xref: /freebsd/contrib/wpa/src/drivers/driver_nl80211.c (revision 8165650389ba2d0a68cea6902ac3750055cad9da) 
1 /*
2  * Driver interaction with Linux nl80211/cfg80211
3  * Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
4  * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5  * Copyright (c) 2005-2006, Devicescape Software, Inc.
6  * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7  * Copyright (c) 2009-2010, Atheros Communications
8  *
9  * This software may be distributed under the terms of the BSD license.
10  * See README for more details.
11  */
12 
13 #include "includes.h"
14 #include <sys/types.h>
15 #include <sys/utsname.h>
16 #include <fcntl.h>
17 #include <net/if.h>
18 #include <netlink/genl/genl.h>
19 #include <netlink/genl/ctrl.h>
20 #include <netlink/genl/family.h>
21 #include <linux/rtnetlink.h>
22 #include <netpacket/packet.h>
23 #include <linux/errqueue.h>
24 
25 #include "common.h"
26 #include "eloop.h"
27 #include "common/qca-vendor.h"
28 #include "common/qca-vendor-attr.h"
29 #include "common/brcm_vendor.h"
30 #include "common/ieee802_11_defs.h"
31 #include "common/ieee802_11_common.h"
32 #include "common/wpa_common.h"
33 #include "crypto/sha256.h"
34 #include "crypto/sha384.h"
35 #include "netlink.h"
36 #include "linux_defines.h"
37 #include "linux_ioctl.h"
38 #include "radiotap.h"
39 #include "radiotap_iter.h"
40 #include "rfkill.h"
41 #include "driver_nl80211.h"
42 
43 
44 #ifndef NETLINK_CAP_ACK
45 #define NETLINK_CAP_ACK 10
46 #endif /* NETLINK_CAP_ACK */
47 /* support for extack if compilation headers are too old */
48 #ifndef NETLINK_EXT_ACK
49 #define NETLINK_EXT_ACK 11
50 enum nlmsgerr_attrs {
51 	NLMSGERR_ATTR_UNUSED,
52 	NLMSGERR_ATTR_MSG,
53 	NLMSGERR_ATTR_OFFS,
54 	NLMSGERR_ATTR_COOKIE,
55 
56 	__NLMSGERR_ATTR_MAX,
57 	NLMSGERR_ATTR_MAX = __NLMSGERR_ATTR_MAX - 1
58 };
59 #endif
60 #ifndef NLM_F_CAPPED
61 #define NLM_F_CAPPED 0x100
62 #endif
63 #ifndef NLM_F_ACK_TLVS
64 #define NLM_F_ACK_TLVS 0x200
65 #endif
66 #ifndef SOL_NETLINK
67 #define SOL_NETLINK 270
68 #endif
69 
70 
71 #ifdef ANDROID
72 /* system/core/libnl_2 does not include nl_socket_set_nonblocking() */
73 #undef nl_socket_set_nonblocking
74 #define nl_socket_set_nonblocking(h) android_nl_socket_set_nonblocking(h)
75 
76 #endif /* ANDROID */
77 
78 
79 static struct nl_sock * nl_create_handle(struct nl_cb *cb, const char *dbg)
80 {
81 	struct nl_sock *handle;
82 
83 	handle = nl_socket_alloc_cb(cb);
84 	if (handle == NULL) {
85 		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
86 			   "callbacks (%s)", dbg);
87 		return NULL;
88 	}
89 
90 	if (genl_connect(handle)) {
91 		wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
92 			   "netlink (%s)", dbg);
93 		nl_socket_free(handle);
94 		return NULL;
95 	}
96 
97 	return handle;
98 }
99 
100 
101 static void nl_destroy_handles(struct nl_sock **handle)
102 {
103 	if (*handle == NULL)
104 		return;
105 	nl_socket_free(*handle);
106 	*handle = NULL;
107 }
108 
109 
110 #if __WORDSIZE == 64
111 #define ELOOP_SOCKET_INVALID	(intptr_t) 0x8888888888888889ULL
112 #else
113 #define ELOOP_SOCKET_INVALID	(intptr_t) 0x88888889ULL
114 #endif
115 
116 static void nl80211_register_eloop_read(struct nl_sock **handle,
117 					eloop_sock_handler handler,
118 					void *eloop_data, int persist)
119 {
120 	/*
121 	 * libnl uses a pretty small buffer (32 kB that gets converted to 64 kB)
122 	 * by default. It is possible to hit that limit in some cases where
123 	 * operations are blocked, e.g., with a burst of Deauthentication frames
124 	 * to hostapd and STA entry deletion. Try to increase the buffer to make
125 	 * this less likely to occur.
126 	 */
127 	int err;
128 
129 	err = nl_socket_set_buffer_size(*handle, 262144, 0);
130 	if (err < 0) {
131 		wpa_printf(MSG_DEBUG,
132 			   "nl80211: Could not set nl_socket RX buffer size: %s",
133 			   nl_geterror(err));
134 		/* continue anyway with the default (smaller) buffer */
135 	}
136 
137 	nl_socket_set_nonblocking(*handle);
138 	eloop_register_read_sock(nl_socket_get_fd(*handle), handler,
139 				 eloop_data, *handle);
140 	if (!persist)
141 		*handle = (void *) (((intptr_t) *handle) ^
142 				    ELOOP_SOCKET_INVALID);
143 }
144 
145 
146 static void nl80211_destroy_eloop_handle(struct nl_sock **handle, int persist)
147 {
148 	if (!persist)
149 		*handle = (void *) (((intptr_t) *handle) ^
150 				    ELOOP_SOCKET_INVALID);
151 	eloop_unregister_read_sock(nl_socket_get_fd(*handle));
152 	nl_destroy_handles(handle);
153 }
154 
155 
156 static void nl80211_global_deinit(void *priv);
157 static void nl80211_check_global(struct nl80211_global *global);
158 
159 static void wpa_driver_nl80211_deinit(struct i802_bss *bss);
160 static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss,
161 					    struct hostapd_freq_params *freq);
162 
163 static int
164 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
165 				   const u8 *set_addr, int first,
166 				   const char *driver_params);
167 static int nl80211_send_frame_cmd(struct i802_bss *bss,
168 				  unsigned int freq, unsigned int wait,
169 				  const u8 *buf, size_t buf_len,
170 				  int save_cookie, int no_cck, int no_ack,
171 				  int offchanok, const u16 *csa_offs,
172 				  size_t csa_offs_len, int link_id);
173 static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss,
174 					       int report);
175 
176 #define IFIDX_ANY -1
177 
178 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
179 		      int ifidx_reason);
180 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
181 		      int ifidx_reason);
182 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
183 		      int ifidx_reason);
184 
185 static int nl80211_set_channel(struct i802_bss *bss,
186 			       struct hostapd_freq_params *freq, int set_chan);
187 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
188 				     int ifindex, int disabled);
189 
190 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv,
191 			      int reset_mode);
192 
193 static int i802_set_iface_flags(struct i802_bss *bss, int up);
194 static int nl80211_set_param(void *priv, const char *param);
195 static void nl80211_remove_links(struct i802_bss *bss);
196 #ifdef CONFIG_MESH
197 static int nl80211_put_mesh_config(struct nl_msg *msg,
198 				   struct wpa_driver_mesh_bss_params *params);
199 #endif /* CONFIG_MESH */
200 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
201 			     u16 reason);
202 
203 
204 /* Converts nl80211_chan_width to a common format */
205 enum chan_width convert2width(int width)
206 {
207 	switch (width) {
208 	case NL80211_CHAN_WIDTH_20_NOHT:
209 		return CHAN_WIDTH_20_NOHT;
210 	case NL80211_CHAN_WIDTH_20:
211 		return CHAN_WIDTH_20;
212 	case NL80211_CHAN_WIDTH_40:
213 		return CHAN_WIDTH_40;
214 	case NL80211_CHAN_WIDTH_80:
215 		return CHAN_WIDTH_80;
216 	case NL80211_CHAN_WIDTH_80P80:
217 		return CHAN_WIDTH_80P80;
218 	case NL80211_CHAN_WIDTH_160:
219 		return CHAN_WIDTH_160;
220 	case NL80211_CHAN_WIDTH_320:
221 		return CHAN_WIDTH_320;
222 	default:
223 		return CHAN_WIDTH_UNKNOWN;
224 	}
225 }
226 
227 
228 int is_ap_interface(enum nl80211_iftype nlmode)
229 {
230 	return nlmode == NL80211_IFTYPE_AP ||
231 		nlmode == NL80211_IFTYPE_P2P_GO;
232 }
233 
234 
235 int is_sta_interface(enum nl80211_iftype nlmode)
236 {
237 	return nlmode == NL80211_IFTYPE_STATION ||
238 		nlmode == NL80211_IFTYPE_P2P_CLIENT;
239 }
240 
241 
242 static int is_p2p_net_interface(enum nl80211_iftype nlmode)
243 {
244 	return nlmode == NL80211_IFTYPE_P2P_CLIENT ||
245 		nlmode == NL80211_IFTYPE_P2P_GO;
246 }
247 
248 
249 struct i802_bss * get_bss_ifindex(struct wpa_driver_nl80211_data *drv,
250 				  int ifindex)
251 {
252 	struct i802_bss *bss;
253 
254 	for (bss = drv->first_bss; bss; bss = bss->next) {
255 		if (bss->ifindex == ifindex)
256 			return bss;
257 	}
258 
259 	return NULL;
260 }
261 
262 
263 static int is_mesh_interface(enum nl80211_iftype nlmode)
264 {
265 	return nlmode == NL80211_IFTYPE_MESH_POINT;
266 }
267 
268 
269 void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv)
270 {
271 	if (drv->associated)
272 		os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN);
273 	drv->associated = 0;
274 	os_memset(&drv->sta_mlo_info, 0, sizeof(drv->sta_mlo_info));
275 	os_memset(drv->bssid, 0, ETH_ALEN);
276 	drv->first_bss->flink->freq = 0;
277 #ifdef CONFIG_DRIVER_NL80211_QCA
278 	os_free(drv->pending_roam_data);
279 	drv->pending_roam_data = NULL;
280 	os_free(drv->pending_t2lm_data);
281 	drv->pending_t2lm_data = NULL;
282 	os_free(drv->pending_link_reconfig_data);
283 	drv->pending_link_reconfig_data = NULL;
284 #endif /* CONFIG_DRIVER_NL80211_QCA */
285 
286 	drv->auth_mld = false;
287 	drv->auth_mld_link_id = -1;
288 	os_memset(drv->auth_ap_mld_addr, 0, ETH_ALEN);
289 }
290 
291 
292 /* nl80211 code */
293 static int ack_handler(struct nl_msg *msg, void *arg)
294 {
295 	int *err = arg;
296 	*err = 0;
297 	return NL_STOP;
298 }
299 
300 
301 struct nl80211_ack_ext_arg {
302 	int *err;
303 	void *ext_data;
304 };
305 
306 
307 static int ack_handler_cookie(struct nl_msg *msg, void *arg)
308 {
309 	struct nl80211_ack_ext_arg *ext_arg = arg;
310 	struct nlattr *tb[NLMSGERR_ATTR_MAX + 1];
311 	u64 *cookie = ext_arg->ext_data;
312 	struct nlattr *attrs;
313 	size_t ack_len, attr_len;
314 
315 	*ext_arg->err = 0;
316 	ack_len = sizeof(struct nlmsghdr) + sizeof(int) +
317 		sizeof(struct nlmsghdr);
318 	attrs = (struct nlattr *)
319 		((u8 *) nlmsg_data(nlmsg_hdr(msg)) + sizeof(struct nlmsghdr) +
320 		 sizeof(int));
321 	if (nlmsg_hdr(msg)->nlmsg_len <= ack_len)
322 		return NL_STOP;
323 
324 	attr_len = nlmsg_hdr(msg)->nlmsg_len - ack_len;
325 
326 	if(!(nlmsg_hdr(msg)->nlmsg_flags & NLM_F_ACK_TLVS))
327 		return NL_STOP;
328 
329 	nla_parse(tb, NLMSGERR_ATTR_MAX, attrs, attr_len, NULL);
330 	if (tb[NLMSGERR_ATTR_COOKIE])
331 		*cookie = nla_get_u64(tb[NLMSGERR_ATTR_COOKIE]);
332 
333 	return NL_STOP;
334 }
335 
336 
337 static int finish_handler(struct nl_msg *msg, void *arg)
338 {
339 	int *ret = arg;
340 	*ret = 0;
341 	return NL_SKIP;
342 }
343 
344 struct nl80211_ack_err_args {
345 	int err;
346 	struct nl_msg *orig_msg;
347 	struct nl80211_err_info *err_info;
348 };
349 
350 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
351 			 void *arg)
352 {
353 	struct nl80211_ack_err_args *err_args = arg;
354 	struct nlmsghdr *nlh = (struct nlmsghdr *) err - 1;
355 	struct nlmsghdr *orig_nlh = nlmsg_hdr(err_args->orig_msg);
356 	int len = nlh->nlmsg_len;
357 	struct nlattr *attrs;
358 	struct nlattr *tb[NLMSGERR_ATTR_MAX + 1];
359 	int ack_len = sizeof(*nlh) + sizeof(int) + sizeof(*nlh);
360 	struct nlattr *mlo_links, *link_attr;
361 	u32 offset;
362 	int rem;
363 
364 	err_args->err = err->error;
365 	if (err_args->err_info)
366 		err_args->err_info->link_id = -1;
367 
368 	if (!(nlh->nlmsg_flags & NLM_F_ACK_TLVS))
369 		return NL_SKIP;
370 
371 	if (!(nlh->nlmsg_flags & NLM_F_CAPPED))
372 		ack_len += err->msg.nlmsg_len - sizeof(*nlh);
373 
374 	if (len <= ack_len)
375 		return NL_STOP;
376 
377 	attrs = (void *) ((unsigned char *) nlh + ack_len);
378 	len -= ack_len;
379 
380 	nla_parse(tb, NLMSGERR_ATTR_MAX, attrs, len, NULL);
381 	if (tb[NLMSGERR_ATTR_MSG]) {
382 		len = strnlen((char *) nla_data(tb[NLMSGERR_ATTR_MSG]),
383 			      nla_len(tb[NLMSGERR_ATTR_MSG]));
384 		wpa_printf(MSG_ERROR, "nl80211: kernel reports: %*s",
385 			   len, (char *) nla_data(tb[NLMSGERR_ATTR_MSG]));
386 	}
387 
388 	if (!err_args->err_info)
389 		return NL_SKIP;
390 
391 	/* Check if it was a per-link error report */
392 
393 	if (!tb[NLMSGERR_ATTR_OFFS] ||
394 	    os_memcmp(orig_nlh, &err->msg, sizeof(err->msg)) != 0)
395 		return NL_SKIP;
396 
397 	offset = nla_get_u32(tb[NLMSGERR_ATTR_OFFS]);
398 
399 	mlo_links = nlmsg_find_attr(orig_nlh, GENL_HDRLEN,
400 				    NL80211_ATTR_MLO_LINKS);
401 	if (!mlo_links)
402 		return NL_SKIP;
403 
404 	nla_for_each_nested(link_attr, mlo_links, rem) {
405 		struct nlattr *link_id;
406 		size_t link_offset = (u8 *) link_attr - (u8 *) orig_nlh;
407 
408 		if (offset < link_offset ||
409 		    offset >= link_offset + link_attr->nla_len)
410 			continue;
411 
412 		link_id = nla_find(nla_data(link_attr), nla_len(link_attr),
413 				   NL80211_ATTR_MLO_LINK_ID);
414 		if (link_id) {
415 			err_args->err_info->link_id = nla_get_u8(link_id);
416 			wpa_printf(MSG_DEBUG,
417 				   "nl80211: kernel reports error for link: %d",
418 				   err_args->err_info->link_id);
419 			break;
420 		}
421 	}
422 
423 	return NL_SKIP;
424 }
425 
426 
427 static int no_seq_check(struct nl_msg *msg, void *arg)
428 {
429 	return NL_OK;
430 }
431 
432 
433 static void nl80211_nlmsg_clear(struct nl_msg *msg)
434 {
435 	/*
436 	 * Clear nlmsg data, e.g., to make sure key material is not left in
437 	 * heap memory for unnecessarily long time.
438 	 */
439 	if (msg) {
440 		struct nlmsghdr *hdr = nlmsg_hdr(msg);
441 		void *data = nlmsg_data(hdr);
442 		/*
443 		 * This would use nlmsg_datalen() or the older nlmsg_len() if
444 		 * only libnl were to maintain a stable API.. Neither will work
445 		 * with all released versions, so just calculate the length
446 		 * here.
