS;
8019error:
8020	nlmsg_free(msg);
8021	wpa_printf(MSG_DEBUG, "nl80211: Could not build channel switch request");
8022	return ret;
8023}
8024
8025
8026static int nl80211_add_ts(void *priv, u8 tsid, const u8 *addr,
8027			  u8 user_priority, u16 admitted_time)
8028{
8029	struct i802_bss *bss = priv;
8030	struct wpa_driver_nl80211_data *drv = bss->drv;
8031	struct nl_msg *msg;
8032	int ret;
8033
8034	wpa_printf(MSG_DEBUG,
8035		   "nl80211: add_ts request: tsid=%u admitted_time=%u up=%d",
8036		   tsid, admitted_time, user_priority);
8037
8038	if (!is_sta_interface(drv->nlmode))
8039		return -ENOTSUP;
8040
8041	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_ADD_TX_TS);
8042	if (!msg ||
8043	    nla_put_u8(msg, NL80211_ATTR_TSID, tsid) ||
8044	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
8045	    nla_put_u8(msg, NL80211_ATTR_USER_PRIO, user_priority) ||
8046	    nla_put_u16(msg, NL80211_ATTR_ADMITTED_TIME, admitted_time)) {
8047		nlmsg_free(msg);
8048		return -ENOBUFS;
8049	}
8050
8051	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8052	if (ret)
8053		wpa_printf(MSG_DEBUG, "nl80211: add_ts failed err=%d (%s)",
8054			   ret, strerror(-ret));
8055	return ret;
8056}
8057
8058
8059static int nl80211_del_ts(void *priv, u8 tsid, const u8 *addr)
8060{
8061	struct i802_bss *bss = priv;
8062	struct wpa_driver_nl80211_data *drv = bss->drv;
8063	struct nl_msg *msg;
8064	int ret;
8065
8066	wpa_printf(MSG_DEBUG, "nl80211: del_ts request: tsid=%u", tsid);
8067
8068	if (!is_sta_interface(drv->nlmode))
8069		return -ENOTSUP;
8070
8071	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_DEL_TX_TS)) ||
8072	    nla_put_u8(msg, NL80211_ATTR_TSID, tsid) ||
8073	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
8074		nlmsg_free(msg);
8075		return -ENOBUFS;
8076	}
8077
8078	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8079	if (ret)
8080		wpa_printf(MSG_DEBUG, "nl80211: del_ts failed err=%d (%s)",
8081			   ret, strerror(-ret));
8082	return ret;
8083}
8084
8085
8086#ifdef CONFIG_TESTING_OPTIONS
8087static int cmd_reply_handler(struct nl_msg *msg, void *arg)
8088{
8089	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
8090	struct wpabuf *buf = arg;
8091
8092	if (!buf)
8093		return NL_SKIP;
8094
8095	if ((size_t) genlmsg_attrlen(gnlh, 0) > wpabuf_tailroom(buf)) {
8096		wpa_printf(MSG_INFO, "nl80211: insufficient buffer space for reply");
8097		return NL_SKIP;
8098	}
8099
8100	wpabuf_put_data(buf, genlmsg_attrdata(gnlh, 0),
8101			genlmsg_attrlen(gnlh, 0));
8102
8103	return NL_SKIP;
8104}
8105#endif /* CONFIG_TESTING_OPTIONS */
8106
8107
8108static int vendor_reply_handler(struct nl_msg *msg, void *arg)
8109{
8110	struct nlattr *tb[NL80211_ATTR_MAX + 1];
8111	struct nlattr *nl_vendor_reply, *nl;
8112	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
8113	struct wpabuf *buf = arg;
8114	int rem;
8115
8116	if (!buf)
8117		return NL_SKIP;
8118
8119	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
8120		  genlmsg_attrlen(gnlh, 0), NULL);
8121	nl_vendor_reply = tb[NL80211_ATTR_VENDOR_DATA];
8122
8123	if (!nl_vendor_reply)
8124		return NL_SKIP;
8125
8126	if ((size_t) nla_len(nl_vendor_reply) > wpabuf_tailroom(buf)) {
8127		wpa_printf(MSG_INFO, "nl80211: Vendor command: insufficient buffer space for reply");
8128		return NL_SKIP;
8129	}
8130
8131	nla_for_each_nested(nl, nl_vendor_reply, rem) {
8132		wpabuf_put_data(buf, nla_data(nl), nla_len(nl));
8133	}
8134
8135	return NL_SKIP;
8136}
8137
8138
8139static int nl80211_vendor_cmd(void *priv, unsigned int vendor_id,
8140			      unsigned int subcmd, const u8 *data,
8141			      size_t data_len, struct wpabuf *buf)
8142{
8143	struct i802_bss *bss = priv;
8144	struct wpa_driver_nl80211_data *drv = bss->drv;
8145	struct nl_msg *msg;
8146	int ret;
8147
8148#ifdef CONFIG_TESTING_OPTIONS
8149	if (vendor_id == 0xffffffff) {
8150		msg = nlmsg_alloc();
8151		if (!msg)
8152			return -ENOMEM;
8153
8154		nl80211_cmd(drv, msg, 0, subcmd);
8155		if (nlmsg_append(msg, (void *) data, data_len, NLMSG_ALIGNTO) <
8156		    0)
8157			goto fail;
8158		ret = send_and_recv_msgs(drv, msg, cmd_reply_handler, buf);
8159		if (ret)
8160			wpa_printf(MSG_DEBUG, "nl80211: command failed err=%d",
8161				   ret);
8162		return ret;
8163	}
8164#endif /* CONFIG_TESTING_OPTIONS */
8165
8166	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_VENDOR)) ||
8167	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, vendor_id) ||
8168	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD, subcmd) ||
8169	    (data &&
8170	     nla_put(msg, NL80211_ATTR_VENDOR_DATA, data_len, data)))
8171		goto fail;
8172
8173	ret = send_and_recv_msgs(drv, msg, vendor_reply_handler, buf);
8174	if (ret)
8175		wpa_printf(MSG_DEBUG, "nl80211: vendor command failed err=%d",
8176			   ret);
8177	return ret;
8178
8179fail:
8180	nlmsg_free(msg);
8181	return -ENOBUFS;
8182}
8183
8184
8185static int nl80211_set_qos_map(void *priv, const u8 *qos_map_set,
8186			       u8 qos_map_set_len)
8187{
8188	struct i802_bss *bss = priv;
8189	struct wpa_driver_nl80211_data *drv = bss->drv;
8190	struct nl_msg *msg;
8191	int ret;
8192
8193	wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map",
8194		    qos_map_set, qos_map_set_len);
8195
8196	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_QOS_MAP)) ||
8197	    nla_put(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set)) {
8198		nlmsg_free(msg);
8199		return -ENOBUFS;
8200	}
8201
8202	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8203	if (ret)
8204		wpa_printf(MSG_DEBUG, "nl80211: Setting QoS Map failed");
8205
8206	return ret;
8207}
8208
8209
8210static int nl80211_set_wowlan(void *priv,
8211			      const struct wowlan_triggers *triggers)
8212{
8213	struct i802_bss *bss = priv;
8214	struct wpa_driver_nl80211_data *drv = bss->drv;
8215	struct nl_msg *msg;
8216	struct nlattr *wowlan_triggers;
8217	int ret;
8218
8219	wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan");
8220
8221	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_SET_WOWLAN)) ||
8222	    !(wowlan_triggers = nla_nest_start(msg,
8223					       NL80211_ATTR_WOWLAN_TRIGGERS)) ||
8224	    (triggers->any &&
8225	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
8226	    (triggers->disconnect &&
8227	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
8228	    (triggers->magic_pkt &&
8229	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
8230	    (triggers->gtk_rekey_failure &&
8231	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
8232	    (triggers->eap_identity_req &&
8233	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
8234	    (triggers->four_way_handshake &&
8235	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
8236	    (triggers->rfkill_release &&
8237	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) {
8238		nlmsg_free(msg);
8239		return -ENOBUFS;
8240	}
8241
8242	nla_nest_end(msg, wowlan_triggers);
8243
8244	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8245	if (ret)
8246		wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan failed");
8247
8248	return ret;
8249}
8250
8251
8252#ifdef CONFIG_DRIVER_NL80211_QCA
8253static int nl80211_roaming(void *priv, int allowed, const u8 *bssid)
8254{
8255	struct i802_bss *bss = priv;
8256	struct wpa_driver_nl80211_data *drv = bss->drv;
8257	struct nl_msg *msg;
8258	struct nlattr *params;
8259
8260	wpa_printf(MSG_DEBUG, "nl80211: Roaming policy: allowed=%d", allowed);
8261
8262	if (!drv->roaming_vendor_cmd_avail) {
8263		wpa_printf(MSG_DEBUG,
8264			   "nl80211: Ignore roaming policy change since driver does not provide command for setting it");
8265		return -1;
8266	}
8267
8268	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
8269	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
8270	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
8271			QCA_NL80211_VENDOR_SUBCMD_ROAMING) ||
8272	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
8273	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_ROAMING_POLICY,
8274			allowed ? QCA_ROAMING_ALLOWED_WITHIN_ESS :
8275			QCA_ROAMING_NOT_ALLOWED) ||
8276	    (bssid &&
8277	     nla_put(msg, QCA_WLAN_VENDOR_ATTR_MAC_ADDR, ETH_ALEN, bssid))) {
8278		nlmsg_free(msg);
8279		return -1;
8280	}
8281	nla_nest_end(msg, params);
8282
8283	return send_and_recv_msgs(drv, msg, NULL, NULL);
8284}
8285#endif /* CONFIG_DRIVER_NL80211_QCA */
8286
8287
8288static int nl80211_set_mac_addr(void *priv, const u8 *addr)
8289{
8290	struct i802_bss *bss = priv;
8291	struct wpa_driver_nl80211_data *drv = bss->drv;
8292	int new_addr = addr != NULL;
8293
8294	if (!addr)
8295		addr = drv->perm_addr;
8296
8297	if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) < 0)
8298		return -1;
8299
8300	if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname, addr) < 0)
8301	{
8302		wpa_printf(MSG_DEBUG,
8303			   "nl80211: failed to set_mac_addr for %s to " MACSTR,
8304			   bss->ifname, MAC2STR(addr));
8305		if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname,
8306					  1) < 0) {
8307			wpa_printf(MSG_DEBUG,
8308				   "nl80211: Could not restore interface UP after failed set_mac_addr");
8309		}
8310		return -1;
8311	}
8312
8313	wpa_printf(MSG_DEBUG, "nl80211: set_mac_addr for %s to " MACSTR,
8314		   bss->ifname, MAC2STR(addr));