447 		 */
448 		int len = hdr->nlmsg_len - NLMSG_HDRLEN;
449 
450 		os_memset(data, 0, len);
451 	}
452 }
453 
454 
455 static int send_event_marker(struct wpa_driver_nl80211_data *drv)
456 {
457 	struct nl_sock *handle;
458 	struct nl_msg *msg;
459 	struct nlmsghdr *hdr;
460 	int res = 0;
461 	int err = -NLE_NOMEM;
462 
463 	msg = nlmsg_alloc();
464 	if (!msg)
465 		goto out;
466 
467 	/* We only care about the returned sequence number for matching. */
468 	if (!nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_PROTOCOL_FEATURES))
469 		goto out;
470 
471 	handle = (void *) (((intptr_t) drv->global->nl_event) ^
472 			   ELOOP_SOCKET_INVALID);
473 
474 	err = nl_send_auto_complete(handle, msg);
475 	if (err < 0)
476 		goto out;
477 
478 	hdr = nlmsg_hdr(msg);
479 	res = hdr->nlmsg_seq;
480 
481 out:
482 	nlmsg_free(msg);
483 	if (err)
484 		wpa_printf(MSG_INFO, "nl80211: %s failed: %s",
485 			   __func__, nl_geterror(err));
486 	return res;
487 }
488 
489 
490 int send_and_recv(struct nl80211_global *global,
491 		  struct nl_sock *nl_handle, struct nl_msg *msg,
492 		  int (*valid_handler)(struct nl_msg *, void *),
493 		  void *valid_data,
494 		  int (*ack_handler_custom)(struct nl_msg *, void *),
495 		  void *ack_data,
496 		  struct nl80211_err_info *err_info)
497 {
498 	struct nl_cb *cb, *s_nl_cb;
499 	struct nl80211_ack_err_args err;
500 	int opt;
501 
502 	if (!msg)
503 		return -ENOMEM;
504 
505 	err.err = -ENOMEM;
506 
507 	s_nl_cb = nl_socket_get_cb(nl_handle);
508 	cb = nl_cb_clone(s_nl_cb);
509 	nl_cb_put(s_nl_cb);
510 	if (!cb)
511 		goto out;
512 
513 	/* try to set NETLINK_EXT_ACK to 1, ignoring errors */
514 	opt = 1;
515 	setsockopt(nl_socket_get_fd(nl_handle), SOL_NETLINK,
516 		   NETLINK_EXT_ACK, &opt, sizeof(opt));
517 
518 	/* try to set NETLINK_CAP_ACK to 1, ignoring errors */
519 	opt = 1;
520 	setsockopt(nl_socket_get_fd(nl_handle), SOL_NETLINK,
521 		   NETLINK_CAP_ACK, &opt, sizeof(opt));
522 
523 	err.err = nl_send_auto_complete(nl_handle, msg);
524 	if (err.err < 0) {
525 		wpa_printf(MSG_INFO,
526 			   "nl80211: nl_send_auto_complete() failed: %s",
527 			   nl_geterror(err.err));
528 		/* Need to convert libnl error code to an errno value. For now,
529 		 * just hardcode this to EBADF; the real error reason is shown
530 		 * in that error print above. */
531 		err.err = -EBADF;
532 		goto out;
533 	}
534 
535 	err.err = 1;
536 	err.orig_msg = msg;
537 	err.err_info = err_info;
538 
539 	nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
540 	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err.err);
541 	if (ack_handler_custom) {
542 		struct nl80211_ack_ext_arg *ext_arg = ack_data;
543 
544 		ext_arg->err = &err.err;
545 		nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM,
546 			  ack_handler_custom, ack_data);
547 	} else {
548 		nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
549 	}
550 
551 	if (valid_handler)
552 		nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
553 			  valid_handler, valid_data);
554 
555 	while (err.err > 0) {
556 		int res = nl_recvmsgs(nl_handle, cb);
557 
558 		if (res == -NLE_DUMP_INTR) {
559 			/* Most likely one of the nl80211 dump routines hit a
560 			 * case where internal results changed while the dump
561 			 * was being sent. The most common known case for this
562 			 * is scan results fetching while associated were every
563 			 * received Beacon frame from the AP may end up
564 			 * incrementing bss_generation. This
565 			 * NL80211_CMD_GET_SCAN case tries again in the caller;
566 			 * other cases (of which there are no known common ones)
567 			 * will stop and return an error. */
568 			wpa_printf(MSG_DEBUG, "nl80211: %s; convert to -EAGAIN",
569 				   nl_geterror(res));
570 			err.err = -EAGAIN;
571 		} else if (res < 0) {
572 			wpa_printf(MSG_INFO,
573 				   "nl80211: %s->nl_recvmsgs failed: %d (%s)",
574 				   __func__, res, nl_geterror(res));
575 		}
576 	}
577  out:
578 	nl_cb_put(cb);
579 	/* Always clear the message as it can potentially contain keys */
580 	nl80211_nlmsg_clear(msg);
581 	nlmsg_free(msg);
582 	return err.err;
583 }
584 
585 
586 static int nl80211_put_control_port(struct wpa_driver_nl80211_data *drv,
587 				    struct nl_msg *msg)
588 {
589 	if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT) ||
590 	    nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, ETH_P_PAE) ||
591 	    ((drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) &&
592 	     (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_OVER_NL80211) ||
593 	      nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_PREAUTH))))
594 		return -1;
595 	return 0;
596 }
597 
598 
599 struct family_data {
600 	const char *group;
601 	int id;
602 };
603 
604 
605 static int family_handler(struct nl_msg *msg, void *arg)
606 {
607 	struct family_data *res = arg;
608 	struct nlattr *tb[CTRL_ATTR_MAX + 1];
609 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
610 	struct nlattr *mcgrp;
611 	int i;
612 
613 	nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
614 		  genlmsg_attrlen(gnlh, 0), NULL);
615 	if (!tb[CTRL_ATTR_MCAST_GROUPS])
616 		return NL_SKIP;
617 
618 	nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
619 		struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
620 		nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
621 			  nla_len(mcgrp), NULL);
622 		if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
623 		    !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
624 		    os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
625 			       res->group,
626 			       nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
627 			continue;
628 		res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
629 		break;
630 	};
631 
632 	return NL_SKIP;
633 }
634 
635 
636 static int nl_get_multicast_id(struct nl80211_global *global,
637 			       const char *family, const char *group)
638 {
639 	struct nl_msg *msg;
640 	int ret;
641 	struct family_data res = { group, -ENOENT };
642 
643 	msg = nlmsg_alloc();
644 	if (!msg)
645 		return -ENOMEM;
646 	if (!genlmsg_put(msg, 0, 0, global->nlctrl_id,
647 			 0, 0, CTRL_CMD_GETFAMILY, 0) ||
648 	    nla_put_string(msg, CTRL_ATTR_FAMILY_NAME, family)) {
649 		nlmsg_free(msg);
650 		return -1;
651 	}
652 
653 	ret = send_and_recv(global, global->nl, msg, family_handler, &res,
654 			    NULL, NULL, NULL);
655 	if (ret == 0)
656 		ret = res.id;
657 	return ret;
658 }
659 
660 
661 void * nl80211_cmd(struct wpa_driver_nl80211_data *drv,
662 		   struct nl_msg *msg, int flags, uint8_t cmd)
663 {
664 	if (TEST_FAIL())
665 		return NULL;
666 	return genlmsg_put(msg, 0, 0, drv->global->nl80211_id,
667 			   0, flags, cmd, 0);
668 }
669 
670 
671 static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss)
672 {
673 	if (bss->wdev_id_set)
674 		return nla_put_u64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
675 	return nla_put_u32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
676 }
677 
678 
679 struct nl_msg * nl80211_cmd_msg(struct i802_bss *bss, int flags, uint8_t cmd)
680 {
681 	struct nl_msg *msg;
682 
683 	msg = nlmsg_alloc();
684 	if (!msg)
685 		return NULL;
686 
687 	if (!nl80211_cmd(bss->drv, msg, flags, cmd) ||
688 	    nl80211_set_iface_id(msg, bss) < 0) {
689 		nlmsg_free(msg);
690 		return NULL;
691 	}
692 
693 	return msg;
694 }
695 
696 
697 static struct nl_msg *
698 nl80211_ifindex_msg_build(struct wpa_driver_nl80211_data *drv,
699 			  struct nl_msg *msg, int ifindex, int flags,
700 			  uint8_t cmd)
701 {
702 	if (!msg)
703 		return NULL;
704 
705 	if (!nl80211_cmd(drv, msg, flags, cmd) ||
706 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, ifindex)) {
707 		nlmsg_free(msg);
708 		return NULL;
709 	}
710 
711 	return msg;
712 }
713 
714 
715 static struct nl_msg *
716 nl80211_ifindex_msg(struct wpa_driver_nl80211_data *drv, int ifindex,
717 		    int flags, uint8_t cmd)
718 {
719 	return nl80211_ifindex_msg_build(drv, nlmsg_alloc(), ifindex, flags,
720 					 cmd);
721 }
722 
723 
724 struct nl_msg * nl80211_drv_msg(struct wpa_driver_nl80211_data *drv, int flags,
725 				uint8_t cmd)
726 {
727 	return nl80211_ifindex_msg(drv, drv->ifindex, flags, cmd);
728 }
729 
730 
731 struct nl_msg * nl80211_bss_msg(struct i802_bss *bss, int flags, uint8_t cmd)
732 {
733 	return nl80211_ifindex_msg(bss->drv, bss->ifindex, flags, cmd);
734 }
735 
736 
737 struct wiphy_idx_data {
738 	int wiphy_idx;
739 	enum nl80211_iftype nlmode;
740 	u8 *macaddr;
741 	u8 use_4addr;
742 };
743 
744 
745 static int netdev_info_handler(struct nl_msg *msg, void *arg)
746 {
747 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
748 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
749 	struct wiphy_idx_data *info = arg;
750 
751 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
752 		  genlmsg_attrlen(gnlh, 0), NULL);
753 
754 	if (tb[NL80211_ATTR_WIPHY])
755 		info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
756 
757 	if (tb[NL80211_ATTR_IFTYPE])
758 		info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]);
759 
760 	if (tb[NL80211_ATTR_MAC] && info->macaddr)
761 		os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
762 			  ETH_ALEN);
763 
764 	if (tb[NL80211_ATTR_4ADDR])
765 		info->use_4addr = nla_get_u8(tb[NL80211_ATTR_4ADDR]);
766 
767 	return NL_SKIP;
768 }
769 
770 
771 int nl80211_get_wiphy_index(struct i802_bss *bss)
772 {
773 	struct nl_msg *msg;
774 	struct wiphy_idx_data data = {
775 		.wiphy_idx = -1,
776 		.macaddr = NULL,
777 	};
778 
779 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)))
780 		return -1;
781 
782 	if (send_and_recv_resp(bss->drv, msg, netdev_info_handler, &data) == 0)
783 		return data.wiphy_idx;
784 	return -1;
785 }
786 
787 
788 static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss)
789 {
790 	struct nl_msg *msg;
791 	struct wiphy_idx_data data = {
792 		.nlmode = NL80211_IFTYPE_UNSPECIFIED,
793 		.macaddr = NULL,
794 	};
795 
796 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)))
797 		return NL80211_IFTYPE_UNSPECIFIED;
798 
799 	if (send_and_recv_resp(bss->drv, msg, netdev_info_handler, &data) == 0)
800 		return data.nlmode;
801 	return NL80211_IFTYPE_UNSPECIFIED;
802 }
803 
804 
805 static int nl80211_get_macaddr(struct i802_bss *bss)
806 {
807 	struct nl_msg *msg;
808 	struct wiphy_idx_data data = {
809 		.macaddr = bss->addr,
810 	};
811 
812 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)))
813 		return -1;
814 
815 	return send_and_recv_resp(bss->drv, msg, netdev_info_handler, &data);
816 }
817 
818 
819 static int nl80211_get_4addr(struct i802_bss *bss)
820 {
821 	struct nl_msg *msg;
822 	struct wiphy_idx_data data = {
823 		.use_4addr = 0,
824 	};
825 
826 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)) ||
827 	    send_and_recv_resp(bss->drv, msg, netdev_info_handler, &data))
828 		return -1;
829 	return data.use_4addr;
830 }
831 
832 
833 static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv,
834 				    struct nl80211_wiphy_data *w)
835 {
836 	struct nl_msg *msg;
837 	int ret;
838 
839 	msg = nlmsg_alloc();
840 	if (!msg)
841 		return -1;
842 
843 	if (!nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS) ||
844 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx)) {
845 		nlmsg_free(msg);
846 		return -1;
847 	}
848 
849 	ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL,
850 			    NULL, NULL, NULL);
851 	if (ret) {
852 		wpa_printf(MSG_DEBUG, "nl80211: Register beacons command "
853 			   "failed: ret=%d (%s)",
854 			   ret, strerror(-ret));
855 	}
856 	return ret;
857 }
858 
859 
860 static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle)
861 {
862 	struct nl80211_wiphy_data *w = eloop_ctx;
863 	int res;
864 
865 	wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available");
866 
867 	res = nl_recvmsgs(handle, w->nl_cb);
868 	if (res < 0) {
869 		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
870 			   __func__, res);
871 	}
872 }
873 
874 
875 static int process_beacon_event(struct nl_msg *msg, void *arg)
876 {
877 	struct nl80211_wiphy_data *w = arg;
878 	struct wpa_driver_nl80211_data *drv;
879 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
880 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
881 	union wpa_event_data event;
882 
883 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
884 		  genlmsg_attrlen(gnlh, 0), NULL);
885 
886 	if (gnlh->cmd != NL80211_CMD_FRAME) {
887 		wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)",
888 			   gnlh->cmd);
889 		return NL_SKIP;
890 	}
891 
892 	if (!tb[NL80211_ATTR_FRAME])
893 		return NL_SKIP;
894 
895 	dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data,
896 			 wiphy_list) {
897 		os_memset(&event, 0, sizeof(event));
898 		event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]);
899 		event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]);
900 		wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
901 	}
902 
903 	return NL_SKIP;
904 }
905 
906 
907 static struct nl80211_wiphy_data *
908 nl80211_get_wiphy_data_ap(struct i802_bss *bss)
909 {
910 	static DEFINE_DL_LIST(nl80211_wiphys);
911 	struct nl80211_wiphy_data *w;
912 	int wiphy_idx, found = 0;
913 	struct i802_bss *tmp_bss;
914 	u8 channel;
915 
916 	if (bss->wiphy_data != NULL)
917 		return bss->wiphy_data;
918 
919 	wiphy_idx = nl80211_get_wiphy_index(bss);
920 
921 	dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) {
922 		if (w->wiphy_idx == wiphy_idx)
923 			goto add;
924 	}
925 
926 	/* alloc new one */
927 	w = os_zalloc(sizeof(*w));
928 	if (w == NULL)
929 		return NULL;
930 	w->wiphy_idx = wiphy_idx;
931 	dl_list_init(&w->bsss);
932 	dl_list_init(&w->drvs);
933 
934 	/* Beacon frames not supported in IEEE 802.11ad */
935 	if (ieee80211_freq_to_chan(bss->flink->freq, &channel) !=
936 	    HOSTAPD_MODE_IEEE80211AD) {
937 		w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
938 		if (!w->nl_cb) {
939 			os_free(w);
940 			return NULL;
941 		}
942 		nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
943 			  no_seq_check, NULL);
944 		nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
945 			  process_beacon_event, w);
946 
947 		w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb,
948 						 "wiphy beacons");
949 		if (w->nl_beacons == NULL) {
950 			os_free(w);
951 			return NULL;
952 		}
953 
954 		if (nl80211_register_beacons(bss->drv, w)) {
955 			nl_destroy_handles(&w->nl_beacons);
956 			os_free(w);
957 			return NULL;
958 		}
959 
960 		nl80211_register_eloop_read(&w->nl_beacons,
961 					    nl80211_recv_beacons, w, 0);
962 	}
963 
964 	dl_list_add(&nl80211_wiphys, &w->list);
965 
966 add:
967 	/* drv entry for this bss already there? */
968 	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
969 		if (tmp_bss->drv == bss->drv) {
970 			found = 1;
971 			break;
972 		}
973 	}
974 	/* if not add it */
975 	if (!found)
976 		dl_list_add(&w->drvs, &bss->drv->wiphy_list);
977 
978 	dl_list_add(&w->bsss, &bss->wiphy_list);
979 	bss->wiphy_data = w;
980 	return w;
981 }
982 
983 
984 static void nl80211_put_wiphy_data_ap(struct i802_bss *bss)
985 {
986 	struct nl80211_wiphy_data *w = bss->wiphy_data;
987 	struct i802_bss *tmp_bss;
988 	int found = 0;
989 
990 	if (w == NULL)
991 		return;
992 	bss->wiphy_data = NULL;
993 	dl_list_del(&bss->wiphy_list);
994 
995 	/* still any for this drv present? */
996 	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
997 		if (tmp_bss->drv == bss->drv) {
998 			found = 1;
999 			break;
1000 		}
1001 	}
1002 	/* if not remove it */
1003 	if (!found)
1004 		dl_list_del(&bss->drv->wiphy_list);
1005 
1006 	if (!dl_list_empty(&w->bsss))
1007 		return;
1008 
1009 	if (w->nl_beacons)
1010 		nl80211_destroy_eloop_handle(&w->nl_beacons, 0);
1011 
1012 	nl_cb_put(w->nl_cb);
1013 	dl_list_del(&w->list);
1014 	os_free(w);
1015 }
1016 
1017 
1018 static unsigned int nl80211_get_ifindex(void *priv)
1019 {
1020 	struct i802_bss *bss = priv;
1021 	struct wpa_driver_nl80211_data *drv = bss->drv;
1022 
1023 	return drv->ifindex;
1024 }
1025 
1026 
1027 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
1028 {
1029 	struct i802_bss *bss = priv;
1030 	struct wpa_driver_nl80211_data *drv = bss->drv;
1031 	if (!drv->associated)
1032 		return -1;
1033 	os_memcpy(bssid, drv->bssid, ETH_ALEN);
1034 	return 0;
1035 }
1036 
1037 
1038 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
1039 {
1040 	struct i802_bss *bss = priv;
1041 	struct wpa_driver_nl80211_data *drv = bss->drv;
1042 	if (!drv->associated)
1043 		return -1;
1044 	os_memcpy(ssid, drv->ssid, drv->ssid_len);
1045 	return drv->ssid_len;
1046 }
1047 
1048 
1049 static int get_mlo_info(struct nl_msg *msg, void *arg)
1050 {
1051 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