8315	drv->addr_changed = new_addr;
8316	os_memcpy(bss->addr, addr, ETH_ALEN);
8317
8318	if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1) < 0)
8319	{
8320		wpa_printf(MSG_DEBUG,
8321			   "nl80211: Could not restore interface UP after set_mac_addr");
8322	}
8323
8324	return 0;
8325}
8326
8327
8328#ifdef CONFIG_MESH
8329
8330static int wpa_driver_nl80211_init_mesh(void *priv)
8331{
8332	if (wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_MESH_POINT)) {
8333		wpa_printf(MSG_INFO,
8334			   "nl80211: Failed to set interface into mesh mode");
8335		return -1;
8336	}
8337	return 0;
8338}
8339
8340
8341static int nl80211_put_mesh_id(struct nl_msg *msg, const u8 *mesh_id,
8342			       size_t mesh_id_len)
8343{
8344	if (mesh_id) {
8345		wpa_hexdump_ascii(MSG_DEBUG, "  * Mesh ID (SSID)",
8346				  mesh_id, mesh_id_len);
8347		return nla_put(msg, NL80211_ATTR_MESH_ID, mesh_id_len, mesh_id);
8348	}
8349
8350	return 0;
8351}
8352
8353
8354static int nl80211_join_mesh(struct i802_bss *bss,
8355			     struct wpa_driver_mesh_join_params *params)
8356{
8357	struct wpa_driver_nl80211_data *drv = bss->drv;
8358	struct nl_msg *msg;
8359	struct nlattr *container;
8360	int ret = -1;
8361
8362	wpa_printf(MSG_DEBUG, "nl80211: mesh join (ifindex=%d)", drv->ifindex);
8363	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_JOIN_MESH);
8364	if (!msg ||
8365	    nl80211_put_freq_params(msg, &params->freq) ||
8366	    nl80211_put_basic_rates(msg, params->basic_rates) ||
8367	    nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
8368	    nl80211_put_beacon_int(msg, params->beacon_int))
8369		goto fail;
8370
8371	wpa_printf(MSG_DEBUG, "  * flags=%08X", params->flags);
8372
8373	container = nla_nest_start(msg, NL80211_ATTR_MESH_SETUP);
8374	if (!container)
8375		goto fail;
8376
8377	if (params->ies) {
8378		wpa_hexdump(MSG_DEBUG, "  * IEs", params->ies, params->ie_len);
8379		if (nla_put(msg, NL80211_MESH_SETUP_IE, params->ie_len,
8380			    params->ies))
8381			goto fail;
8382	}
8383	/* WPA_DRIVER_MESH_FLAG_OPEN_AUTH is treated as default by nl80211 */
8384	if (params->flags & WPA_DRIVER_MESH_FLAG_SAE_AUTH) {
8385		if (nla_put_u8(msg, NL80211_MESH_SETUP_AUTH_PROTOCOL, 0x1) ||
8386		    nla_put_flag(msg, NL80211_MESH_SETUP_USERSPACE_AUTH))
8387			goto fail;
8388	}
8389	if ((params->flags & WPA_DRIVER_MESH_FLAG_AMPE) &&
8390	    nla_put_flag(msg, NL80211_MESH_SETUP_USERSPACE_AMPE))
8391		goto fail;
8392	if ((params->flags & WPA_DRIVER_MESH_FLAG_USER_MPM) &&
8393	    nla_put_flag(msg, NL80211_MESH_SETUP_USERSPACE_MPM))
8394		goto fail;
8395	nla_nest_end(msg, container);
8396
8397	container = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
8398	if (!container)
8399		goto fail;
8400
8401	if (!(params->conf.flags & WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS) &&
8402	    nla_put_u32(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 0))
8403		goto fail;
8404	if ((params->conf.flags & WPA_DRIVER_MESH_FLAG_DRIVER_MPM) &&
8405	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
8406			params->max_peer_links))
8407		goto fail;
8408
8409	/*
8410	 * Set NL80211_MESHCONF_PLINK_TIMEOUT even if user mpm is used because
8411	 * the timer could disconnect stations even in that case.
8412	 */
8413	if (nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
8414			params->conf.peer_link_timeout)) {
8415		wpa_printf(MSG_ERROR, "nl80211: Failed to set PLINK_TIMEOUT");
8416		goto fail;
8417	}
8418
8419	nla_nest_end(msg, container);
8420
8421	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8422	msg = NULL;
8423	if (ret) {
8424		wpa_printf(MSG_DEBUG, "nl80211: mesh join failed: ret=%d (%s)",
8425			   ret, strerror(-ret));
8426		goto fail;
8427	}
8428	ret = 0;
8429	bss->freq = params->freq.freq;
8430	wpa_printf(MSG_DEBUG, "nl80211: mesh join request send successfully");
8431
8432fail:
8433	nlmsg_free(msg);
8434	return ret;
8435}
8436
8437
8438static int
8439wpa_driver_nl80211_join_mesh(void *priv,
8440			     struct wpa_driver_mesh_join_params *params)
8441{
8442	struct i802_bss *bss = priv;
8443	int ret, timeout;
8444
8445	timeout = params->conf.peer_link_timeout;
8446
8447	/* Disable kernel inactivity timer */
8448	if (params->flags & WPA_DRIVER_MESH_FLAG_USER_MPM)
8449		params->conf.peer_link_timeout = 0;
8450
8451	ret = nl80211_join_mesh(bss, params);
8452	if (ret == -EINVAL && params->conf.peer_link_timeout == 0) {
8453		wpa_printf(MSG_DEBUG,
8454			   "nl80211: Mesh join retry for peer_link_timeout");
8455		/*
8456		 * Old kernel does not support setting
8457		 * NL80211_MESHCONF_PLINK_TIMEOUT to zero, so set 60 seconds
8458		 * into future from peer_link_timeout.