1052 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1053 	struct nlattr *link_attr, *link_data[NL80211_ATTR_MAX + 1];
1054 	static struct nla_policy link_policy[NL80211_ATTR_MAX + 1] = {
1055 		[NL80211_ATTR_MLO_LINK_ID] = { .type = NLA_U8 },
1056 		[NL80211_ATTR_MAC] = { .minlen = ETH_ALEN, .maxlen = ETH_ALEN },
1057 	};
1058 	struct driver_sta_mlo_info *info = arg;
1059 	int rem;
1060 
1061 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1062 		  genlmsg_attrlen(gnlh, 0), NULL);
1063 
1064 	if (!tb[NL80211_ATTR_MLO_LINKS])
1065 		return NL_SKIP;
1066 
1067 	info->valid_links = 0;
1068 	nla_for_each_nested(link_attr, tb[NL80211_ATTR_MLO_LINKS], rem) {
1069 		u8 link_id;
1070 
1071 		if (nla_parse_nested(link_data, NL80211_ATTR_MAX,
1072 				     link_attr, link_policy) != 0)
1073 			continue;
1074 
1075 		if (!link_data[NL80211_ATTR_MLO_LINK_ID] ||
1076 		    !link_data[NL80211_ATTR_MAC])
1077 			continue;
1078 
1079 		link_id = nla_get_u8(link_data[NL80211_ATTR_MLO_LINK_ID]);
1080 		if (link_id >= MAX_NUM_MLD_LINKS)
1081 			continue;
1082 		info->valid_links |= BIT(link_id);
1083 		os_memcpy(info->links[link_id].addr,
1084 			  nla_data(link_data[NL80211_ATTR_MAC]), ETH_ALEN);
1085 		if (link_data[NL80211_ATTR_WIPHY_FREQ])
1086 			info->links[link_id].freq =
1087 				nla_get_u32(link_data[NL80211_ATTR_WIPHY_FREQ]);
1088 	}
1089 
1090 	return NL_SKIP;
1091 }
1092 
1093 
1094 static int nl80211_get_sta_mlo_info(void *priv,
1095 				    struct driver_sta_mlo_info *mlo_info)
1096 {
1097 	struct i802_bss *bss = priv;
1098 	struct wpa_driver_nl80211_data *drv = bss->drv;
1099 
1100 	if (!drv->associated)
1101 		return -1;
1102 
1103 	if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1104 		struct nl_msg *msg;
1105 
1106 		msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_INTERFACE);
1107 		if (send_and_recv_resp(drv, msg, get_mlo_info,
1108 				       &drv->sta_mlo_info))
1109 			return -1;
1110 	}
1111 
1112 	os_memcpy(mlo_info, &drv->sta_mlo_info, sizeof(*mlo_info));
1113 	return 0;
1114 }
1115 
1116 
1117 static void wpa_driver_nl80211_event_newlink(
1118 	struct nl80211_global *global, struct wpa_driver_nl80211_data *drv,
1119 	int ifindex, const char *ifname)
1120 {
1121 	union wpa_event_data event;
1122 
1123 	if (drv && os_strcmp(drv->first_bss->ifname, ifname) == 0) {
1124 		if (if_nametoindex(drv->first_bss->ifname) == 0) {
1125 			wpa_printf(MSG_DEBUG, "nl80211: Interface %s does not exist - ignore RTM_NEWLINK",
1126 				   drv->first_bss->ifname);
1127 			return;
1128 		}
1129 		if (!drv->if_removed)
1130 			return;
1131 		wpa_printf(MSG_DEBUG, "nl80211: Mark if_removed=0 for %s based on RTM_NEWLINK event",
1132 			   drv->first_bss->ifname);
1133 		drv->if_removed = 0;
1134 	}
1135 
1136 	os_memset(&event, 0, sizeof(event));
1137 	event.interface_status.ifindex = ifindex;
1138 	os_strlcpy(event.interface_status.ifname, ifname,
1139 		   sizeof(event.interface_status.ifname));
1140 	event.interface_status.ievent = EVENT_INTERFACE_ADDED;
1141 	if (drv)
1142 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
1143 	else
1144 		wpa_supplicant_event_global(global->ctx, EVENT_INTERFACE_STATUS,
1145 					    &event);
1146 }
1147 
1148 
1149 static void wpa_driver_nl80211_event_dellink(
1150 	struct nl80211_global *global, struct wpa_driver_nl80211_data *drv,
1151 	int ifindex, const char *ifname)
1152 {
1153 	union wpa_event_data event;
1154 
1155 	if (drv && os_strcmp(drv->first_bss->ifname, ifname) == 0) {
1156 		if (drv->if_removed) {
1157 			wpa_printf(MSG_DEBUG, "nl80211: if_removed already set - ignore RTM_DELLINK event for %s",
1158 				   ifname);
1159 			return;
1160 		}
1161 		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed - mark if_removed=1",
1162 			   ifname);
1163 		drv->if_removed = 1;
1164 	} else {
1165 		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed",
1166 			   ifname);
1167 	}
1168 
1169 	os_memset(&event, 0, sizeof(event));
1170 	event.interface_status.ifindex = ifindex;
1171 	os_strlcpy(event.interface_status.ifname, ifname,
1172 		   sizeof(event.interface_status.ifname));
1173 	event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
1174 	if (drv)
1175 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
1176 	else
1177 		wpa_supplicant_event_global(global->ctx, EVENT_INTERFACE_STATUS,
1178 					    &event);
1179 }
1180 
1181 
1182 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
1183 					 u8 *buf, size_t len)
1184 {
1185 	int attrlen, rta_len;
1186 	struct rtattr *attr;
1187 
1188 	attrlen = len;
1189 	attr = (struct rtattr *) buf;
1190 
1191 	rta_len = RTA_ALIGN(sizeof(struct rtattr));
1192 	while (RTA_OK(attr, attrlen)) {
1193 		if (attr->rta_type == IFLA_IFNAME) {
1194 			if (os_strcmp(((char *) attr) + rta_len,
1195 				      drv->first_bss->ifname) == 0)
1196 				return 1;
1197 			else
1198 				break;
1199 		}
1200 		attr = RTA_NEXT(attr, attrlen);
1201 	}
1202 
1203 	return 0;
1204 }
1205 
1206 
1207 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
1208 					  int ifindex, u8 *buf, size_t len)
1209 {
1210 	if (drv->ifindex == ifindex)
1211 		return 1;
1212 
1213 	if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
1214 		nl80211_check_global(drv->global);
1215 		wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
1216 			   "interface");
1217 		if (wpa_driver_nl80211_finish_drv_init(drv, NULL, 0, NULL) < 0)
1218 			return -1;
1219 		return 1;
1220 	}
1221 
1222 	return 0;
1223 }
1224 
1225 
1226 static struct wpa_driver_nl80211_data *
1227 nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len,
1228 		 int *init_failed)
1229 {
1230 	struct wpa_driver_nl80211_data *drv;
1231 	int res;
1232 
1233 	if (init_failed)
1234 		*init_failed = 0;
1235 	dl_list_for_each(drv, &global->interfaces,
1236 			 struct wpa_driver_nl80211_data, list) {
1237 		res = wpa_driver_nl80211_own_ifindex(drv, idx, buf, len);
1238 		if (res < 0) {
1239 			wpa_printf(MSG_DEBUG,
1240 				   "nl80211: Found matching own interface, but failed to complete reinitialization");
1241 			if (init_failed)
1242 				*init_failed = 1;
1243 			return drv;
1244 		}
1245 		if (res > 0 || have_ifidx(drv, idx, IFIDX_ANY))
1246 			return drv;
1247 	}
1248 	return NULL;
1249 }
1250 
1251 
1252 static void nl80211_refresh_mac(struct wpa_driver_nl80211_data *drv,
1253 				int ifindex, int notify)
1254 {
1255 	struct i802_bss *bss;
1256 	u8 addr[ETH_ALEN];
1257 
1258 	bss = get_bss_ifindex(drv, ifindex);
1259 	if (bss &&
1260 	    linux_get_ifhwaddr(drv->global->ioctl_sock,
1261 			       bss->ifname, addr) < 0) {
1262 		wpa_printf(MSG_DEBUG,
1263 			   "nl80211: %s: failed to re-read MAC address",
1264 			   bss->ifname);
1265 	} else if (bss && !ether_addr_equal(addr, bss->addr)) {
1266 		wpa_printf(MSG_DEBUG,
1267 			   "nl80211: Own MAC address on ifindex %d (%s) changed from "
1268 			   MACSTR " to " MACSTR,
1269 			   ifindex, bss->ifname,
1270 			   MAC2STR(bss->addr), MAC2STR(addr));
1271 		os_memcpy(bss->prev_addr, bss->addr, ETH_ALEN);
1272 		os_memcpy(bss->addr, addr, ETH_ALEN);
1273 		if (notify)
1274 			wpa_supplicant_event(drv->ctx,
1275 					     EVENT_INTERFACE_MAC_CHANGED, NULL);
1276 	}
1277 }
1278 
1279 
1280 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
1281 						 struct ifinfomsg *ifi,
1282 						 u8 *buf, size_t len)
1283 {
1284 	struct nl80211_global *global = ctx;
1285 	struct wpa_driver_nl80211_data *drv;
1286 	int attrlen;
1287 	struct rtattr *attr;
1288 	u32 brid = 0;
1289 	char namebuf[IFNAMSIZ];
1290 	char ifname[IFNAMSIZ + 1];
1291 	char extra[100], *pos, *end;
1292 	int init_failed;
1293 
1294 	extra[0] = '\0';
1295 	pos = extra;
1296 	end = pos + sizeof(extra);
1297 	ifname[0] = '\0';
1298 
1299 	attrlen = len;
1300 	attr = (struct rtattr *) buf;
1301 	while (RTA_OK(attr, attrlen)) {
1302 		switch (attr->rta_type) {
1303 		case IFLA_IFNAME:
1304 			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
1305 				break;
1306 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
1307 			ifname[RTA_PAYLOAD(attr)] = '\0';
1308 			break;
1309 		case IFLA_MASTER:
1310 			brid = nla_get_u32((struct nlattr *) attr);
1311 			pos += os_snprintf(pos, end - pos, " master=%u", brid);
1312 			break;
1313 		case IFLA_WIRELESS:
1314 			pos += os_snprintf(pos, end - pos, " wext");
1315 			break;
1316 		case IFLA_OPERSTATE:
1317 			pos += os_snprintf(pos, end - pos, " operstate=%u",
1318 					   nla_get_u32((struct nlattr *) attr));
1319 			break;
1320 		case IFLA_LINKMODE:
1321 			pos += os_snprintf(pos, end - pos, " linkmode=%u",
1322 					   nla_get_u32((struct nlattr *) attr));
1323 			break;
1324 		}
1325 		attr = RTA_NEXT(attr, attrlen);
1326 	}
1327 	extra[sizeof(extra) - 1] = '\0';
1328 
1329 	wpa_printf(MSG_DEBUG, "RTM_NEWLINK: ifi_index=%d ifname=%s%s ifi_family=%d ifi_flags=0x%x (%s%s%s%s)",
1330 		   ifi->ifi_index, ifname, extra, ifi->ifi_family,
1331 		   ifi->ifi_flags,
1332 		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
1333 		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
1334 		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
1335 		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
1336 
1337 	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len, &init_failed);
1338 	if (!drv)
1339 		goto event_newlink;
1340 	if (init_failed)
1341 		return; /* do not update interface state */
1342 
1343 	if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
1344 		namebuf[0] = '\0';
1345 		if (if_indextoname(ifi->ifi_index, namebuf) &&
1346 		    linux_iface_up(drv->global->ioctl_sock, namebuf) > 0) {
1347 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1348 				   "event since interface %s is up", namebuf);
1349 			drv->ignore_if_down_event = 0;
1350 			/* Re-read MAC address as it may have changed */
1351 			nl80211_refresh_mac(drv, ifi->ifi_index, 1);
1352 			return;
1353 		}
1354 		wpa_printf(MSG_DEBUG, "nl80211: Interface down (%s/%s)",
1355 			   namebuf, ifname);
1356 		if (os_strcmp(drv->first_bss->ifname, ifname) != 0) {
1357 			wpa_printf(MSG_DEBUG,
1358 				   "nl80211: Not the main interface (%s) - do not indicate interface down",
1359 				   drv->first_bss->ifname);
1360 		} else if (drv->ignore_if_down_event) {
1361 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1362 				   "event generated by mode change");
1363 			drv->ignore_if_down_event = 0;
1364 		} else {
1365 			drv->if_disabled = 1;
1366 			wpa_supplicant_event(drv->ctx,
1367 					     EVENT_INTERFACE_DISABLED, NULL);
1368 
1369 			/*
1370 			 * Try to get drv again, since it may be removed as
1371 			 * part of the EVENT_INTERFACE_DISABLED handling for
1372 			 * dynamic interfaces
1373 			 */
1374 			drv = nl80211_find_drv(global, ifi->ifi_index,
1375 					       buf, len, NULL);
1376 			if (!drv)
1377 				return;
1378 		}
1379 	}
1380 
1381 	if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
1382 		namebuf[0] = '\0';
1383 		if (if_indextoname(ifi->ifi_index, namebuf) &&
1384 		    linux_iface_up(drv->global->ioctl_sock, namebuf) == 0) {
1385 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1386 				   "event since interface %s is down",
1387 				   namebuf);
1388 			return;
1389 		}
1390 		wpa_printf(MSG_DEBUG, "nl80211: Interface up (%s/%s)",
1391 			   namebuf, ifname);
1392 		if (os_strcmp(drv->first_bss->ifname, ifname) != 0) {
1393 			wpa_printf(MSG_DEBUG,
1394 				   "nl80211: Not the main interface (%s) - do not indicate interface up",
1395 				   drv->first_bss->ifname);
1396 		} else if (if_nametoindex(drv->first_bss->ifname) == 0) {
1397 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1398 				   "event since interface %s does not exist",
1399 				   drv->first_bss->ifname);
1400 		} else if (drv->if_removed) {
1401 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1402 				   "event since interface %s is marked "
1403 				   "removed", drv->first_bss->ifname);
1404 		} else {
1405 			/* Re-read MAC address as it may have changed */
1406 			nl80211_refresh_mac(drv, ifi->ifi_index, 0);
1407 
1408 			drv->if_disabled = 0;
1409 			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
1410 					     NULL);
1411 		}
1412 	}
1413 
1414 	/*
1415 	 * Some drivers send the association event before the operup event--in
1416 	 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
1417 	 * fails. This will hit us when wpa_supplicant does not need to do
1418 	 * IEEE 802.1X authentication
1419 	 */
1420 	if (drv->operstate == 1 &&
1421 	    (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
1422 	    !(ifi->ifi_flags & IFF_RUNNING)) {
1423 		wpa_printf(MSG_DEBUG, "nl80211: Set IF_OPER_UP again based on ifi_flags and expected operstate");
1424 		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
1425 				       -1, IF_OPER_UP);
1426 	}
1427 
1428 event_newlink:
1429 	if (ifname[0])
1430 		wpa_driver_nl80211_event_newlink(global, drv, ifi->ifi_index,
1431 						 ifname);
1432 
1433 	if (ifi->ifi_family == AF_BRIDGE && brid && drv) {
1434 		struct i802_bss *bss;
1435 
1436 		/* device has been added to bridge */
1437 		if (!if_indextoname(brid, namebuf)) {
1438 			wpa_printf(MSG_DEBUG,
1439 				   "nl80211: Could not find bridge ifname for ifindex %u",
1440 				   brid);
1441 			return;
1442 		}
1443 		wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
1444 			   brid, namebuf);
1445 		add_ifidx(drv, brid, ifi->ifi_index);
1446 
1447 		for (bss = drv->first_bss; bss; bss = bss->next) {
1448 			if (os_strcmp(ifname, bss->ifname) == 0) {
1449 				os_strlcpy(bss->brname, namebuf, IFNAMSIZ);
1450 				break;
1451 			}
1452 		}
1453 	}
1454 }
1455 
1456 
1457 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
1458 						 struct ifinfomsg *ifi,
1459 						 u8 *buf, size_t len)
1460 {
1461 	struct nl80211_global *global = ctx;
1462 	struct wpa_driver_nl80211_data *drv;
1463 	int attrlen;
1464 	struct rtattr *attr;
1465 	u32 brid = 0;
1466 	char ifname[IFNAMSIZ + 1];
1467 	char extra[100], *pos, *end;
1468 
1469 	extra[0] = '\0';
1470 	pos = extra;
1471 	end = pos + sizeof(extra);
1472 	ifname[0] = '\0';
1473 
1474 	attrlen = len;
1475 	attr = (struct rtattr *) buf;
1476 	while (RTA_OK(attr, attrlen)) {
1477 		switch (attr->rta_type) {
1478 		case IFLA_IFNAME:
1479 			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
1480 				break;
1481 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
1482 			ifname[RTA_PAYLOAD(attr)] = '\0';
1483 			break;
1484 		case IFLA_MASTER:
1485 			brid = nla_get_u32((struct nlattr *) attr);
1486 			pos += os_snprintf(pos, end - pos, " master=%u", brid);
1487 			break;
1488 		case IFLA_OPERSTATE:
1489 			pos += os_snprintf(pos, end - pos, " operstate=%u",
1490 					   nla_get_u32((struct nlattr *) attr));
1491 			break;
1492 		case IFLA_LINKMODE:
1493 			pos += os_snprintf(pos, end - pos, " linkmode=%u",
1494 					   nla_get_u32((struct nlattr *) attr));
1495 			break;
1496 		}
1497 		attr = RTA_NEXT(attr, attrlen);
1498 	}
1499 	extra[sizeof(extra) - 1] = '\0';
1500 
1501 	wpa_printf(MSG_DEBUG, "RTM_DELLINK: ifi_index=%d ifname=%s%s ifi_family=%d ifi_flags=0x%x (%s%s%s%s)",
1502 		   ifi->ifi_index, ifname, extra, ifi->ifi_family,
1503 		   ifi->ifi_flags,
1504 		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
1505 		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
1506 		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
1507 		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
1508 
1509 	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len, NULL);
1510 
1511 	if (ifi->ifi_family == AF_BRIDGE && brid && drv) {
1512 		/* device has been removed from bridge */
1513 		char namebuf[IFNAMSIZ];
1514 
1515 		if (!if_indextoname(brid, namebuf)) {
1516 			wpa_printf(MSG_DEBUG,
1517 				   "nl80211: Could not find bridge ifname for ifindex %u",
1518 				   brid);
1519 		} else {
1520 			wpa_printf(MSG_DEBUG,
1521 				   "nl80211: Remove ifindex %u for bridge %s",
1522 				   brid, namebuf);
1523 		}
1524 		del_ifidx(drv, brid, ifi->ifi_index);
1525 	}
1526 
1527 	if (ifi->ifi_family != AF_BRIDGE || !brid)
1528 		wpa_driver_nl80211_event_dellink(global, drv, ifi->ifi_index,
1529 						 ifname);
1530 }
1531 
1532 
1533 struct nl80211_get_assoc_freq_arg {
1534 	struct wpa_driver_nl80211_data *drv;
1535 	unsigned int assoc_freq;
1536 	unsigned int ibss_freq;
1537 	u8 assoc_bssid[ETH_ALEN];
1538 	u8 assoc_ssid[SSID_MAX_LEN];
1539 	u8 assoc_ssid_len;
1540 	u8 bssid[MAX_NUM_MLD_LINKS][ETH_ALEN];
1541 	unsigned int freq[MAX_NUM_MLD_LINKS];
1542 };
1543 
1544 static int nl80211_get_assoc_freq_handler(struct nl_msg *msg, void *arg)
1545 {
1546 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
1547 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1548 	struct nlattr *bss[NL80211_BSS_MAX + 1];
1549 	static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