8459		 */
8460		params->conf.peer_link_timeout = timeout + 60;
8461		ret = nl80211_join_mesh(priv, params);
8462	}
8463
8464	params->conf.peer_link_timeout = timeout;
8465	return ret;
8466}
8467
8468
8469static int wpa_driver_nl80211_leave_mesh(void *priv)
8470{
8471	struct i802_bss *bss = priv;
8472	struct wpa_driver_nl80211_data *drv = bss->drv;
8473	struct nl_msg *msg;
8474	int ret;
8475
8476	wpa_printf(MSG_DEBUG, "nl80211: mesh leave (ifindex=%d)", drv->ifindex);
8477	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_MESH);
8478	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8479	if (ret) {
8480		wpa_printf(MSG_DEBUG, "nl80211: mesh leave failed: ret=%d (%s)",
8481			   ret, strerror(-ret));
8482	} else {
8483		wpa_printf(MSG_DEBUG,
8484			   "nl80211: mesh leave request send successfully");
8485	}
8486
8487	if (wpa_driver_nl80211_set_mode(drv->first_bss,
8488					NL80211_IFTYPE_STATION)) {
8489		wpa_printf(MSG_INFO,
8490			   "nl80211: Failed to set interface into station mode");
8491	}
8492	return ret;
8493}
8494
8495#endif /* CONFIG_MESH */
8496
8497
8498static int wpa_driver_br_add_ip_neigh(void *priv, u8 version,
8499				      const u8 *ipaddr, int prefixlen,
8500				      const u8 *addr)
8501{
8502#ifdef CONFIG_LIBNL3_ROUTE
8503	struct i802_bss *bss = priv;
8504	struct wpa_driver_nl80211_data *drv = bss->drv;
8505	struct rtnl_neigh *rn;
8506	struct nl_addr *nl_ipaddr = NULL;
8507	struct nl_addr *nl_lladdr = NULL;
8508	int family, addrsize;
8509	int res;
8510
8511	if (!ipaddr || prefixlen == 0 || !addr)
8512		return -EINVAL;
8513
8514	if (bss->br_ifindex == 0) {
8515		wpa_printf(MSG_DEBUG,
8516			   "nl80211: bridge must be set before adding an ip neigh to it");
8517		return -1;
8518	}
8519
8520	if (!drv->rtnl_sk) {
8521		wpa_printf(MSG_DEBUG,
8522			   "nl80211: nl_sock for NETLINK_ROUTE is not initialized");
8523		return -1;
8524	}
8525
8526	if (version == 4) {
8527		family = AF_INET;
8528		addrsize = 4;
8529	} else if (version == 6) {
8530		family = AF_INET6;
8531		addrsize = 16;
8532	} else {
8533		return -EINVAL;
8534	}
8535
8536	rn = rtnl_neigh_alloc();
8537	if (rn == NULL)
8538		return -ENOMEM;
8539
8540	/* set the destination ip address for neigh */
8541	nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
8542	if (nl_ipaddr == NULL) {
8543		wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
8544		res = -ENOMEM;
8545		goto errout;
8546	}
8547	nl_addr_set_prefixlen(nl_ipaddr, prefixlen);
8548	res = rtnl_neigh_set_dst(rn, nl_ipaddr);
8549	if (res) {
8550		wpa_printf(MSG_DEBUG,
8551			   "nl80211: neigh set destination addr failed");
8552		goto errout;
8553	}
8554
8555	/* set the corresponding lladdr for neigh */
8556	nl_lladdr = nl_addr_build(AF_BRIDGE, (u8 *) addr, ETH_ALEN);
8557	if (nl_lladdr == NULL) {
8558		wpa_printf(MSG_DEBUG, "nl80211: neigh set lladdr failed");
8559		res = -ENOMEM;
8560		goto errout;
8561	}
8562	rtnl_neigh_set_lladdr(rn, nl_lladdr);
8563
8564	rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
8565	rtnl_neigh_set_state(rn, NUD_PERMANENT);
8566
8567	res = rtnl_neigh_add(drv->rtnl_sk, rn, NLM_F_CREATE);
8568	if (res) {
8569		wpa_printf(MSG_DEBUG,
8570			   "nl80211: Adding bridge ip neigh failed: %s",
8571			   strerror(errno));
8572	}
8573errout:
8574	if (nl_lladdr)
8575		nl_addr_put(nl_lladdr);
8576	if (nl_ipaddr)
8577		nl_addr_put(nl_ipaddr);
8578	if (rn)
8579		rtnl_neigh_put(rn);
8580	return res;
8581#else /* CONFIG_LIBNL3_ROUTE */
8582	return -1;
8583#endif /* CONFIG_LIBNL3_ROUTE */
8584}
8585
8586
8587static int wpa_driver_br_delete_ip_neigh(void *priv, u8 version,
8588					 const u8 *ipaddr)
8589{
8590#ifdef CONFIG_LIBNL3_ROUTE
8591	struct i802_bss *bss = priv;
8592	struct wpa_driver_nl80211_data *drv = bss->drv;
8593	struct rtnl_neigh *rn;
8594	struct nl_addr *nl_ipaddr;
8595	int family, addrsize;
8596	int res;
8597
8598	if (!ipaddr)
8599		return -EINVAL;
8600
8601	if (version == 4) {
8602		family = AF_INET;
8603		addrsize = 4;
8604	} else if (version == 6) {
8605		family = AF_INET6;
8606		addrsize = 16;
8607	} else {
8608		return -EINVAL;
8609	}
8610
8611	if (bss->br_ifindex == 0) {
8612		wpa_printf(MSG_DEBUG,
8613			   "nl80211: bridge must be set to delete an ip neigh");
8614		return -1;
8615	}
8616
8617	if (!drv->rtnl_sk) {
8618		wpa_printf(MSG_DEBUG,
8619			   "nl80211: nl_sock for NETLINK_ROUTE is not initialized");
8620		return -1;
8621	}
8622
8623	rn = rtnl_neigh_alloc();
8624	if (rn == NULL)
8625		return -ENOMEM;
8626
8627	/* set the destination ip address for neigh */
8628	nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
8629	if (nl_ipaddr == NULL) {
8630		wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
8631		res = -ENOMEM;
8632		goto errout;
8633	}
8634	res = rtnl_neigh_set_dst(rn, nl_ipaddr);
8635	if (res) {
8636		wpa_printf(MSG_DEBUG,
8637			   "nl80211: neigh set destination addr failed");
8638		goto errout;
8639	}
8640
8641	rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
8642
8643	res = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
8644	if (res) {
8645		wpa_printf(MSG_DEBUG,
8646			   "nl80211: Deleting bridge ip neigh failed: %s",
8647			   strerror(errno));
8648	}
8649errout:
8650	if (nl_ipaddr)
8651		nl_addr_put(nl_ipaddr);
8652	if (rn)
8653		rtnl_neigh_put(rn);
8654	return res;
8655#else /* CONFIG_LIBNL3_ROUTE */
8656	return -1;
8657#endif /* CONFIG_LIBNL3_ROUTE */
8658}
8659
8660
8661static int linux_write_system_file(const char *path, unsigned int val)
8662{
8663	char buf[50];
8664	int fd, len;
8665
8666	len = os_snprintf(buf, sizeof(buf), "%u\n", val);
8667	if (os_snprintf_error(sizeof(buf), len))
8668		return -1;
8669
8670	fd = open(path, O_WRONLY);
8671	if (fd < 0)
8672		return -1;
8673
8674	if (write(fd, buf, len) < 0) {
8675		wpa_printf(MSG_DEBUG,
8676			   "nl80211: Failed to write Linux system file: %s with the value of %d",
8677			   path, val);
8678		close(fd);
8679		return -1;
8680	}
8681	close(fd);
8682
8683	return 0;
8684}
8685
8686
8687static const char * drv_br_port_attr_str(enum drv_br_port_attr attr)
8688{
8689	switch (attr) {
8690	case DRV_BR_PORT_ATTR_PROXYARP:
8691		return "proxyarp_wifi";
8692	case DRV_BR_PORT_ATTR_HAIRPIN_MODE:
8693		return "hairpin_mode";
8694	}
8695
8696	return NULL;
8697}
8698
8699
8700static int wpa_driver_br_port_set_attr(void *priv, enum drv_br_port_attr attr,
8701				       unsigned int val)
8702{
8703	struct i802_bss *bss = priv;
8704	char path[128];
8705	const char *attr_txt;
8706
8707	attr_txt = drv_br_port_attr_str(attr);
8708	if (attr_txt == NULL)
8709		return -EINVAL;
8710
8711	os_snprintf(path, sizeof(path), "/sys/class/net/%s/brport/%s",
8712		    bss->ifname, attr_txt);
8713
8714	if (linux_write_system_file(path, val))
8715		return -1;
8716
8717	return 0;
8718}
8719
8720
8721static const char * drv_br_net_param_str(enum drv_br_net_param param)
8722{
8723	switch (param) {
8724	case DRV_BR_NET_PARAM_GARP_ACCEPT:
8725		return "arp_accept";
8726	default:
8727		return NULL;
8728	}
8729}
8730
8731
8732static int wpa_driver_br_set_net_param(void *priv, enum drv_br_net_param param,
8733				       unsigned int val)
8734{
8735	struct i802_bss *bss = priv;
8736	char path[128];
8737	const char *param_txt;
8738	int ip_version = 4;
8739
8740	if (param == DRV_BR_MULTICAST_SNOOPING) {
8741		os_snprintf(path, sizeof(path),
8742			    "/sys/devices/virtual/net/%s/bridge/multicast_snooping",
8743			    bss->brname);
8744		goto set_val;
8745	}
8746
8747	param_txt = drv_br_net_param_str(param);
8748	if (param_txt == NULL)
8749		return -EINVAL;
8750
8751	switch (param) {
8752		case DRV_BR_NET_PARAM_GARP_ACCEPT:
8753			ip_version = 4;
8754			break;
8755		default:
8756			return -EINVAL;
8757	}
8758
8759	os_snprintf(path, sizeof(path), "/proc/sys/net/ipv%d/conf/%s/%s",
8760		    ip_version, bss->brname, param_txt);
8761
8762set_val:
8763	if (linux_write_system_file(path, val))
8764		return -1;
8765
8766	return 0;
8767}
8768
8769
8770#ifdef CONFIG_DRIVER_NL80211_QCA
8771
8772static int hw_mode_to_qca_acs(enum hostapd_hw_mode hw_mode)
8773{
8774	switch (hw_mode) {
8775	case HOSTAPD_MODE_IEEE80211B:
8776		return QCA_ACS_MODE_IEEE80211B;
8777	case HOSTAPD_MODE_IEEE80211G:
8778		return QCA_ACS_MODE_IEEE80211G;
8779	case HOSTAPD_MODE_IEEE80211A:
8780		return QCA_ACS_MODE_IEEE80211A;
8781	case HOSTAPD_MODE_IEEE80211AD:
8782		return QCA_ACS_MODE_IEEE80211AD;
8783	case HOSTAPD_MODE_IEEE80211ANY:
8784		return QCA_ACS_MODE_IEEE80211ANY;
8785	default:
8786		return -1;
8787	}
8788}
8789
8790
8791static int add_acs_freq_list(struct nl_msg *msg, const int *freq_list)
8792{
8793	int i, len, ret;
8794	u32 *freqs;
8795
8796	if (!freq_list)
8797		return 0;
8798	len = int_array_len(freq_list);
8799	freqs = os_malloc(sizeof(u32) * len);
8800	if (!freqs)
8801		return -1;
8802	for (i = 0; i < len; i++)
8803		freqs[i] = freq_list[i];
8804	ret = nla_put(msg, QCA_WLAN_VENDOR_ATTR_ACS_FREQ_LIST,
8805		      sizeof(u32) * len, freqs);
8806	os_free(freqs);
8807	return ret;
8808}
8809
8810
8811static int wpa_driver_do_acs(void *priv, struct drv_acs_params *params)
8812{
8813	struct i802_bss *bss = priv;
8814	struct wpa_driver_nl80211_data *drv = bss->drv;
8815	struct nl_msg *msg;
8816	struct nlattr *data;
8817	int ret;