1550 		[NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
1551 		[NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
1552 		[NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
1553 		[NL80211_BSS_STATUS] = { .type = NLA_U32 },
1554 		[NL80211_BSS_MLO_LINK_ID] = { .type = NLA_U8 },
1555 	};
1556 	struct nl80211_get_assoc_freq_arg *ctx = arg;
1557 	enum nl80211_bss_status status;
1558 	struct wpa_driver_nl80211_data *drv = ctx->drv;
1559 
1560 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1561 		  genlmsg_attrlen(gnlh, 0), NULL);
1562 	if (!tb[NL80211_ATTR_BSS] ||
1563 	    nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
1564 			     bss_policy) ||
1565 	    !bss[NL80211_BSS_STATUS])
1566 		return NL_SKIP;
1567 
1568 	status = nla_get_u32(bss[NL80211_BSS_STATUS]);
1569 	if (status == NL80211_BSS_STATUS_ASSOCIATED &&
1570 	    bss[NL80211_BSS_FREQUENCY]) {
1571 		int link_id = -1;
1572 		u32 freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
1573 
1574 		if (bss[NL80211_BSS_MLO_LINK_ID])
1575 			link_id = nla_get_u8(bss[NL80211_BSS_MLO_LINK_ID]);
1576 
1577 		if (link_id >= 0 && link_id < MAX_NUM_MLD_LINKS) {
1578 			ctx->freq[link_id] = freq;
1579 			wpa_printf(MSG_DEBUG,
1580 				   "nl80211: MLO link %d associated on %u MHz",
1581 				   link_id, ctx->freq[link_id]);
1582 		}
1583 
1584 		if (!drv->sta_mlo_info.valid_links ||
1585 		    drv->sta_mlo_info.assoc_link_id == link_id) {
1586 			ctx->assoc_freq = freq;
1587 			wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz",
1588 				   ctx->assoc_freq);
1589 		}
1590 	}
1591 	if (status == NL80211_BSS_STATUS_IBSS_JOINED &&
1592 	    bss[NL80211_BSS_FREQUENCY]) {
1593 		ctx->ibss_freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
1594 		wpa_printf(MSG_DEBUG, "nl80211: IBSS-joined on %u MHz",
1595 			   ctx->ibss_freq);
1596 	}
1597 	if (status == NL80211_BSS_STATUS_ASSOCIATED &&
1598 	    bss[NL80211_BSS_BSSID]) {
1599 		int link_id = -1;
1600 		const u8 *bssid = nla_data(bss[NL80211_BSS_BSSID]);
1601 
1602 		if (bss[NL80211_BSS_MLO_LINK_ID])
1603 			link_id = nla_get_u8(bss[NL80211_BSS_MLO_LINK_ID]);
1604 
1605 		if (link_id >= 0 && link_id < MAX_NUM_MLD_LINKS) {
1606 			os_memcpy(ctx->bssid[link_id], bssid, ETH_ALEN);
1607 			wpa_printf(MSG_DEBUG,
1608 				   "nl80211: MLO link %d associated with "
1609 				   MACSTR, link_id, MAC2STR(bssid));
1610 		}
1611 
1612 		if (!drv->sta_mlo_info.valid_links ||
1613 		    drv->sta_mlo_info.assoc_link_id == link_id) {
1614 			os_memcpy(ctx->assoc_bssid, bssid, ETH_ALEN);
1615 			wpa_printf(MSG_DEBUG, "nl80211: Associated with "
1616 				   MACSTR, MAC2STR(bssid));
1617 		}
1618 
1619 	}
1620 
1621 	if (status == NL80211_BSS_STATUS_ASSOCIATED &&
1622 	    bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
1623 		const u8 *ie, *ssid;
1624 		size_t ie_len;
1625 
1626 		ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1627 		ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1628 		ssid = get_ie(ie, ie_len, WLAN_EID_SSID);
1629 		if (ssid && ssid[1] > 0 && ssid[1] <= SSID_MAX_LEN) {
1630 			ctx->assoc_ssid_len = ssid[1];
1631 			os_memcpy(ctx->assoc_ssid, ssid + 2, ssid[1]);
1632 		}
1633 	}
1634 
1635 	return NL_SKIP;
1636 }
1637 
1638 
1639 int nl80211_get_assoc_ssid(struct wpa_driver_nl80211_data *drv, u8 *ssid)
1640 {
1641 	struct nl_msg *msg;
1642 	int ret;
1643 	struct nl80211_get_assoc_freq_arg arg;
1644 	int count = 0;
1645 
1646 try_again:
1647 	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1648 	os_memset(&arg, 0, sizeof(arg));
1649 	arg.drv = drv;
1650 	ret = send_and_recv_resp(drv, msg, nl80211_get_assoc_freq_handler,
1651 				 &arg);
1652 	if (ret == -EAGAIN) {
1653 		count++;
1654 		if (count >= 10) {
1655 			wpa_printf(MSG_INFO,
1656 				   "nl80211: Failed to receive consistent scan result dump for get_assoc_ssid");
1657 		} else {
1658 			wpa_printf(MSG_DEBUG,
1659 				   "nl80211: Failed to receive consistent scan result dump for get_assoc_ssid - try again");
1660 			goto try_again;
1661 		}
1662 	}
1663 	if (ret == 0) {
1664 		os_memcpy(ssid, arg.assoc_ssid, arg.assoc_ssid_len);
1665 		return arg.assoc_ssid_len;
1666 	}
1667 	wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d (%s)",
1668 		   ret, strerror(-ret));
1669 	return ret;
1670 }
1671 
1672 
1673 unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
1674 {
1675 	struct nl_msg *msg;
1676 	int ret;
1677 	struct nl80211_get_assoc_freq_arg arg;
1678 	int count = 0;
1679 
1680 try_again:
1681 	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1682 	os_memset(&arg, 0, sizeof(arg));
1683 	arg.drv = drv;
1684 	ret = send_and_recv_resp(drv, msg, nl80211_get_assoc_freq_handler,
1685 				 &arg);
1686 	if (ret == -EAGAIN) {
1687 		count++;
1688 		if (count >= 10) {
1689 			wpa_printf(MSG_INFO,
1690 				   "nl80211: Failed to receive consistent scan result dump for get_assoc_freq");
1691 		} else {
1692 			wpa_printf(MSG_DEBUG,
1693 				   "nl80211: Failed to receive consistent scan result dump for get_assoc_freq - try again");
1694 			goto try_again;
1695 		}
1696 	}
1697 	if (ret == 0) {
1698 		unsigned int freq = drv->nlmode == NL80211_IFTYPE_ADHOC ?
1699 			arg.ibss_freq : arg.assoc_freq;
1700 		wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
1701 			   "associated BSS from scan results: %u MHz", freq);
1702 		if (freq)
1703 			drv->assoc_freq = freq;
1704 
1705 		if (drv->sta_mlo_info.valid_links) {
1706 			int i;
1707 
1708 			for (i = 0; i < MAX_NUM_MLD_LINKS; i++)
1709 				drv->sta_mlo_info.links[i].freq = arg.freq[i];
1710 		}
1711 
1712 		return drv->assoc_freq;
1713 	}
1714 	wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1715 		   "(%s)", ret, strerror(-ret));
1716 	return drv->assoc_freq;
1717 }
1718 
1719 
1720 static int get_link_noise(struct nl_msg *msg, void *arg)
1721 {
1722 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
1723 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1724 	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1725 	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1726 		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1727 		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1728 	};
1729 	struct wpa_signal_info *sig_change = arg;
1730 
1731 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1732 		  genlmsg_attrlen(gnlh, 0), NULL);
1733 
1734 	if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1735 		wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
1736 		return NL_SKIP;
1737 	}
1738 
1739 	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1740 			     tb[NL80211_ATTR_SURVEY_INFO],
1741 			     survey_policy)) {
1742 		wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
1743 			   "attributes!");
1744 		return NL_SKIP;
1745 	}
1746 
1747 	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1748 		return NL_SKIP;
1749 
1750 	if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1751 	    sig_change->frequency)
1752 		return NL_SKIP;
1753 
1754 	if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1755 		return NL_SKIP;
1756 
1757 	sig_change->current_noise =
1758 		(s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1759 
1760 	return NL_SKIP;
1761 }
1762 
1763 
1764 int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
1765 			   struct wpa_signal_info *sig_change)
1766 {
1767 	struct nl_msg *msg;
1768 
1769 	sig_change->current_noise = WPA_INVALID_NOISE;
1770 	sig_change->frequency = drv->assoc_freq;
1771 
1772 	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
1773 	return send_and_recv_resp(drv, msg, get_link_noise, sig_change);
1774 }
1775 
1776 
1777 static int get_channel_info(struct nl_msg *msg, void *arg)
1778 {
1779 	struct nlattr *tb[NL80211_ATTR_MAX + 1] = { 0 };
1780 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1781 	struct wpa_channel_info *chan_info = arg;
1782 
1783 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1784 		  genlmsg_attrlen(gnlh, 0), NULL);
1785 
1786 	os_memset(chan_info, 0, sizeof(struct wpa_channel_info));
1787 	chan_info->chanwidth = CHAN_WIDTH_UNKNOWN;
1788 
1789 	if (tb[NL80211_ATTR_WIPHY_FREQ])
1790 		chan_info->frequency =
1791 			nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
1792 	if (tb[NL80211_ATTR_CHANNEL_WIDTH])
1793 		chan_info->chanwidth = convert2width(
1794 			nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH]));
1795 	if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1796 		enum nl80211_channel_type ct =
1797 			nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1798 
1799 		switch (ct) {
1800 		case NL80211_CHAN_HT40MINUS:
1801 			chan_info->sec_channel = -1;
1802 			break;
1803 		case NL80211_CHAN_HT40PLUS:
1804 			chan_info->sec_channel = 1;
1805 			break;
1806 		default:
1807 			chan_info->sec_channel = 0;
1808 			break;
1809 		}
1810 	}
1811 	if (tb[NL80211_ATTR_CENTER_FREQ1])
1812 		chan_info->center_frq1 =
1813 			nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
1814 	if (tb[NL80211_ATTR_CENTER_FREQ2])
1815 		chan_info->center_frq2 =
1816 			nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
1817 
1818 	if (chan_info->center_frq2) {
1819 		u8 seg1_idx = 0;
1820 
1821 		if (ieee80211_freq_to_chan(chan_info->center_frq2, &seg1_idx) !=
1822 		    NUM_HOSTAPD_MODES)
1823 			chan_info->seg1_idx = seg1_idx;
1824 	}
1825 
1826 	return NL_SKIP;
1827 }
1828 
1829 
1830 static int nl80211_channel_info(void *priv, struct wpa_channel_info *ci)
1831 {
1832 	struct i802_bss *bss = priv;
1833 	struct wpa_driver_nl80211_data *drv = bss->drv;
1834 	struct nl_msg *msg;
1835 
1836 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_INTERFACE);
1837 	return send_and_recv_resp(drv, msg, get_channel_info, ci);
1838 }
1839 
1840 
1841 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
1842 					     void *handle)
1843 {
1844 	struct nl_cb *cb = eloop_ctx;
1845 	int res;
1846 
1847 	wpa_printf(MSG_MSGDUMP, "nl80211: Event message available");
1848 
1849 	res = nl_recvmsgs(handle, cb);
1850 	if (res < 0) {
1851 		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
1852 			   __func__, res);
1853 	}
1854 }
1855 
1856 
1857 /**
1858  * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
1859  * @priv: driver_nl80211 private data
1860  * @alpha2_arg: country to which to switch to
1861  * Returns: 0 on success, -1 on failure
1862  *
1863  * This asks nl80211 to set the regulatory domain for given
1864  * country ISO / IEC alpha2.
1865  */
1866 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
1867 {
1868 	struct i802_bss *bss = priv;
1869 	struct wpa_driver_nl80211_data *drv = bss->drv;
1870 	char alpha2[3];
1871 	struct nl_msg *msg;
1872 
1873 	msg = nlmsg_alloc();
1874 	if (!msg)
1875 		return -ENOMEM;
1876 
1877 	alpha2[0] = alpha2_arg[0];
1878 	alpha2[1] = alpha2_arg[1];
1879 	alpha2[2] = '\0';
1880 
1881 	if (!nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG) ||
1882 	    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, alpha2)) {
1883 		nlmsg_free(msg);
1884 		return -EINVAL;
1885 	}
1886 	if (send_and_recv_cmd(drv, msg))
1887 		return -EINVAL;
1888 	return 0;
1889 }
1890 
1891 
1892 static int nl80211_get_country(struct nl_msg *msg, void *arg)
1893 {
1894 	char *alpha2 = arg;
1895 	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
1896 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1897 
1898 	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1899 		  genlmsg_attrlen(gnlh, 0), NULL);
1900 	if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) {
1901 		wpa_printf(MSG_DEBUG, "nl80211: No country information available");
1902 		return NL_SKIP;
1903 	}
1904 	os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3);
1905 	return NL_SKIP;
1906 }
1907 
1908 
1909 static int wpa_driver_nl80211_get_country(void *priv, char *alpha2)
1910 {
1911 	struct i802_bss *bss = priv;
1912 	struct wpa_driver_nl80211_data *drv = bss->drv;
1913 	struct nl_msg *msg;
1914 	int ret;
1915 
1916 	msg = nlmsg_alloc();
1917 	if (!msg)
1918 		return -ENOMEM;
1919 
1920 	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG);
1921 
1922 	if (drv->capa.flags & WPA_DRIVER_FLAGS_SELF_MANAGED_REGULATORY) {
1923 		/* put wiphy idx to get the interface specific country code
1924 		 * instead of the global one. */
1925 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, drv->wiphy_idx)) {
1926 			nlmsg_free(msg);
1927 			return -1;
1928 		}
1929 	}
1930 
1931 	alpha2[0] = '\0';
1932 	ret = send_and_recv_resp(drv, msg, nl80211_get_country, alpha2);
1933 	if (!alpha2[0])
1934 		ret = -1;
1935 
1936 	return ret;
1937 }
1938 
1939 
1940 static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
1941 {
1942 	struct nl_cache *cache = NULL;
1943 	struct genl_family *family = NULL;
1944 	int ret;
1945 
1946 	global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1947 	if (global->nl_cb == NULL) {
1948 		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1949 			   "callbacks");
1950 		return -1;
1951 	}
1952 
1953 	global->nl = nl_create_handle(global->nl_cb, "nl");
1954 	if (global->nl == NULL)
1955 		goto err;
1956 
1957 	global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211");
1958 	if (global->nl80211_id < 0) {
1959 		wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
1960 			   "found");
1961 		goto err;
1962 	}
1963 
1964 	global->nlctrl_id = genl_ctrl_resolve(global->nl, "nlctrl");
1965 	if (global->nlctrl_id < 0) {
1966 		wpa_printf(MSG_ERROR,
1967 			   "nl80211: 'nlctrl' generic netlink not found");
1968 		goto err;
1969 	}
1970 
1971 	global->nl_event = nl_create_handle(global->nl_cb, "event");
1972 	if (global->nl_event == NULL)
1973 		goto err;
1974 
1975 	ret = nl_get_multicast_id(global, "nl80211", "scan");
1976 	if (ret >= 0)
1977 		ret = nl_socket_add_membership(global->nl_event, ret);
1978 	if (ret < 0) {
1979 		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1980 			   "membership for scan events: %d (%s)",
1981 			   ret, nl_geterror(ret));
1982 		goto err;
1983 	}
1984 
1985 	ret = nl_get_multicast_id(global, "nl80211", "mlme");
1986 	if (ret >= 0)
1987 		ret = nl_socket_add_membership(global->nl_event, ret);
1988 	if (ret < 0) {
1989 		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1990 			   "membership for mlme events: %d (%s)",
1991 			   ret, nl_geterror(ret));
1992 		goto err;
1993 	}
1994 
1995 	ret = nl_get_multicast_id(global, "nl80211", "regulatory");
1996 	if (ret >= 0)
1997 		ret = nl_socket_add_membership(global->nl_event, ret);
1998 	if (ret < 0) {
1999 		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
2000 			   "membership for regulatory events: %d (%s)",
2001 			   ret, nl_geterror(ret));
2002 		/* Continue without regulatory events */
2003 	}
2004 
2005 	ret = nl_get_multicast_id(global, "nl80211", "vendor");
2006 	if (ret >= 0)
2007 		ret = nl_socket_add_membership(global->nl_event, ret);
2008 	if (ret < 0) {
2009 		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
2010 			   "membership for vendor events: %d (%s)",
2011 			   ret, nl_geterror(ret));
2012 		/* Continue without vendor events */
2013 	}
2014 
2015 	/* Resolve maxattr for kernel support checks */
2016 	ret = genl_ctrl_alloc_cache(global->nl, &cache);
2017 	if (ret < 0) {
2018 		wpa_printf(MSG_DEBUG,
2019 			   "nl80211: Could not allocate genl cache: %d (%s)",
2020 			   ret, nl_geterror(ret));
2021 		goto err;
2022 	}
2023 
2024 	family = genl_ctrl_search(cache, global->nl80211_id);
2025 	if (!family) {
2026 		wpa_printf(MSG_DEBUG,
2027 			   "nl80211: Could not get nl80211 family from cache: %d (%s)",
2028 			   ret, nl_geterror(ret));
2029 		goto err;
2030 	}
2031 
2032 	global->nl80211_maxattr = genl_family_get_maxattr(family);
2033 	wpa_printf(MSG_DEBUG, "nl80211: Maximum supported attribute ID: %u",
2034 		   global->nl80211_maxattr);
2035 	genl_family_put(family);
2036 	nl_cache_free(cache);
2037 
2038 	nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
2039 		  no_seq_check, NULL);
2040 	nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
2041 		  process_global_event, global);
2042 
2043 	nl80211_register_eloop_read(&global->nl_event,
2044 				    wpa_driver_nl80211_event_receive,
2045 				    global->nl_cb, 0);
2046 
2047 	return 0;
2048 
2049 err:
2050 	genl_family_put(family);
2051 	nl_cache_free(cache);
2052 	nl_destroy_handles(&global->nl_event);
2053 	nl_destroy_handles(&global->nl);
2054 	nl_cb_put(global->nl_cb);
2055 	global->nl_cb = NULL;
2056 	return -1;
2057 }
2058 
2059 
2060 static void nl80211_check_global(struct nl80211_global *global)
2061 {
2062 	struct nl_sock *handle;
2063 	const char *groups[] = { "scan", "mlme", "regulatory", "vendor", NULL };
2064 	int ret;
2065 	unsigned int i;
2066 
2067 	/*
2068 	 * Try to re-add memberships to handle case of cfg80211 getting reloaded
2069 	 * and all registration having been cleared.