8818	int mode;
8819
8820	mode = hw_mode_to_qca_acs(params->hw_mode);
8821	if (mode < 0)
8822		return -1;
8823
8824	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
8825	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
8826	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
8827			QCA_NL80211_VENDOR_SUBCMD_DO_ACS) ||
8828	    !(data = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
8829	    nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_ACS_HW_MODE, mode) ||
8830	    (params->ht_enabled &&
8831	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_HT_ENABLED)) ||
8832	    (params->ht40_enabled &&
8833	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_HT40_ENABLED)) ||
8834	    (params->vht_enabled &&
8835	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_VHT_ENABLED)) ||
8836	    nla_put_u16(msg, QCA_WLAN_VENDOR_ATTR_ACS_CHWIDTH,
8837			params->ch_width) ||
8838	    (params->ch_list_len &&
8839	     nla_put(msg, QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST, params->ch_list_len,
8840		     params->ch_list)) ||
8841	    add_acs_freq_list(msg, params->freq_list)) {
8842		nlmsg_free(msg);
8843		return -ENOBUFS;
8844	}
8845	nla_nest_end(msg, data);
8846
8847	wpa_printf(MSG_DEBUG,
8848		   "nl80211: ACS Params: HW_MODE: %d HT: %d HT40: %d VHT: %d BW: %d CH_LIST_LEN: %u",
8849		   params->hw_mode, params->ht_enabled, params->ht40_enabled,
8850		   params->vht_enabled, params->ch_width, params->ch_list_len);
8851
8852	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8853	if (ret) {
8854		wpa_printf(MSG_DEBUG,
8855			   "nl80211: Failed to invoke driver ACS function: %s",
8856			   strerror(errno));
8857	}
8858	return ret;
8859}
8860
8861
8862static int nl80211_set_band(void *priv, enum set_band band)
8863{
8864	struct i802_bss *bss = priv;
8865	struct wpa_driver_nl80211_data *drv = bss->drv;
8866	struct nl_msg *msg;
8867	struct nlattr *data;
8868	int ret;
8869	enum qca_set_band qca_band;
8870
8871	if (!drv->setband_vendor_cmd_avail)
8872		return -1;
8873
8874	switch (band) {
8875	case WPA_SETBAND_AUTO:
8876		qca_band = QCA_SETBAND_AUTO;
8877		break;
8878	case WPA_SETBAND_5G:
8879		qca_band = QCA_SETBAND_5G;
8880		break;
8881	case WPA_SETBAND_2G:
8882		qca_band = QCA_SETBAND_2G;
8883		break;
8884	default:
8885		return -1;
8886	}
8887
8888	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
8889	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
8890	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
8891			QCA_NL80211_VENDOR_SUBCMD_SETBAND) ||
8892	    !(data = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
8893	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE, qca_band)) {
8894		nlmsg_free(msg);
8895		return -ENOBUFS;
8896	}
8897	nla_nest_end(msg, data);
8898
8899	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8900	if (ret) {
8901		wpa_printf(MSG_DEBUG,
8902			   "nl80211: Driver setband function failed: %s",
8903			   strerror(errno));
8904	}
8905	return ret;
8906}
8907
8908
8909struct nl80211_pcl {
8910	unsigned int num;
8911	unsigned int *freq_list;
8912};
8913
8914static int preferred_freq_info_handler(struct nl_msg *msg, void *arg)
8915{
8916	struct nlattr *tb[NL80211_ATTR_MAX + 1];
8917	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
8918	struct nl80211_pcl *param = arg;
8919	struct nlattr *nl_vend, *attr;
8920	enum qca_iface_type iface_type;
8921	struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1];
8922	unsigned int num, max_num;
8923	u32 *freqs;
8924
8925	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
8926		  genlmsg_attrlen(gnlh, 0), NULL);
8927
8928	nl_vend = tb[NL80211_ATTR_VENDOR_DATA];
8929	if (!nl_vend)
8930		return NL_SKIP;
8931
8932	nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX,
8933		  nla_data(nl_vend), nla_len(nl_vend), NULL);
8934
8935	attr = tb_vendor[
8936		QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST_IFACE_TYPE];
8937	if (!attr) {
8938		wpa_printf(MSG_ERROR, "nl80211: iface_type couldn't be found");
8939		param->num = 0;
8940		return NL_SKIP;
8941	}
8942
8943	iface_type = (enum qca_iface_type) nla_get_u32(attr);
8944	wpa_printf(MSG_DEBUG, "nl80211: Driver returned iface_type=%d",
8945		   iface_type);
8946
8947	attr = tb_vendor[QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST];
8948	if (!attr) {
8949		wpa_printf(MSG_ERROR,
8950			   "nl80211: preferred_freq_list couldn't be found");
8951		param->num = 0;
8952		return NL_SKIP;
8953	}
8954
8955	/*
8956	 * param->num has the maximum number of entries for which there
8957	 * is room in the freq_list provided by the caller.