2070 	 */
2071 	handle = (void *) (((intptr_t) global->nl_event) ^
2072 			   ELOOP_SOCKET_INVALID);
2073 
2074 	for (i = 0; groups[i]; i++) {
2075 		ret = nl_get_multicast_id(global, "nl80211", groups[i]);
2076 		if (ret >= 0)
2077 			ret = nl_socket_add_membership(handle, ret);
2078 		if (ret < 0) {
2079 			wpa_printf(MSG_INFO,
2080 				   "nl80211: Could not re-add multicast membership for %s events: %d (%s)",
2081 				   groups[i], ret, nl_geterror(ret));
2082 		}
2083 	}
2084 }
2085 
2086 
2087 static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
2088 {
2089 	struct wpa_driver_nl80211_data *drv = ctx;
2090 
2091 	wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
2092 
2093 	/*
2094 	 * rtnetlink ifdown handler will report interfaces other than the P2P
2095 	 * Device interface as disabled.
2096 	 */
2097 	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
2098 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL);
2099 }
2100 
2101 
2102 static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
2103 {
2104 	struct wpa_driver_nl80211_data *drv = ctx;
2105 	wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
2106 	if (i802_set_iface_flags(drv->first_bss, 1)) {
2107 		wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
2108 			   "after rfkill unblock");
2109 		return;
2110 	}
2111 
2112 	if (is_p2p_net_interface(drv->nlmode))
2113 		nl80211_disable_11b_rates(drv, drv->ifindex, 1);
2114 
2115 	/*
2116 	 * rtnetlink ifup handler will report interfaces other than the P2P
2117 	 * Device interface as enabled.
2118 	 */
2119 	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
2120 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL);
2121 }
2122 
2123 
2124 static void wpa_driver_nl80211_handle_eapol_tx_status(int sock,
2125 						      void *eloop_ctx,
2126 						      void *handle)
2127 {
2128 	struct wpa_driver_nl80211_data *drv = eloop_ctx;
2129 	u8 data[2048];
2130 	struct msghdr msg;
2131 	struct iovec entry;
2132 	u8 control[512];
2133 	struct cmsghdr *cmsg;
2134 	int res, found_ee = 0, found_wifi = 0, acked = 0;
2135 	union wpa_event_data event;
2136 
2137 	memset(&msg, 0, sizeof(msg));
2138 	msg.msg_iov = &entry;
2139 	msg.msg_iovlen = 1;
2140 	entry.iov_base = data;
2141 	entry.iov_len = sizeof(data);
2142 	msg.msg_control = &control;
2143 	msg.msg_controllen = sizeof(control);
2144 
2145 	res = recvmsg(sock, &msg, MSG_ERRQUEUE);
2146 	/* if error or not fitting 802.3 header, return */
2147 	if (res < 14)
2148 		return;
2149 
2150 	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
2151 	{
2152 		if (cmsg->cmsg_level == SOL_SOCKET &&
2153 		    cmsg->cmsg_type == SCM_WIFI_STATUS) {
2154 			int *ack;
2155 
2156 			found_wifi = 1;
2157 			ack = (void *)CMSG_DATA(cmsg);
2158 			acked = *ack;
2159 		}
2160 
2161 		if (cmsg->cmsg_level == SOL_PACKET &&
2162 		    cmsg->cmsg_type == PACKET_TX_TIMESTAMP) {
2163 			struct sock_extended_err *err =
2164 				(struct sock_extended_err *)CMSG_DATA(cmsg);
2165 
2166 			if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS)
2167 				found_ee = 1;
2168 		}
2169 	}
2170 
2171 	if (!found_ee || !found_wifi)
2172 		return;
2173 
2174 	memset(&event, 0, sizeof(event));
2175 	event.eapol_tx_status.dst = data;
2176 	event.eapol_tx_status.data = data + 14;
2177 	event.eapol_tx_status.data_len = res - 14;
2178 	event.eapol_tx_status.ack = acked;
2179 	wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event);
2180 }
2181 
2182 
2183 static int nl80211_init_connect_handle(struct i802_bss *bss)
2184 {
2185 	if (bss->nl_connect) {
2186 		wpa_printf(MSG_DEBUG,
2187 			   "nl80211: Connect handle already created (nl_connect=%p)",
2188 			   bss->nl_connect);
2189 		return -1;
2190 	}
2191 
2192 	bss->nl_connect = nl_create_handle(bss->nl_cb, "connect");
2193 	if (!bss->nl_connect)
2194 		return -1;
2195 	nl80211_register_eloop_read(&bss->nl_connect,
2196 				    wpa_driver_nl80211_event_receive,
2197 				    bss->nl_cb, 1);
2198 	return 0;
2199 }
2200 
2201 
2202 static int nl80211_init_bss(struct i802_bss *bss)
2203 {
2204 	bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2205 	if (!bss->nl_cb)
2206 		return -1;
2207 
2208 	nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
2209 		  no_seq_check, NULL);
2210 	nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
2211 		  process_bss_event, bss);
2212 
2213 	nl80211_init_connect_handle(bss);
2214 
2215 	return 0;
2216 }
2217 
2218 
2219 static void nl80211_destroy_bss(struct i802_bss *bss)
2220 {
2221 	nl_cb_put(bss->nl_cb);
2222 	bss->nl_cb = NULL;
2223 
2224 	if (bss->nl_connect)
2225 		nl80211_destroy_eloop_handle(&bss->nl_connect, 1);
2226 }
2227 
2228 
2229 static void
2230 wpa_driver_nl80211_drv_init_rfkill(struct wpa_driver_nl80211_data *drv)
2231 {
2232 	struct rfkill_config *rcfg;
2233 
2234 	if (drv->rfkill)
2235 		return;
2236 
2237 	rcfg = os_zalloc(sizeof(*rcfg));
2238 	if (!rcfg)
2239 		return;
2240 
2241 	rcfg->ctx = drv;
2242 
2243 	/* rfkill uses netdev sysfs for initialization. However, P2P Device is
2244 	 * not associated with a netdev, so use the name of some other interface
2245 	 * sharing the same wiphy as the P2P Device interface.
2246 	 *
2247 	 * Note: This is valid, as a P2P Device interface is always dynamically
2248 	 * created and is created only once another wpa_s interface was added.
2249 	 */
2250 	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) {
2251 		struct nl80211_global *global = drv->global;
2252 		struct wpa_driver_nl80211_data *tmp1;
2253 
2254 		dl_list_for_each(tmp1, &global->interfaces,
2255 				 struct wpa_driver_nl80211_data, list) {
2256 			if (drv == tmp1 || drv->wiphy_idx != tmp1->wiphy_idx ||
2257 			    !tmp1->rfkill)
2258 				continue;
2259 
2260 			wpa_printf(MSG_DEBUG,
2261 				   "nl80211: Use (%s) to initialize P2P Device rfkill",
2262 				   tmp1->first_bss->ifname);
2263 			os_strlcpy(rcfg->ifname, tmp1->first_bss->ifname,
2264 				   sizeof(rcfg->ifname));
2265 			break;
2266 		}
2267 	} else {
2268 		os_strlcpy(rcfg->ifname, drv->first_bss->ifname,
2269 			   sizeof(rcfg->ifname));
2270 	}
2271 
2272 	rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
2273 	rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
2274 	drv->rfkill = rfkill_init(rcfg);
2275 	if (!drv->rfkill) {
2276 		wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
2277 		os_free(rcfg);
2278 	}
2279 }
2280 
2281 
2282 static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname,
2283 					  void *global_priv, int hostapd,
2284 					  const u8 *set_addr,
2285 					  const char *driver_params)
2286 {
2287 	struct wpa_driver_nl80211_data *drv;
2288 	struct i802_bss *bss;
2289 	char path[128], buf[200], *pos;
2290 	ssize_t len;
2291 	int ret;
2292 
2293 	ret = os_snprintf(path, sizeof(path), "/sys/class/net/%s/device/driver",
2294 			  ifname);
2295 	if (!os_snprintf_error(sizeof(path), ret)) {
2296 		len = readlink(path, buf, sizeof(buf));
2297 		if (len > 0 && (size_t) len < sizeof(buf)) {
2298 			buf[len] = '\0';
2299 			pos = strrchr(buf, '/');
2300 			if (pos)
2301 				pos++;
2302 			else
2303 				pos = buf;
2304 			wpa_printf(MSG_DEBUG,
2305 				   "nl80211: Initialize interface %s (driver: %s)",
2306 				   ifname, pos);
2307 		}
2308 	}
2309 
2310 	if (global_priv == NULL)
2311 		return NULL;
2312 	drv = os_zalloc(sizeof(*drv));
2313 	if (drv == NULL)
2314 		return NULL;
2315 	drv->global = global_priv;
2316 	drv->ctx = ctx;
2317 	drv->hostapd = !!hostapd;
2318 	drv->eapol_sock = -1;
2319 
2320 	/*
2321 	 * There is no driver capability flag for this, so assume it is
2322 	 * supported and disable this on first attempt to use if the driver
2323 	 * rejects the command due to missing support.
2324 	 */
2325 	drv->set_rekey_offload = 1;
2326 
2327 	drv->num_if_indices = ARRAY_SIZE(drv->default_if_indices);
2328 	drv->if_indices = drv->default_if_indices;
2329 
2330 	drv->first_bss = os_zalloc(sizeof(*drv->first_bss));
2331 	if (!drv->first_bss) {
2332 		os_free(drv);
2333 		return NULL;
2334 	}
2335 	bss = drv->first_bss;
2336 	bss->drv = drv;
2337 	bss->ctx = ctx;
2338 
2339 	os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
2340 	drv->monitor_ifidx = -1;
2341 	drv->monitor_sock = -1;
2342 	drv->eapol_tx_sock = -1;
2343 	drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
2344 
2345 	if (nl80211_init_bss(bss))
2346 		goto failed;
2347 
2348 	if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1, driver_params))
2349 		goto failed;
2350 
2351 	if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_TX_STATUS) {
2352 		drv->control_port_ap = 1;
2353 		goto skip_wifi_status;
2354 	}
2355 
2356 	drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
2357 	if (drv->eapol_tx_sock < 0)
2358 		goto failed;
2359 
2360 	if (drv->data_tx_status) {
2361 		int enabled = 1;
2362 
2363 		if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS,
2364 			       &enabled, sizeof(enabled)) < 0) {
2365 			wpa_printf(MSG_DEBUG,
2366 				   "nl80211: wifi status sockopt failed: %s",
2367 				   strerror(errno));
2368 			drv->data_tx_status = 0;
2369 			if (!drv->use_monitor)
2370 				drv->capa.flags &=
2371 					~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
2372 		} else {
2373 			eloop_register_read_sock(
2374 				drv->eapol_tx_sock,
2375 				wpa_driver_nl80211_handle_eapol_tx_status,
2376 				drv, NULL);
2377 		}
2378 	}
2379 skip_wifi_status:
2380 
2381 	if (drv->global) {
2382 		nl80211_check_global(drv->global);
2383 		dl_list_add(&drv->global->interfaces, &drv->list);
2384 		drv->in_interface_list = 1;
2385 	}
2386 
2387 	/*
2388 	 * Use link ID 0 for the single "link" of a non-MLD.
2389 	 */
2390 	bss->valid_links = 0;
2391 	bss->flink = &bss->links[0];
2392 	os_memcpy(bss->flink->addr, bss->addr, ETH_ALEN);
2393 
2394 	return bss;
2395 
2396 failed:
2397 	wpa_driver_nl80211_deinit(bss);
2398 	return NULL;
2399 }
2400 
2401 
2402 /**
2403  * wpa_driver_nl80211_init - Initialize nl80211 driver interface
2404  * @ctx: context to be used when calling wpa_supplicant functions,
2405  * e.g., wpa_supplicant_event()
2406  * @ifname: interface name, e.g., wlan0
2407  * @global_priv: private driver global data from global_init()
2408  * Returns: Pointer to private data, %NULL on failure
2409  */
2410 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
2411 				      void *global_priv)
2412 {
2413 	return wpa_driver_nl80211_drv_init(ctx, ifname, global_priv, 0, NULL,
2414 					   NULL);
2415 }
2416 
2417 
2418 static int nl80211_register_frame(struct i802_bss *bss,
2419 				  struct nl_sock *nl_handle,
2420 				  u16 type, const u8 *match, size_t match_len,
2421 				  bool multicast)
2422 {
2423 	struct wpa_driver_nl80211_data *drv = bss->drv;
2424 	struct nl_msg *msg;
2425 	int ret;
2426 	char buf[30];
2427 
2428 	buf[0] = '\0';
2429 	wpa_snprintf_hex(buf, sizeof(buf), match, match_len);
2430 	wpa_printf(MSG_DEBUG,
2431 		   "nl80211: Register frame type=0x%x (%s) nl_handle=%p match=%s multicast=%d",
2432 		   type, fc2str(type), nl_handle, buf, multicast);
2433 
2434 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_REGISTER_FRAME)) ||
2435 	    (multicast && nla_put_flag(msg, NL80211_ATTR_RECEIVE_MULTICAST)) ||
2436 	    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, type) ||
2437 	    nla_put(msg, NL80211_ATTR_FRAME_MATCH, match_len, match)) {
2438 		nlmsg_free(msg);
2439 		return -1;
2440 	}
2441 
2442 	ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL,
2443 			    NULL, NULL, NULL);
2444 	if (ret) {
2445 		wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
2446 			   "failed (type=%u): ret=%d (%s)",
2447 			   type, ret, strerror(-ret));
2448 		wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
2449 			    match, match_len);
2450 	}
2451 	return ret;
2452 }
2453 
2454 
2455 static int nl80211_alloc_mgmt_handle(struct i802_bss *bss)
2456 {
2457 	if (bss->nl_mgmt) {
2458 		wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting "
2459 			   "already on! (nl_mgmt=%p)", bss->nl_mgmt);
2460 		return -1;
2461 	}
2462 
2463 	bss->nl_mgmt = nl_create_handle(bss->nl_cb, "mgmt");
2464 	if (bss->nl_mgmt == NULL)
2465 		return -1;
2466 
2467 	return 0;
2468 }
2469 
2470 
2471 static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss)
2472 {
2473 	nl80211_register_eloop_read(&bss->nl_mgmt,
2474 				    wpa_driver_nl80211_event_receive,
2475 				    bss->nl_cb, 0);
2476 }
2477 
2478 
2479 static int nl80211_register_action_frame2(struct i802_bss *bss,
2480 					  const u8 *match, size_t match_len,
2481 					  bool multicast)
2482 {
2483 	u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
2484 	return nl80211_register_frame(bss, bss->nl_mgmt,
2485 				      type, match, match_len, multicast);
2486 }
2487 
2488 
2489 static int nl80211_register_action_frame(struct i802_bss *bss,
2490 					 const u8 *match, size_t match_len)
2491 {
2492 	return nl80211_register_action_frame2(bss, match, match_len, false);
2493 }
2494 
2495 
2496 static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
2497 {
2498 	struct wpa_driver_nl80211_data *drv = bss->drv;
2499 	u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4);
2500 	int ret = 0;
2501 
2502 	if (nl80211_alloc_mgmt_handle(bss))
2503 		return -1;
2504 	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP "
2505 		   "handle %p", bss->nl_mgmt);
2506 
2507 	if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
2508 		/* register for any AUTH message */
2509 		nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0, false);
2510 	} else if ((drv->capa.flags & WPA_DRIVER_FLAGS_SAE) &&
2511 		   !(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
2512 		/* register for SAE Authentication frames */
2513 		nl80211_register_frame(bss, bss->nl_mgmt, type,
2514 				       (u8 *) "\x03\x00", 2, false);
2515 	}
2516 
2517 #ifdef CONFIG_PASN
2518 	/* register for PASN Authentication frames */
2519 	if (nl80211_register_frame(bss, bss->nl_mgmt, type,
2520 				   (u8 *) "\x07\x00", 2, false))
2521 		ret = -1;
2522 #endif /* CONFIG_PASN */
2523 
2524 #ifdef CONFIG_INTERWORKING
2525 	/* QoS Map Configure */
2526 	if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0)
2527 		ret = -1;
2528 #endif /* CONFIG_INTERWORKING */
2529 #if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING) || defined(CONFIG_DPP)
2530 	/* GAS Initial Request */
2531 	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0)
2532 		ret = -1;
2533 	/* GAS Initial Response */
2534 	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0)
2535 		ret = -1;
2536 	/* GAS Comeback Request */
2537 	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0)
2538 		ret = -1;
2539 	/* GAS Comeback Response */
2540 	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0)
2541 		ret = -1;
2542 	/* Protected GAS Initial Request */
2543 	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0a", 2) < 0)
2544 		ret = -1;
2545 	/* Protected GAS Initial Response */
2546 	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0b", 2) < 0)
2547 		ret = -1;
2548 	/* Protected GAS Comeback Request */
2549 	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0c", 2) < 0)
2550 		ret = -1;
2551 	/* Protected GAS Comeback Response */
2552 	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0d", 2) < 0)
2553 		ret = -1;
2554 #endif /* CONFIG_P2P || CONFIG_INTERWORKING || CONFIG_DPP */
2555 #ifdef CONFIG_P2P
2556 	/* P2P Public Action */
2557 	if (nl80211_register_action_frame(bss,
2558 					  (u8 *) "\x04\x09\x50\x6f\x9a\x09",
2559 					  6) < 0)
2560 		ret = -1;
2561 	/* P2P Action */
2562 	if (nl80211_register_action_frame(bss,
2563 					  (u8 *) "\x7f\x50\x6f\x9a\x09",
2564 					  5) < 0)
2565 		ret = -1;
2566 #endif /* CONFIG_P2P */
2567 #ifdef CONFIG_NAN_USD
2568 #define NAN_PUB_ACTION ((u8 *) "\x04\x09\x50\x6f\x9a\x13")
2569 	/* NAN SDF Public Action */
2570 	if (nl80211_register_action_frame2(bss, NAN_PUB_ACTION, 6, true) < 0) {
2571 		/* fallback to non-multicast */
2572 		if (nl80211_register_action_frame2(bss, NAN_PUB_ACTION, 6,
2573 						   false) < 0)
2574 			ret = -1;
2575 	}
2576 #undef NAN_PUB_ACTION
2577 #endif /* CONFIG_NAN_USD */
2578 #ifdef CONFIG_DPP
2579 	/* DPP Public Action */
2580 	if (nl80211_register_action_frame(bss,
2581 					  (u8 *) "\x04\x09\x50\x6f\x9a\x1a",
2582 					  6) < 0)
2583 		ret = -1;
2584 #endif /* CONFIG_DPP */
2585 #ifdef CONFIG_OCV
2586 	/* SA Query Request */
2587 	if (nl80211_register_action_frame(bss, (u8 *) "\x08\x00", 2) < 0)
2588 		ret = -1;
2589 #endif /* CONFIG_OCV */
2590 	/* SA Query Response */
2591 	if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0)
2592 		ret = -1;
2593 #ifdef CONFIG_TDLS
2594 	if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) {
2595 		/* TDLS Discovery Response */
2596 		if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) <
2597 		    0)
2598 			ret = -1;
2599 	}
2600 #endif /* CONFIG_TDLS */
2601 #ifdef CONFIG_FST
2602 	/* FST Action frames */
2603 	if (nl80211_register_action_frame(bss, (u8 *) "\x12", 1) < 0)
2604 		ret = -1;
2605 #endif /* CONFIG_FST */
2606 
2607 	/* FT Action frames */
2608 	if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
2609 		ret = -1;
2610 	else if (!drv->has_driver_key_mgmt) {
2611 		int i;
2612 
2613 		/* Update supported AKMs only if the driver doesn't advertize
2614 		 * any AKM capabilities. */
2615 		drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
2616 			WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
2617 
2618 		/* Update per interface supported AKMs */
2619 		for (i = 0; i < WPA_IF_MAX; i++)
2620 			drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt;
2621 	}
2622 
2623 	/* WNM - BSS Transition Management Request */
2624 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0)
2625 		ret = -1;
2626 	/* WNM-Sleep Mode Response */
2627 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0)
2628 		ret = -1;
2629 #ifdef CONFIG_WNM
2630 	/* WNM - Collocated Interference Request */
2631 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x0b", 2) < 0)
2632 		ret = -1;
2633 #endif /* CONFIG_WNM */
2634 
2635 #ifdef CONFIG_HS20
2636 	/* WNM-Notification */
2637 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x1a", 2) < 0)
2638 		ret = -1;
2639 #endif /* CONFIG_HS20 */
2640 
2641 	/* WMM-AC ADDTS Response */
2642 	if (nl80211_register_action_frame(bss, (u8 *) "\x11\x01", 2) < 0)
2643 		ret = -1;
2644 
2645 	/* WMM-AC DELTS */
2646 	if (nl80211_register_action_frame(bss, (u8 *) "\x11\x02", 2) < 0)
2647 		ret = -1;
2648 
2649 	/* Radio Measurement - Neighbor Report Response */
2650 	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x05", 2) < 0)
2651 		ret = -1;
2652 
2653 	/* Radio Measurement - Radio Measurement Request */
2654 	if  (!drv->no_rrm &&
2655 	     nl80211_register_action_frame(bss, (u8 *) "\x05\x00", 2) < 0)
2656 		ret = -1;
2657 
2658 	/* Radio Measurement - Link Measurement Request */
2659 	if ((drv->capa.rrm_flags & WPA_DRIVER_FLAGS_TX_POWER_INSERTION) &&
2660 	    (nl80211_register_action_frame(bss, (u8 *) "\x05\x02", 2) < 0))
2661 		ret = -1;
2662 
2663 	/* Robust AV SCS Response */
2664 	if (nl80211_register_action_frame(bss, (u8 *) "\x13\x01", 2) < 0)
2665 		ret = -1;
2666 
2667 	/* Robust AV MSCS Response */
2668 	if (nl80211_register_action_frame(bss, (u8 *) "\x13\x05", 2) < 0)
2669 		ret = -1;
2670 
2671 	/* Protected QoS Management Action frame */
2672 	if (nl80211_register_action_frame(bss, (u8 *) "\x7e\x50\x6f\x9a\x1a",
2673 					  5) < 0)
2674 		ret = -1;
2675 
2676 	nl80211_mgmt_handle_register_eloop(bss);
2677 
2678 	return ret;
2679 }
2680 
2681 
2682 static int nl80211_mgmt_subscribe_mesh(struct i802_bss *bss)
2683 {
2684 	int ret = 0;
2685 
2686 	if (nl80211_alloc_mgmt_handle(bss))
2687 		return -1;
2688 
2689 	wpa_printf(MSG_DEBUG,
2690 		   "nl80211: Subscribe to mgmt frames with mesh handle %p",
2691 		   bss->nl_mgmt);
2692 
2693 	/* Auth frames for mesh SAE */
2694 	if (nl80211_register_frame(bss, bss->nl_mgmt,
2695 				   (WLAN_FC_TYPE_MGMT << 2) |
2696 				   (WLAN_FC_STYPE_AUTH << 4),
2697 				   NULL, 0, false) < 0)
2698 		ret = -1;
2699 
2700 	/* Mesh peering open */
2701 	if (nl80211_register_action_frame(bss, (u8 *) "\x0f\x01", 2) < 0)
2702 		ret = -1;
2703 	/* Mesh peering confirm */
2704 	if (nl80211_register_action_frame(bss, (u8 *) "\x0f\x02", 2) < 0)
2705 		ret = -1;
2706 	/* Mesh peering close */
2707 	if (nl80211_register_action_frame(bss, (u8 *) "\x0f\x03", 2) < 0)
2708 		ret = -1;
2709 
2710 	nl80211_mgmt_handle_register_eloop(bss);
2711 
2712 	return ret;
2713 }
2714 
2715 
2716 static int nl80211_register_spurious_class3(struct i802_bss *bss)
2717 {
2718 	struct nl_msg *msg;
2719 	int ret;
2720 
2721 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_UNEXPECTED_FRAME);
2722 	ret = send_and_recv(bss->drv->global, bss->nl_mgmt, msg, NULL, NULL,
2723 			    NULL, NULL, NULL);
2724 	if (ret) {
2725 		wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 "
2726 			   "failed: ret=%d (%s)",
2727 			   ret, strerror(-ret));
2728 	}
2729 	return ret;
2730 }
2731 
2732 
2733 static int nl80211_action_subscribe_ap(struct i802_bss *bss)
2734 {
2735 	int ret = 0;
2736 
2737 	/* Public Action frames */
2738 	if (nl80211_register_action_frame(bss, (u8 *) "\x04", 1) < 0)
2739 		ret = -1;
2740 	/* RRM Measurement Report */
2741 	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x01", 2) < 0)
2742 		ret = -1;
2743 	/* RRM Link Measurement Report */
2744 	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x03", 2) < 0)
2745 		ret = -1;
2746 	/* RRM Neighbor Report Request */
2747 	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x04", 2) < 0)
2748 		ret = -1;
2749 	/* FT Action frames */
2750 	if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
2751 		ret = -1;
2752 	/* SA Query */
2753 	if (nl80211_register_action_frame(bss, (u8 *) "\x08", 1) < 0)
2754 		ret = -1;
2755 	/* Protected Dual of Public Action */
2756 	if (nl80211_register_action_frame(bss, (u8 *) "\x09", 1) < 0)
2757 		ret = -1;
2758 	/* WNM */
2759 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a", 1) < 0)
2760 		ret = -1;
2761 	/* WMM */
2762 	if (nl80211_register_action_frame(bss, (u8 *) "\x11", 1) < 0)
2763 		ret = -1;
2764 #ifdef CONFIG_FST
2765 	/* FST Action frames */
2766 	if (nl80211_register_action_frame(bss, (u8 *) "\x12", 1) < 0)
2767 		ret = -1;
2768 #endif /* CONFIG_FST */
2769 	/* Vendor-specific */
2770 	if (nl80211_register_action_frame(bss, (u8 *) "\x7f", 1) < 0)
2771 		ret = -1;
2772 
2773 	return ret;
2774 }
2775 
2776 
2777 static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss)
2778 {
2779 	static const int stypes[] = {
2780 		WLAN_FC_STYPE_AUTH,
2781 		WLAN_FC_STYPE_ASSOC_REQ,
2782 		WLAN_FC_STYPE_REASSOC_REQ,
2783 		WLAN_FC_STYPE_DISASSOC,
2784 		WLAN_FC_STYPE_DEAUTH,
2785 		WLAN_FC_STYPE_PROBE_REQ,
2786 /* Beacon doesn't work as mac80211 doesn't currently allow
2787  * it, but it wouldn't really be the right thing anyway as
2788  * it isn't per interface ... maybe just dump the scan
2789  * results periodically for OLBC?
2790  */
2791 		/* WLAN_FC_STYPE_BEACON, */
2792 	};
2793 	unsigned int i;
2794 
2795 	if (nl80211_alloc_mgmt_handle(bss))
2796 		return -1;
2797 	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
2798 		   "handle %p", bss->nl_mgmt);
2799 
2800 	for (i = 0; i < ARRAY_SIZE(stypes); i++) {
2801 		if (nl80211_register_frame(bss, bss->nl_mgmt,
2802 					   (WLAN_FC_TYPE_MGMT << 2) |
2803 					   (stypes[i] << 4),
2804 					   NULL, 0, false) < 0) {
2805 			goto out_err;
2806 		}
2807 	}
2808 
2809 	if (nl80211_action_subscribe_ap(bss))
2810 		goto out_err;
2811 
2812 	if (nl80211_register_spurious_class3(bss))
2813 		goto out_err;
2814 
2815 	nl80211_mgmt_handle_register_eloop(bss);
2816 	return 0;
2817 
2818 out_err:
2819 	nl_destroy_handles(&bss->nl_mgmt);
2820 	return -1;
2821 }
2822 
2823 
2824 static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss)
2825 {
2826 	if (nl80211_alloc_mgmt_handle(bss))
2827 		return -1;
2828 	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
2829 		   "handle %p (device SME)", bss->nl_mgmt);
2830 
2831 	if (nl80211_action_subscribe_ap(bss))
2832 		goto out_err;
2833 
2834 	if (bss->drv->device_ap_sme) {
2835 		u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4);
2836 
2837 		/* Register for all Authentication frames */
2838 		if (nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0,
2839 					   false) < 0)
2840 			wpa_printf(MSG_DEBUG,
2841 				   "nl80211: Failed to subscribe to handle Authentication frames - SAE offload may not work");
2842 	}
2843 
2844 	nl80211_mgmt_handle_register_eloop(bss);
2845 	return 0;
2846 
2847 out_err:
2848 	nl_destroy_handles(&bss->nl_mgmt);
2849 	return -1;
2850 }
2851 
2852 
2853 static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason)
2854 {
2855 	if (bss->nl_mgmt == NULL)
2856 		return;
2857 	wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p "
2858 		   "(%s)", bss->nl_mgmt, reason);
2859 	nl80211_destroy_eloop_handle(&bss->nl_mgmt, 0);
2860 
2861 	nl80211_put_wiphy_data_ap(bss);
2862 }
2863 
2864 
2865 static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
2866 {
2867 	wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
2868 }
2869 
2870 
2871 static void nl80211_del_p2pdev(struct i802_bss *bss)
2872 {
2873 	struct nl_msg *msg;
2874 	int ret;
2875 
2876 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_DEL_INTERFACE);
2877 	ret = send_and_recv_cmd(bss->drv, msg);
2878 
2879 	wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s",
2880 		   bss->ifname, (long long unsigned int) bss->wdev_id,
2881 		   strerror(-ret));
2882 }
2883 
2884 
2885 static int nl80211_set_p2pdev(struct i802_bss *bss, int start)
2886 {
2887 	struct nl_msg *msg;
2888 	int ret;
2889 
2890 	msg = nl80211_cmd_msg(bss, 0, start ? NL80211_CMD_START_P2P_DEVICE :
2891 			      NL80211_CMD_STOP_P2P_DEVICE);
2892 	ret = send_and_recv_cmd(bss->drv, msg);
2893 
2894 	wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s",
2895 		   start ? "Start" : "Stop",
2896 		   bss->ifname, (long long unsigned int) bss->wdev_id,
2897 		   strerror(-ret));
2898 	return ret;
2899 }
2900 
2901 
2902 static int i802_set_iface_flags(struct i802_bss *bss, int up)
2903 {
2904 	enum nl80211_iftype nlmode;
2905 
2906 	nlmode = nl80211_get_ifmode(bss);
2907 	if (nlmode != NL80211_IFTYPE_P2P_DEVICE) {
2908 		return linux_set_iface_flags(bss->drv->global->ioctl_sock,
2909 					     bss->ifname, up);
2910 	}
2911 
2912 	/* P2P Device has start/stop which is equivalent */
2913 	return nl80211_set_p2pdev(bss, up);
2914 }
2915 
2916 
2917 #ifdef CONFIG_TESTING_OPTIONS
2918 static int qca_vendor_test_cmd_handler(struct nl_msg *msg, void *arg)
2919 {
2920 	/* struct wpa_driver_nl80211_data *drv = arg; */
2921 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
2922 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2923 
2924 
2925 	wpa_printf(MSG_DEBUG,
2926 		   "nl80211: QCA vendor test command response received");
2927 
2928 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2929 		  genlmsg_attrlen(gnlh, 0), NULL);
2930 	if (!tb[NL80211_ATTR_VENDOR_DATA]) {
2931 		wpa_printf(MSG_DEBUG, "nl80211: No vendor data attribute");
2932 		return NL_SKIP;
2933 	}
2934 
2935 	wpa_hexdump(MSG_DEBUG,
2936 		    "nl80211: Received QCA vendor test command response",
2937 		    nla_data(tb[NL80211_ATTR_VENDOR_DATA]),
2938 		    nla_len(tb[NL80211_ATTR_VENDOR_DATA]));
2939 
2940 	return NL_SKIP;
2941 }
2942 #endif /* CONFIG_TESTING_OPTIONS */
2943 
2944 
2945 static void qca_vendor_test(struct wpa_driver_nl80211_data *drv)
2946 {
2947 #ifdef CONFIG_TESTING_OPTIONS
2948 	struct nl_msg *msg;
2949 	struct nlattr *params;
2950 	int ret;
2951 
2952 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
2953 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
2954 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
2955 			QCA_NL80211_VENDOR_SUBCMD_TEST) ||
2956 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
2957 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_TEST, 123)) {
2958 		nlmsg_free(msg);
2959 		return;
2960 	}
2961 	nla_nest_end(msg, params);
2962 
2963 	ret = send_and_recv_resp(drv, msg, qca_vendor_test_cmd_handler, drv);
2964 	wpa_printf(MSG_DEBUG,
2965 		   "nl80211: QCA vendor test command returned %d (%s)",
2966 		   ret, strerror(-ret));
2967 #endif /* CONFIG_TESTING_OPTIONS */
2968 }
2969 
2970 
2971 static int
2972 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
2973 				   const u8 *set_addr, int first,
2974 				   const char *driver_params)
2975 {
2976 	struct i802_bss *bss = drv->first_bss;
2977 	int send_rfkill_event = 0;
2978 	enum nl80211_iftype nlmode;
2979 
2980 	drv->ifindex = if_nametoindex(bss->ifname);
2981 	bss->ifindex = drv->ifindex;
2982 	bss->wdev_id = drv->global->if_add_wdevid;
2983 	bss->wdev_id_set = drv->global->if_add_wdevid_set;
2984 
2985 	bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex;
2986 	bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set;
2987 	drv->global->if_add_wdevid_set = 0;
2988 
2989 	if (!bss->if_dynamic && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP)
2990 		bss->static_ap = 1;
2991 
2992 	if (first &&
2993 	    nl80211_get_ifmode(bss) != NL80211_IFTYPE_P2P_DEVICE &&
2994 	    linux_iface_up(drv->global->ioctl_sock, bss->ifname) > 0)
2995 		drv->start_iface_up = 1;
2996 
2997 	if (wpa_driver_nl80211_capa(drv))
2998 		return -1;
2999 
3000 	if (driver_params && nl80211_set_param(bss, driver_params) < 0)
3001 		return -1;
3002 
3003 	wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
3004 		   bss->ifname, drv->phyname);
3005 
3006 	if (set_addr &&
3007 	    (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) ||
3008 	     linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
3009 				set_addr)))
3010 		return -1;
3011 
3012 	if (first && nl80211_get_ifmode(bss) == NL80211_IFTYPE_STATION)
3013 		drv->start_mode_sta = 1;
3014 
3015 	if (drv->hostapd || bss->static_ap)
3016 		nlmode = NL80211_IFTYPE_AP;
3017 	else if (bss->if_dynamic ||
3018 		 nl80211_get_ifmode(bss) == NL80211_IFTYPE_MESH_POINT)
3019 		nlmode = nl80211_get_ifmode(bss);
3020 	else
3021 		nlmode = NL80211_IFTYPE_STATION;
3022 
3023 	if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) {
3024 		wpa_printf(MSG_ERROR, "nl80211: Could not configure driver mode");
3025 		return -1;
3026 	}
3027 
3028 	if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
3029 		nl80211_get_macaddr(bss);
3030 
3031 	wpa_driver_nl80211_drv_init_rfkill(drv);
3032 
3033 	if (!rfkill_is_blocked(drv->rfkill)) {
3034 		int ret = i802_set_iface_flags(bss, 1);
3035 		if (ret) {
3036 			wpa_printf(MSG_ERROR, "nl80211: Could not set "
3037 				   "interface '%s' UP", bss->ifname);
3038 			return ret;
3039 		}
3040 
3041 		if (is_p2p_net_interface(nlmode))
3042 			nl80211_disable_11b_rates(bss->drv,
3043 						  bss->drv->ifindex, 1);
3044 
3045 		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
3046 			return ret;
3047 	} else {
3048 		wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
3049 			   "interface '%s' due to rfkill", bss->ifname);
3050 		if (nlmode != NL80211_IFTYPE_P2P_DEVICE)
3051 			drv->if_disabled = 1;
3052 
3053 		send_rfkill_event = 1;
3054 	}
3055 
3056 	if (!drv->hostapd && nlmode != NL80211_IFTYPE_P2P_DEVICE)
3057 		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
3058 				       1, IF_OPER_DORMANT);
3059 
3060 	if (nlmode != NL80211_IFTYPE_P2P_DEVICE) {
3061 		if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
3062 				       bss->addr))
3063 			return -1;
3064 		os_memcpy(drv->perm_addr, bss->addr, ETH_ALEN);
3065 	}
3066 
3067 	if (send_rfkill_event) {
3068 		eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
3069 				       drv, drv->ctx);
3070 	}
3071 
3072 	if (drv->vendor_cmd_test_avail)
3073 		qca_vendor_test(drv);
3074 
3075 	return 0;
3076 }
3077 
3078 
3079 static int wpa_driver_nl80211_del_beacon(struct i802_bss *bss,
3080 					 int link_id)
3081 {
3082 	struct nl_msg *msg;
3083 	struct wpa_driver_nl80211_data *drv = bss->drv;
3084 	struct i802_link *link = nl80211_get_link(bss, link_id);
3085 
3086 	if (!link->beacon_set)
3087 		return 0;
3088 
3089 	wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
3090 		   bss->ifindex);
3091 	link->beacon_set = 0;
3092 	link->freq = 0;
3093 
3094 	nl80211_put_wiphy_data_ap(bss);
3095 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_BEACON);
3096 	if (!msg)
3097 		return -ENOBUFS;
3098 
3099 	if (link_id != NL80211_DRV_LINK_ID_NA) {
3100 		wpa_printf(MSG_DEBUG,
3101 			   "nl80211: MLD: stop beaconing on link=%u",
3102 			   link_id);
3103 
3104 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) {
3105 			nlmsg_free(msg);
3106 			return -ENOBUFS;
3107 		}
3108 	}
3109 
3110 	return send_and_recv_cmd(drv, msg);
3111 }
3112 
3113 
3114 static void wpa_driver_nl80211_del_beacon_all(struct i802_bss *bss)
3115 {
3116 	int link_id;
3117 
3118 	for_each_link_default(bss->valid_links, link_id, NL80211_DRV_LINK_ID_NA)
3119 		wpa_driver_nl80211_del_beacon(bss, link_id);
3120 }
3121 
3122 
3123 /**
3124  * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
3125  * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init()
3126  *
3127  * Shut down driver interface and processing of driver events. Free
3128  * private data buffer if one was allocated in wpa_driver_nl80211_init().