8958	 */
8959	freqs = nla_data(attr);
8960	max_num = nla_len(attr) / sizeof(u32);
8961	if (max_num > param->num)
8962		max_num = param->num;
8963	for (num = 0; num < max_num; num++)
8964		param->freq_list[num] = freqs[num];
8965	param->num = num;
8966
8967	return NL_SKIP;
8968}
8969
8970
8971static int nl80211_get_pref_freq_list(void *priv,
8972				      enum wpa_driver_if_type if_type,
8973				      unsigned int *num,
8974				      unsigned int *freq_list)
8975{
8976	struct i802_bss *bss = priv;
8977	struct wpa_driver_nl80211_data *drv = bss->drv;
8978	struct nl_msg *msg;
8979	int ret;
8980	unsigned int i;
8981	struct nlattr *params;
8982	struct nl80211_pcl param;
8983	enum qca_iface_type iface_type;
8984
8985	if (!drv->get_pref_freq_list)
8986		return -1;
8987
8988	switch (if_type) {
8989	case WPA_IF_STATION:
8990		iface_type = QCA_IFACE_TYPE_STA;
8991		break;
8992	case WPA_IF_AP_BSS:
8993		iface_type = QCA_IFACE_TYPE_AP;
8994		break;
8995	case WPA_IF_P2P_GO:
8996		iface_type = QCA_IFACE_TYPE_P2P_GO;
8997		break;
8998	case WPA_IF_P2P_CLIENT:
8999		iface_type = QCA_IFACE_TYPE_P2P_CLIENT;
9000		break;
9001	case WPA_IF_IBSS:
9002		iface_type = QCA_IFACE_TYPE_IBSS;
9003		break;
9004	case WPA_IF_TDLS:
9005		iface_type = QCA_IFACE_TYPE_TDLS;
9006		break;
9007	default:
9008		return -1;
9009	}
9010
9011	param.num = *num;
9012	param.freq_list = freq_list;
9013
9014	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
9015	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, drv->ifindex) ||
9016	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
9017	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
9018			QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST) ||
9019	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
9020	    nla_put_u32(msg,
9021			QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST_IFACE_TYPE,
9022			iface_type)) {
9023		wpa_printf(MSG_ERROR,
9024			   "%s: err in adding vendor_cmd and vendor_data",
9025			   __func__);
9026		nlmsg_free(msg);
9027		return -1;
9028	}
9029	nla_nest_end(msg, params);
9030
9031	os_memset(freq_list, 0, *num * sizeof(freq_list[0]));
9032	ret = send_and_recv_msgs(drv, msg, preferred_freq_info_handler, &param);
9033	if (ret) {
9034		wpa_printf(MSG_ERROR,
9035			   "%s: err in send_and_recv_msgs", __func__);
9036		return ret;
9037	}
9038
9039	*num = param.num;
9040
9041	for (i = 0; i < *num; i++) {
9042		wpa_printf(MSG_DEBUG, "nl80211: preferred_channel_list[%d]=%d",
9043			   i, freq_list[i]);
9044	}
9045
9046	return 0;
9047}
9048
9049
9050static int nl80211_set_prob_oper_freq(void *priv, unsigned int freq)
9051{
9052	struct i802_bss *bss = priv;
9053	struct wpa_driver_nl80211_data *drv = bss->drv;
9054	struct nl_msg *msg;
9055	int ret;
9056	struct nlattr *params;
9057
9058	if (!drv->set_prob_oper_freq)
9059		return -1;
9060
9061	wpa_printf(MSG_DEBUG,
9062		   "nl80211: Set P2P probable operating freq %u for ifindex %d",
9063		   freq, bss->ifindex);
9064
9065	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
9066	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
9067	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
9068			QCA_NL80211_VENDOR_SUBCMD_SET_PROBABLE_OPER_CHANNEL) ||
9069	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
9070	    nla_put_u32(msg,
9071			QCA_WLAN_VENDOR_ATTR_PROBABLE_OPER_CHANNEL_IFACE_TYPE,
9072			QCA_IFACE_TYPE_P2P_CLIENT) ||
9073	    nla_put_u32(msg,
9074			QCA_WLAN_VENDOR_ATTR_PROBABLE_OPER_CHANNEL_FREQ,
9075			freq)) {
9076		wpa_printf(MSG_ERROR,
9077			   "%s: err in adding vendor_cmd and vendor_data",
9078			   __func__);
9079		nlmsg_free(msg);
9080		return -1;
9081	}
9082	nla_nest_end(msg, params);
9083
9084	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9085	msg = NULL;
9086	if (ret) {
9087		wpa_printf(MSG_ERROR, "%s: err in send_and_recv_msgs",
9088			   __func__);
9089		return ret;
9090	}
9091	nlmsg_free(msg);
9092	return 0;
9093}
9094
9095#endif /* CONFIG_DRIVER_NL80211_QCA */
9096
9097
9098const struct wpa_driver_ops wpa_driver_nl80211_ops = {
9099	.name = "nl80211",
9100	.desc = "Linux nl80211/cfg80211",
9101	.get_bssid = wpa_driver_nl80211_get_bssid,
9102	.get_ssid = wpa_driver_nl80211_get_ssid,
9103	.set_key = driver_nl80211_set_key,
9104	.scan2 = driver_nl80211_scan2,
9105	.sched_scan = wpa_driver_nl80211_sched_scan,
9106	.stop_sched_scan = wpa_driver_nl80211_stop_sched_scan,
9107	.get_scan_results2 = wpa_driver_nl80211_get_scan_results,
9108	.abort_scan = wpa_driver_nl80211_abort_scan,
9109	.deauthenticate = driver_nl80211_deauthenticate,