3129  */
3130 static void wpa_driver_nl80211_deinit(struct i802_bss *bss)
3131 {
3132 	struct wpa_driver_nl80211_data *drv = bss->drv;
3133 	unsigned int i;
3134 
3135 	wpa_printf(MSG_INFO, "nl80211: deinit ifname=%s disabled_11b_rates=%d",
3136 		   bss->ifname, drv->disabled_11b_rates);
3137 
3138 	bss->in_deinit = 1;
3139 	if (drv->data_tx_status)
3140 		eloop_unregister_read_sock(drv->eapol_tx_sock);
3141 	if (drv->eapol_tx_sock >= 0)
3142 		close(drv->eapol_tx_sock);
3143 
3144 	if (bss->nl_preq)
3145 		wpa_driver_nl80211_probe_req_report(bss, 0);
3146 	if (bss->added_if_into_bridge) {
3147 		if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
3148 				    bss->ifname) < 0)
3149 			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
3150 				   "interface %s from bridge %s: %s",
3151 				   bss->ifname, bss->brname, strerror(errno));
3152 	}
3153 
3154 	if (drv->rtnl_sk)
3155 		nl_socket_free(drv->rtnl_sk);
3156 
3157 	if (bss->added_bridge) {
3158 		if (linux_set_iface_flags(drv->global->ioctl_sock, bss->brname,
3159 					  0) < 0)
3160 			wpa_printf(MSG_INFO,
3161 				   "nl80211: Could not set bridge %s down",
3162 				   bss->brname);
3163 		if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
3164 			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
3165 				   "bridge %s: %s",
3166 				   bss->brname, strerror(errno));
3167 	}
3168 
3169 	nl80211_remove_monitor_interface(drv);
3170 
3171 	if (is_ap_interface(drv->nlmode)) {
3172 		wpa_driver_nl80211_del_beacon_all(bss);
3173 		nl80211_remove_links(bss);
3174 	}
3175 
3176 	if (drv->eapol_sock >= 0) {
3177 		eloop_unregister_read_sock(drv->eapol_sock);
3178 		close(drv->eapol_sock);
3179 	}
3180 
3181 	if (drv->if_indices != drv->default_if_indices)
3182 		os_free(drv->if_indices);
3183 
3184 	if (drv->disabled_11b_rates)
3185 		nl80211_disable_11b_rates(drv, drv->ifindex, 0);
3186 
3187 	netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0,
3188 			       IF_OPER_UP);
3189 	eloop_cancel_timeout(wpa_driver_nl80211_send_rfkill, drv, drv->ctx);
3190 	rfkill_deinit(drv->rfkill);
3191 
3192 	eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
3193 
3194 	if (!drv->start_iface_up)
3195 		(void) i802_set_iface_flags(bss, 0);
3196 
3197 	if (drv->addr_changed) {
3198 		if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname,
3199 					  0) < 0) {
3200 			wpa_printf(MSG_DEBUG,
3201 				   "nl80211: Could not set interface down to restore permanent MAC address");
3202 		}
3203 		if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
3204 				       drv->perm_addr) < 0) {
3205 			wpa_printf(MSG_DEBUG,
3206 				   "nl80211: Could not restore permanent MAC address");
3207 		}
3208 	}
3209 
3210 	if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) {
3211 		if (drv->start_mode_sta)
3212 			wpa_driver_nl80211_set_mode(bss,
3213 						    NL80211_IFTYPE_STATION);
3214 		nl80211_mgmt_unsubscribe(bss, "deinit");
3215 	} else {
3216 		nl80211_mgmt_unsubscribe(bss, "deinit");
3217 		nl80211_del_p2pdev(bss);
3218 	}
3219 
3220 	nl80211_destroy_bss(drv->first_bss);
3221 
3222 	os_free(drv->filter_ssids);
3223 
3224 	os_free(drv->auth_ie);
3225 	os_free(drv->auth_data);
3226 
3227 	if (drv->in_interface_list)
3228 		dl_list_del(&drv->list);
3229 
3230 	os_free(drv->extended_capa);
3231 	os_free(drv->extended_capa_mask);
3232 	for (i = 0; i < drv->num_iface_capa; i++) {
3233 		os_free(drv->iface_capa[i].ext_capa);
3234 		os_free(drv->iface_capa[i].ext_capa_mask);
3235 	}
3236 	os_free(drv->first_bss);
3237 #ifdef CONFIG_DRIVER_NL80211_QCA
3238 	os_free(drv->pending_roam_data);
3239 #endif /* CONFIG_DRIVER_NL80211_QCA */
3240 	os_free(drv);
3241 }
3242 
3243 
3244 static u32 wpa_alg_to_cipher_suite(enum wpa_alg alg, size_t key_len)
3245 {
3246 	switch (alg) {
3247 	case WPA_ALG_WEP:
3248 		if (key_len == 5)
3249 			return RSN_CIPHER_SUITE_WEP40;
3250 		return RSN_CIPHER_SUITE_WEP104;
3251 	case WPA_ALG_TKIP:
3252 		return RSN_CIPHER_SUITE_TKIP;
3253 	case WPA_ALG_CCMP:
3254 		return RSN_CIPHER_SUITE_CCMP;
3255 	case WPA_ALG_GCMP:
3256 		return RSN_CIPHER_SUITE_GCMP;
3257 	case WPA_ALG_CCMP_256:
3258 		return RSN_CIPHER_SUITE_CCMP_256;
3259 	case WPA_ALG_GCMP_256:
3260 		return RSN_CIPHER_SUITE_GCMP_256;
3261 	case WPA_ALG_BIP_CMAC_128:
3262 		return RSN_CIPHER_SUITE_AES_128_CMAC;
3263 	case WPA_ALG_BIP_GMAC_128:
3264 		return RSN_CIPHER_SUITE_BIP_GMAC_128;
3265 	case WPA_ALG_BIP_GMAC_256:
3266 		return RSN_CIPHER_SUITE_BIP_GMAC_256;
3267 	case WPA_ALG_BIP_CMAC_256:
3268 		return RSN_CIPHER_SUITE_BIP_CMAC_256;
3269 	case WPA_ALG_SMS4:
3270 		return RSN_CIPHER_SUITE_SMS4;
3271 	case WPA_ALG_KRK:
3272 		return RSN_CIPHER_SUITE_KRK;
3273 	case WPA_ALG_NONE:
3274 		wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm %d",
3275 			   alg);
3276 		return 0;
3277 	}
3278 
3279 	wpa_printf(MSG_ERROR, "nl80211: Unsupported encryption algorithm %d",
3280 		   alg);
3281 	return 0;
3282 }
3283 
3284 
3285 static u32 wpa_cipher_to_cipher_suite(unsigned int cipher)
3286 {
3287 	switch (cipher) {
3288 	case WPA_CIPHER_CCMP_256:
3289 		return RSN_CIPHER_SUITE_CCMP_256;
3290 	case WPA_CIPHER_GCMP_256:
3291 		return RSN_CIPHER_SUITE_GCMP_256;
3292 	case WPA_CIPHER_CCMP:
3293 		return RSN_CIPHER_SUITE_CCMP;
3294 	case WPA_CIPHER_GCMP:
3295 		return RSN_CIPHER_SUITE_GCMP;
3296 	case WPA_CIPHER_TKIP:
3297 		return RSN_CIPHER_SUITE_TKIP;
3298 	case WPA_CIPHER_WEP104:
3299 		return RSN_CIPHER_SUITE_WEP104;
3300 	case WPA_CIPHER_WEP40:
3301 		return RSN_CIPHER_SUITE_WEP40;
3302 	case WPA_CIPHER_GTK_NOT_USED:
3303 		return RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED;
3304 	default:
3305 		return 0;
3306 	}
3307 }
3308 
3309 
3310 static int wpa_cipher_to_cipher_suites(unsigned int ciphers, u32 suites[],
3311 				       int max_suites)
3312 {
3313 	int num_suites = 0;
3314 
3315 	if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP_256)
3316 		suites[num_suites++] = RSN_CIPHER_SUITE_CCMP_256;
3317 	if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP_256)
3318 		suites[num_suites++] = RSN_CIPHER_SUITE_GCMP_256;
3319 	if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP)
3320 		suites[num_suites++] = RSN_CIPHER_SUITE_CCMP;
3321 	if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP)
3322 		suites[num_suites++] = RSN_CIPHER_SUITE_GCMP;
3323 	if (num_suites < max_suites && ciphers & WPA_CIPHER_TKIP)
3324 		suites[num_suites++] = RSN_CIPHER_SUITE_TKIP;
3325 	if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP104)
3326 		suites[num_suites++] = RSN_CIPHER_SUITE_WEP104;
3327 	if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP40)
3328 		suites[num_suites++] = RSN_CIPHER_SUITE_WEP40;
3329 
3330 	return num_suites;
3331 }
3332 
3333 
3334 static int wpa_key_mgmt_to_suites(unsigned int key_mgmt_suites, u32 suites[],
3335 				  int max_suites)
3336 {
3337 	int num_suites = 0;
3338 
3339 #define __AKM(a, b) \
3340 	if (num_suites < max_suites && \
3341 	    (key_mgmt_suites & (WPA_KEY_MGMT_ ## a))) \
3342 		suites[num_suites++] = (RSN_AUTH_KEY_MGMT_ ## b)
3343 	__AKM(IEEE8021X, UNSPEC_802_1X);
3344 	__AKM(PSK, PSK_OVER_802_1X);
3345 	__AKM(FT_IEEE8021X, FT_802_1X);
3346 	__AKM(FT_PSK, FT_PSK);
3347 	__AKM(IEEE8021X_SHA256, 802_1X_SHA256);
3348 	__AKM(PSK_SHA256, PSK_SHA256);
3349 	__AKM(SAE, SAE);
3350 	__AKM(SAE_EXT_KEY, SAE_EXT_KEY);
3351 	__AKM(FT_SAE, FT_SAE);
3352 	__AKM(FT_SAE_EXT_KEY, FT_SAE_EXT_KEY);
3353 	__AKM(CCKM, CCKM);
3354 	__AKM(OSEN, OSEN);
3355 	__AKM(IEEE8021X_SUITE_B, 802_1X_SUITE_B);
3356 	__AKM(IEEE8021X_SUITE_B_192, 802_1X_SUITE_B_192);
3357 	__AKM(FILS_SHA256, FILS_SHA256);
3358 	__AKM(FILS_SHA384, FILS_SHA384);
3359 	__AKM(FT_FILS_SHA256, FT_FILS_SHA256);
3360 	__AKM(FT_FILS_SHA384, FT_FILS_SHA384);
3361 	__AKM(OWE, OWE);
3362 	__AKM(DPP, DPP);
3363 	__AKM(FT_IEEE8021X_SHA384, FT_802_1X_SHA384);
3364 	__AKM(IEEE8021X_SHA384, 802_1X_SHA384);
3365 #undef __AKM
3366 
3367 	return num_suites;
3368 }
3369 
3370 
3371 #ifdef CONFIG_DRIVER_NL80211_QCA
3372 static int issue_key_mgmt_set_key(struct wpa_driver_nl80211_data *drv,
3373 				  const u8 *key, size_t key_len)
3374 {
3375 	struct nl_msg *msg;
3376 	int ret;
3377 
3378 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD))
3379 		return 0;
3380 
3381 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
3382 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
3383 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
3384 			QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_SET_KEY) ||
3385 	    nla_put(msg, NL80211_ATTR_VENDOR_DATA, key_len, key)) {
3386 		nl80211_nlmsg_clear(msg);
3387 		nlmsg_free(msg);
3388 		return -1;
3389 	}
3390 	ret = send_and_recv_cmd(drv, msg);
3391 	if (ret) {
3392 		wpa_printf(MSG_DEBUG,
3393 			   "nl80211: Key management set key failed: ret=%d (%s)",
3394 			   ret, strerror(-ret));
3395 	}
3396 
3397 	return ret;
3398 }
3399 #endif /* CONFIG_DRIVER_NL80211_QCA */
3400 
3401 
3402 static int nl80211_set_pmk(struct wpa_driver_nl80211_data *drv,
3403 			   const u8 *key, size_t key_len,
3404 			   const u8 *addr)
3405 {
3406 	struct nl_msg *msg = NULL;
3407 	int ret;
3408 
3409 	/*
3410 	 * If the authenticator address is not set, assume it is
3411 	 * the current BSSID.
3412 	 */
3413 	if (!addr && drv->associated)
3414 		addr = drv->bssid;
3415 	else if (!addr)
3416 		return -1;
3417 
3418 	wpa_printf(MSG_DEBUG, "nl80211: Set PMK to the driver for " MACSTR,
3419 		   MAC2STR(addr));
3420 	wpa_hexdump_key(MSG_DEBUG, "nl80211: PMK", key, key_len);
3421 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_PMK);
3422 	if (!msg ||
3423 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
3424 	    nla_put(msg, NL80211_ATTR_PMK, key_len, key)) {
3425 		nl80211_nlmsg_clear(msg);
3426 		nlmsg_free(msg);
3427 		return -ENOBUFS;
3428 	}
3429 
3430 	ret = send_and_recv_cmd(drv, msg);
3431 	if (ret) {
3432 		wpa_printf(MSG_DEBUG, "nl80211: Set PMK failed: ret=%d (%s)",
3433 			   ret, strerror(-ret));
3434 	}
3435 
3436 	return ret;
3437 }
3438 
3439 
3440 static int wpa_driver_nl80211_set_key(struct i802_bss *bss,
3441 				      struct wpa_driver_set_key_params *params)
3442 {
3443 	struct wpa_driver_nl80211_data *drv = bss->drv;
3444 	int ifindex;
3445 	struct nl_msg *msg;
3446 	struct nl_msg *key_msg;
3447 	int ret;
3448 	int skip_set_key = 1;
3449 	const char *ifname = params->ifname;
3450 	enum wpa_alg alg = params->alg;
3451 	const u8 *addr = params->addr;
3452 	int key_idx = params->key_idx;
3453 	int set_tx = params->set_tx;
3454 	const u8 *seq = params->seq;
3455 	size_t seq_len = params->seq_len;
3456 	const u8 *key = params->key;
3457 	size_t key_len = params->key_len;
3458 	int vlan_id = params->vlan_id;
3459 	enum key_flag key_flag = params->key_flag;
3460 	int link_id = params->link_id;
3461 
3462 	/* Ignore for P2P Device */
3463 	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
3464 		return 0;
3465 
3466 	ifindex = if_nametoindex(ifname);
3467 	wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d "
3468 		   "set_tx=%d seq_len=%lu key_len=%lu key_flag=0x%x link_id=%d",
3469 		   __func__, ifindex, ifname, alg, addr, key_idx, set_tx,
3470 		   (unsigned long) seq_len, (unsigned long) key_len, key_flag,
3471 		   link_id);
3472 
3473 	if (check_key_flag(key_flag)) {
3474 		wpa_printf(MSG_DEBUG, "%s: invalid key_flag", __func__);
3475 		return -EINVAL;
3476 	}
3477 
3478 #ifdef CONFIG_DRIVER_NL80211_QCA
3479 	if ((key_flag & KEY_FLAG_PMK) &&
3480 	    (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
3481 		wpa_printf(MSG_DEBUG, "%s: calling issue_key_mgmt_set_key",
3482 			   __func__);
3483 		ret = issue_key_mgmt_set_key(drv, key, key_len);
3484 		return ret;
3485 	}
3486 #endif /* CONFIG_DRIVER_NL80211_QCA */
3487 
3488 	if (key_flag & KEY_FLAG_PMK) {
3489 		if (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)
3490 			return nl80211_set_pmk(drv, key, key_len, addr);
3491 		/* The driver does not have any offload mechanism for PMK, so
3492 		 * there is no need to configure this key. */
3493 		return 0;
3494 	}
3495 
3496 	ret = -ENOBUFS;
3497 	key_msg = nlmsg_alloc();
3498 	if (!key_msg)
3499 		return ret;
3500 
3501 	if ((key_flag & KEY_FLAG_PAIRWISE_MASK) ==
3502 	    KEY_FLAG_PAIRWISE_RX_TX_MODIFY) {
3503 		wpa_printf(MSG_DEBUG,
3504 			   "nl80211: SET_KEY (pairwise RX/TX modify)");
3505 		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_SET_KEY);
3506 		if (!msg)
3507 			goto fail2;
3508 	} else if (alg == WPA_ALG_NONE && (key_flag & KEY_FLAG_RX_TX)) {
3509 		wpa_printf(MSG_DEBUG, "%s: invalid key_flag to delete key",
3510 			   __func__);
3511 		ret = -EINVAL;
3512 		goto fail2;
3513 	} else if (alg == WPA_ALG_NONE) {
3514 		wpa_printf(MSG_DEBUG, "nl80211: DEL_KEY");
3515 		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_DEL_KEY);
3516 		if (!msg)
3517 			goto fail2;
3518 	} else {
3519 		u32 suite;
3520 
3521 		suite = wpa_alg_to_cipher_suite(alg, key_len);
3522 		if (!suite) {
3523 			ret = -EINVAL;
3524 			goto fail2;
3525 		}
3526 		wpa_printf(MSG_DEBUG, "nl80211: NEW_KEY");
3527 		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_NEW_KEY);
3528 		if (!msg)
3529 			goto fail2;
3530 		if (nla_put(key_msg, NL80211_KEY_DATA, key_len, key) ||
3531 		    nla_put_u32(key_msg, NL80211_KEY_CIPHER, suite))
3532 			goto fail;
3533 		wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len);
3534 
3535 		if (seq && seq_len) {
3536 			if (nla_put(key_msg, NL80211_KEY_SEQ, seq_len, seq))
3537 				goto fail;
3538 			wpa_hexdump(MSG_DEBUG, "nl80211: KEY_SEQ",
3539 				    seq, seq_len);
3540 		}
3541 	}
3542 
3543 	if (addr && !is_broadcast_ether_addr(addr)) {
3544 		wpa_printf(MSG_DEBUG, "   addr=" MACSTR, MAC2STR(addr));
3545 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
3546 			goto fail;
3547 
3548 		if ((key_flag & KEY_FLAG_PAIRWISE_MASK) ==
3549 		    KEY_FLAG_PAIRWISE_RX ||
3550 		    (key_flag & KEY_FLAG_PAIRWISE_MASK) ==
3551 		    KEY_FLAG_PAIRWISE_RX_TX_MODIFY) {
3552 			if (nla_put_u8(key_msg, NL80211_KEY_MODE,
3553 				       key_flag == KEY_FLAG_PAIRWISE_RX ?