9110	.authenticate = driver_nl80211_authenticate,
9111	.associate = wpa_driver_nl80211_associate,
9112	.global_init = nl80211_global_init,
9113	.global_deinit = nl80211_global_deinit,
9114	.init2 = wpa_driver_nl80211_init,
9115	.deinit = driver_nl80211_deinit,
9116	.get_capa = wpa_driver_nl80211_get_capa,
9117	.set_operstate = wpa_driver_nl80211_set_operstate,
9118	.set_supp_port = wpa_driver_nl80211_set_supp_port,
9119	.set_country = wpa_driver_nl80211_set_country,
9120	.get_country = wpa_driver_nl80211_get_country,
9121	.set_ap = wpa_driver_nl80211_set_ap,
9122	.set_acl = wpa_driver_nl80211_set_acl,
9123	.if_add = wpa_driver_nl80211_if_add,
9124	.if_remove = driver_nl80211_if_remove,
9125	.send_mlme = driver_nl80211_send_mlme,
9126	.get_hw_feature_data = nl80211_get_hw_feature_data,
9127	.sta_add = wpa_driver_nl80211_sta_add,
9128	.sta_remove = driver_nl80211_sta_remove,
9129	.hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
9130	.sta_set_flags = wpa_driver_nl80211_sta_set_flags,
9131	.hapd_init = i802_init,
9132	.hapd_deinit = i802_deinit,
9133	.set_wds_sta = i802_set_wds_sta,
9134	.get_seqnum = i802_get_seqnum,
9135	.flush = i802_flush,
9136	.get_inact_sec = i802_get_inact_sec,
9137	.sta_clear_stats = i802_sta_clear_stats,
9138	.set_rts = i802_set_rts,
9139	.set_frag = i802_set_frag,
9140	.set_tx_queue_params = i802_set_tx_queue_params,
9141	.set_sta_vlan = driver_nl80211_set_sta_vlan,
9142	.sta_deauth = i802_sta_deauth,
9143	.sta_disassoc = i802_sta_disassoc,
9144	.read_sta_data = driver_nl80211_read_sta_data,
9145	.set_freq = i802_set_freq,
9146	.send_action = driver_nl80211_send_action,
9147	.send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait,
9148	.remain_on_channel = wpa_driver_nl80211_remain_on_channel,
9149	.cancel_remain_on_channel =
9150	wpa_driver_nl80211_cancel_remain_on_channel,
9151	.probe_req_report = driver_nl80211_probe_req_report,
9152	.deinit_ap = wpa_driver_nl80211_deinit_ap,
9153	.deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli,
9154	.resume = wpa_driver_nl80211_resume,
9155	.signal_monitor = nl80211_signal_monitor,
9156	.signal_poll = nl80211_signal_poll,
9157	.send_frame = nl80211_send_frame,
9158	.set_param = nl80211_set_param,
9159	.get_radio_name = nl80211_get_radio_name,
9160	.add_pmkid = nl80211_add_pmkid,
9161	.remove_pmkid = nl80211_remove_pmkid,
9162	.flush_pmkid = nl80211_flush_pmkid,
9163	.set_rekey_info = nl80211_set_rekey_info,
9164	.poll_client = nl80211_poll_client,
9165	.set_p2p_powersave = nl80211_set_p2p_powersave,
9166	.start_dfs_cac = nl80211_start_radar_detection,
9167	.stop_ap = wpa_driver_nl80211_stop_ap,
9168#ifdef CONFIG_TDLS
9169	.send_tdls_mgmt = nl80211_send_tdls_mgmt,
9170	.tdls_oper = nl80211_tdls_oper,
9171	.tdls_enable_channel_switch = nl80211_tdls_enable_channel_switch,
9172	.tdls_disable_channel_switch = nl80211_tdls_disable_channel_switch,
9173#endif /* CONFIG_TDLS */
9174	.update_ft_ies = wpa_driver_nl80211_update_ft_ies,
9175	.get_mac_addr = wpa_driver_nl80211_get_macaddr,
9176	.get_survey = wpa_driver_nl80211_get_survey,
9177	.status = wpa_driver_nl80211_status,
9178	.switch_channel = nl80211_switch_channel,
9179#ifdef ANDROID_P2P
9180	.set_noa = wpa_driver_set_p2p_noa,
9181	.get_noa = wpa_driver_get_p2p_noa,
9182	.set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie,
9183#endif /* ANDROID_P2P */
9184#ifdef ANDROID
9185#ifndef ANDROID_LIB_STUB
9186	.driver_cmd = wpa_driver_nl80211_driver_cmd,
9187#endif /* !ANDROID_LIB_STUB */
9188#endif /* ANDROID */
9189	.vendor_cmd = nl80211_vendor_cmd,
9190	.set_qos_map = nl80211_set_qos_map,
9191	.set_wowlan = nl80211_set_wowlan,
9192#ifdef CONFIG_DRIVER_NL80211_QCA
9193	.roaming = nl80211_roaming,
9194#endif /* CONFIG_DRIVER_NL80211_QCA */
9195	.set_mac_addr = nl80211_set_mac_addr,
9196#ifdef CONFIG_MESH
9197	.init_mesh = wpa_driver_nl80211_init_mesh,
9198	.join_mesh = wpa_driver_nl80211_join_mesh,
9199	.leave_mesh = wpa_driver_nl80211_leave_mesh,
9200#endif /* CONFIG_MESH */
9201	.br_add_ip_neigh = wpa_driver_br_add_ip_neigh,
9202	.br_delete_ip_neigh = wpa_driver_br_delete_ip_neigh,
9203	.br_port_set_attr = wpa_driver_br_port_set_attr,
9204	.br_set_net_param = wpa_driver_br_set_net_param,
9205	.add_tx_ts = nl80211_add_ts,
9206	.del_tx_ts = nl80211_del_ts,
9207	.get_ifindex = nl80211_get_ifindex,
9208#ifdef CONFIG_DRIVER_NL80211_QCA
9209	.do_acs = wpa_driver_do_acs,
9210	.set_band = nl80211_set_band,
9211	.get_pref_freq_list = nl80211_get_pref_freq_list,
9212	.set_prob_oper_freq = nl80211_set_prob_oper_freq,
9213#endif /* CONFIG_DRIVER_NL80211_QCA */
9214};
9215