3554 				       NL80211_KEY_NO_TX : NL80211_KEY_SET_TX))
3555 				goto fail;
3556 		} else if ((key_flag & KEY_FLAG_GROUP_MASK) ==
3557 			   KEY_FLAG_GROUP_RX) {
3558 			wpa_printf(MSG_DEBUG, "   RSN IBSS RX GTK");
3559 			if (nla_put_u32(key_msg, NL80211_KEY_TYPE,
3560 					NL80211_KEYTYPE_GROUP))
3561 				goto fail;
3562 		} else if (!(key_flag & KEY_FLAG_PAIRWISE)) {
3563 			wpa_printf(MSG_DEBUG,
3564 				   "   key_flag missing PAIRWISE when setting a pairwise key");
3565 			ret = -EINVAL;
3566 			goto fail;
3567 		} else if (alg == WPA_ALG_WEP &&
3568 			   (key_flag & KEY_FLAG_RX_TX) == KEY_FLAG_RX_TX) {
3569 			wpa_printf(MSG_DEBUG, "   unicast WEP key");
3570 			skip_set_key = 0;
3571 		} else {
3572 			wpa_printf(MSG_DEBUG, "   pairwise key");
3573 		}
3574 	} else if ((key_flag & KEY_FLAG_PAIRWISE) ||
3575 		   !(key_flag & KEY_FLAG_GROUP)) {
3576 		wpa_printf(MSG_DEBUG,
3577 			   "   invalid key_flag for a broadcast key");
3578 		ret = -EINVAL;
3579 		goto fail;
3580 	} else {
3581 		wpa_printf(MSG_DEBUG, "   broadcast key");
3582 		if (key_flag & KEY_FLAG_DEFAULT)
3583 			skip_set_key = 0;
3584 	}
3585 	if (nla_put_u8(key_msg, NL80211_KEY_IDX, key_idx) ||
3586 	    nla_put_nested(msg, NL80211_ATTR_KEY, key_msg))
3587 		goto fail;
3588 	nl80211_nlmsg_clear(key_msg);
3589 	nlmsg_free(key_msg);
3590 	key_msg = NULL;
3591 
3592 	if (vlan_id && (drv->capa.flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
3593 		wpa_printf(MSG_DEBUG, "nl80211: VLAN ID %d", vlan_id);
3594 		if (nla_put_u16(msg, NL80211_ATTR_VLAN_ID, vlan_id))
3595 			goto fail;
3596 	}
3597 
3598 	if (link_id != -1) {
3599 		wpa_printf(MSG_DEBUG, "nl80211: Link ID %d", link_id);
3600 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
3601 			goto fail;
3602 	}
3603 
3604 	ret = send_and_recv_cmd(drv, msg);
3605 	if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
3606 		ret = 0;
3607 	if (ret)
3608 		wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s",
3609 			   ret, strerror(-ret));
3610 
3611 	/*
3612 	 * If we failed or don't need to set the key as default (below),
3613 	 * we're done here.
3614 	 */
3615 	if (ret || skip_set_key)
3616 		return ret;
3617 	wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_SET_KEY - default key");
3618 
3619 	ret = -ENOBUFS;
3620 	key_msg = nlmsg_alloc();
3621 	if (!key_msg)
3622 		return ret;
3623 
3624 	msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_SET_KEY);
3625 	if (!msg)
3626 		goto fail2;
3627 	if (!key_msg ||
3628 	    nla_put_u8(key_msg, NL80211_KEY_IDX, key_idx) ||
3629 	    nla_put_flag(key_msg, wpa_alg_bip(alg) ?
3630 			 (key_idx == 6 || key_idx == 7 ?
3631 			  NL80211_KEY_DEFAULT_BEACON :
3632 			  NL80211_KEY_DEFAULT_MGMT) :
3633 			 NL80211_KEY_DEFAULT))
3634 		goto fail;
3635 	if (addr && is_broadcast_ether_addr(addr)) {
3636 		struct nlattr *types;
3637 
3638 		types = nla_nest_start(key_msg, NL80211_KEY_DEFAULT_TYPES);
3639 		if (!types ||
3640 		    nla_put_flag(key_msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST))
3641 			goto fail;
3642 		nla_nest_end(key_msg, types);
3643 	} else if (addr) {
3644 		struct nlattr *types;
3645 
3646 		types = nla_nest_start(key_msg, NL80211_KEY_DEFAULT_TYPES);
3647 		if (!types ||
3648 		    nla_put_flag(key_msg, NL80211_KEY_DEFAULT_TYPE_UNICAST))
3649 			goto fail;
3650 		nla_nest_end(key_msg, types);
3651 	}
3652 
3653 	if (nla_put_nested(msg, NL80211_ATTR_KEY, key_msg))
3654 		goto fail;
3655 	nl80211_nlmsg_clear(key_msg);
3656 	nlmsg_free(key_msg);
3657 	key_msg = NULL;
3658 
3659 	if (vlan_id && (drv->capa.flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
3660 		wpa_printf(MSG_DEBUG, "nl80211: set_key default - VLAN ID %d",
3661 			   vlan_id);
3662 		if (nla_put_u16(msg, NL80211_ATTR_VLAN_ID, vlan_id))
3663 			goto fail;
3664 	}
3665 
3666 	if (link_id != -1) {
3667 		wpa_printf(MSG_DEBUG, "nl80211: set_key default - Link ID %d",
3668 			   link_id);
3669 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
3670 			goto fail;
3671 	}
3672 
3673 	ret = send_and_recv_cmd(drv, msg);
3674 	if (ret)
3675 		wpa_printf(MSG_DEBUG,
3676 			   "nl80211: set_key default failed; err=%d %s",
3677 			   ret, strerror(-ret));
3678 	return ret;
3679 
3680 fail:
3681 	nl80211_nlmsg_clear(msg);
3682 	nlmsg_free(msg);
3683 fail2:
3684 	nl80211_nlmsg_clear(key_msg);
3685 	nlmsg_free(key_msg);
3686 	return ret;
3687 }
3688 
3689 
3690 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
3691 		      int key_idx, int defkey,
3692 		      const u8 *seq, size_t seq_len,
3693 		      const u8 *key, size_t key_len)
3694 {
3695 	struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
3696 	u32 suite;
3697 
3698 	if (!key_attr)
3699 		return -1;
3700 
3701 	suite = wpa_alg_to_cipher_suite(alg, key_len);
3702 	if (!suite)
3703 		return -1;
3704 
3705 	if (defkey && wpa_alg_bip(alg)) {
3706 		if (nla_put_flag(msg, NL80211_KEY_DEFAULT_MGMT))
3707 			return -1;
3708 	} else if (defkey) {
3709 		if (nla_put_flag(msg, NL80211_KEY_DEFAULT))
3710 			return -1;
3711 	}
3712 
3713 	if (nla_put_u8(msg, NL80211_KEY_IDX, key_idx) ||
3714 	    nla_put_u32(msg, NL80211_KEY_CIPHER, suite) ||
3715 	    (seq && seq_len &&
3716 	     nla_put(msg, NL80211_KEY_SEQ, seq_len, seq)) ||
3717 	    nla_put(msg, NL80211_KEY_DATA, key_len, key))
3718 		return -1;
3719 
3720 	nla_nest_end(msg, key_attr);
3721 
3722 	return 0;
3723 }
3724 
3725 
3726 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
3727 				 struct nl_msg *msg)
3728 {
3729 	int i, privacy = 0;
3730 	struct nlattr *nl_keys, *nl_key;
3731 
3732 	for (i = 0; i < 4; i++) {
3733 		if (!params->wep_key[i])
3734 			continue;
3735 		privacy = 1;
3736 		break;
3737 	}
3738 	if (params->wps == WPS_MODE_PRIVACY)
3739 		privacy = 1;
3740 	if (params->pairwise_suite &&
3741 	    params->pairwise_suite != WPA_CIPHER_NONE)
3742 		privacy = 1;
3743 
3744 	if (!privacy)
3745 		return 0;
3746 
3747 	if (nla_put_flag(msg, NL80211_ATTR_PRIVACY))
3748 		return -ENOBUFS;
3749 
3750 	nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
3751 	if (!nl_keys)
3752 		return -ENOBUFS;
3753 
3754 	for (i = 0; i < 4; i++) {
3755 		if (!params->wep_key[i])
3756 			continue;
3757 
3758 		nl_key = nla_nest_start(msg, i);
3759 		if (!nl_key ||
3760 		    nla_put(msg, NL80211_KEY_DATA, params->wep_key_len[i],
3761 			    params->wep_key[i]) ||
3762 		    nla_put_u32(msg, NL80211_KEY_CIPHER,
3763 				params->wep_key_len[i] == 5 ?
3764 				RSN_CIPHER_SUITE_WEP40 :
3765 				RSN_CIPHER_SUITE_WEP104) ||
3766 		    nla_put_u8(msg, NL80211_KEY_IDX, i) ||
3767 		    (i == params->wep_tx_keyidx &&
3768 		     nla_put_flag(msg, NL80211_KEY_DEFAULT)))
3769 			return -ENOBUFS;
3770 
3771 		nla_nest_end(msg, nl_key);
3772 	}
3773 	nla_nest_end(msg, nl_keys);
3774 
3775 	return 0;
3776 }
3777 
3778 
3779 int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
3780 			    const u8 *addr, int cmd, u16 reason_code,
3781 			    int local_state_change,
3782 			    struct i802_bss *bss)
3783 {
3784 	int ret;
3785 	struct nl_msg *msg;
3786 
3787 	if (!(msg = nl80211_drv_msg(drv, 0, cmd)) ||
3788 	    nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code) ||
3789 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
3790 	    (local_state_change &&
3791 	     nla_put_flag(msg, NL80211_ATTR_LOCAL_STATE_CHANGE))) {
3792 		nlmsg_free(msg);
3793 		return -1;
3794 	}
3795 
3796 	ret = send_and_recv(drv->global, bss->nl_connect, msg,
3797 			    NULL, NULL, NULL, NULL, NULL);
3798 	if (ret) {
3799 		wpa_dbg(drv->ctx, MSG_DEBUG,
3800 			"nl80211: MLME command failed: reason=%u ret=%d (%s)",
3801 			reason_code, ret, strerror(-ret));
3802 	}
3803 	return ret;
3804 }
3805 
3806 
3807 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
3808 					 u16 reason_code,
3809 					 struct i802_bss *bss)
3810 {
3811 	int ret;
3812 
3813 	wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code);
3814 	nl80211_mark_disconnected(drv);
3815 	/* Disconnect command doesn't need BSSID - it uses cached value */
3816 	ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT,
3817 				      reason_code, 0, bss);
3818 	/*
3819 	 * For locally generated disconnect, supplicant already generates a
3820 	 * DEAUTH event, so ignore the event from NL80211.
3821 	 */
3822 	if (ret == 0)
3823 		drv->ignore_next_local_disconnect = send_event_marker(drv);
3824 
3825 	return ret;
3826 }
3827 
3828 
3829 static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss,
3830 					     const u8 *addr, u16 reason_code)
3831 {
3832 	struct wpa_driver_nl80211_data *drv = bss->drv;
3833 	int ret;
3834 
3835 	if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
3836 		nl80211_mark_disconnected(drv);
3837 		return nl80211_leave_ibss(drv, 1);
3838 	}
3839 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
3840 		return wpa_driver_nl80211_disconnect(drv, reason_code, bss);
3841 	}
3842 	wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
3843 		   __func__, MAC2STR(addr), reason_code);
3844 	nl80211_mark_disconnected(drv);
3845 	ret = wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
3846 				      reason_code, 0, bss);
3847 	/*
3848 	 * For locally generated deauthenticate, supplicant already generates a
3849 	 * DEAUTH event, so ignore the event from NL80211.
3850 	 */
3851 	if (ret == 0)
3852 		drv->ignore_next_local_deauth = send_event_marker(drv);
3853 
3854 	return ret;
3855 }
3856 
3857 
3858 static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv,
3859 				     struct wpa_driver_auth_params *params)
3860 {
3861 	int i;
3862 
3863 	drv->auth_freq = params->freq;
3864 	drv->auth_alg = params->auth_alg;
3865 	drv->auth_wep_tx_keyidx = params->wep_tx_keyidx;
3866 	drv->auth_local_state_change = params->local_state_change;
3867 	drv->auth_p2p = params->p2p;
3868 
3869 	if (params->bssid)
3870 		os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN);
3871 	else
3872 		os_memset(drv->auth_bssid_, 0, ETH_ALEN);
3873 
3874 	if (params->ssid) {
3875 		os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len);
3876 		drv->auth_ssid_len = params->ssid_len;
3877 	} else
3878 		drv->auth_ssid_len = 0;
3879 
3880 
3881 	os_free(drv->auth_ie);
3882 	drv->auth_ie = NULL;
3883 	drv->auth_ie_len = 0;
3884 	if (params->ie) {
3885 		drv->auth_ie = os_malloc(params->ie_len);
3886 		if (drv->auth_ie) {
3887 			os_memcpy(drv->auth_ie, params->ie, params->ie_len);
3888 			drv->auth_ie_len = params->ie_len;
3889 		}
3890 	}
3891 
3892 	if (params->mld && params->ap_mld_addr) {
3893 		drv->auth_mld = params->mld;
3894 		drv->auth_mld_link_id = params->mld_link_id;
3895 		os_memcpy(drv->auth_ap_mld_addr, params->ap_mld_addr, ETH_ALEN);
3896 	} else {
3897 		drv->auth_mld = false;
3898 		drv->auth_mld_link_id = -1;
3899 	}
3900 
3901 	os_free(drv->auth_data);
3902 	drv->auth_data = NULL;
3903 	drv->auth_data_len = 0;
3904 	if (params->auth_data) {
3905 		drv->auth_data = os_memdup(params->auth_data,
3906 					   params->auth_data_len);
3907 		if (drv->auth_data)
3908 			drv->auth_data_len = params->auth_data_len;
3909 	}
3910 
3911 	for (i = 0; i < 4; i++) {
3912 		if (params->wep_key[i] && params->wep_key_len[i] &&
3913 		    params->wep_key_len[i] <= 16) {
3914 			os_memcpy(drv->auth_wep_key[i], params->wep_key[i],
3915 				  params->wep_key_len[i]);
3916 			drv->auth_wep_key_len[i] = params->wep_key_len[i];
3917 		} else
3918 			drv->auth_wep_key_len[i] = 0;
3919 	}
3920 }
3921 
3922 
3923 static void nl80211_unmask_11b_rates(struct i802_bss *bss)
3924 {
3925 	struct wpa_driver_nl80211_data *drv = bss->drv;
3926 
3927 	if (is_p2p_net_interface(drv->nlmode) || !drv->disabled_11b_rates)
3928 		return;
3929 
3930 	/*
3931 	 * Looks like we failed to unmask 11b rates previously. This could
3932 	 * happen, e.g., if the interface was down at the point in time when a
3933 	 * P2P group was terminated.
3934 	 */
3935 	wpa_printf(MSG_DEBUG,
3936 		   "nl80211: Interface %s mode is for non-P2P, but 11b rates were disabled - re-enable them",
3937 		   bss->ifname);
3938 	nl80211_disable_11b_rates(drv, drv->ifindex, 0);
3939 }
3940 
3941 
3942 static enum nl80211_auth_type get_nl_auth_type(int wpa_auth_alg)
3943 {
3944 	if (wpa_auth_alg & WPA_AUTH_ALG_OPEN)
3945 		return NL80211_AUTHTYPE_OPEN_SYSTEM;
3946 	if (wpa_auth_alg & WPA_AUTH_ALG_SHARED)
3947 		return NL80211_AUTHTYPE_SHARED_KEY;
3948 	if (wpa_auth_alg & WPA_AUTH_ALG_LEAP)
3949 		return NL80211_AUTHTYPE_NETWORK_EAP;
3950 	if (wpa_auth_alg & WPA_AUTH_ALG_FT)
3951 		return NL80211_AUTHTYPE_FT;
3952 	if (wpa_auth_alg & WPA_AUTH_ALG_SAE)
3953 		return NL80211_AUTHTYPE_SAE;
3954 	if (wpa_auth_alg & WPA_AUTH_ALG_FILS)
3955 		return NL80211_AUTHTYPE_FILS_SK;
3956 	if (wpa_auth_alg & WPA_AUTH_ALG_FILS_SK_PFS)
3957 		return NL80211_AUTHTYPE_FILS_SK_PFS;
3958 
3959 	return NL80211_AUTHTYPE_MAX;
3960 }
3961 
3962 
3963 static int wpa_driver_nl80211_authenticate(
3964 	struct i802_bss *bss, struct wpa_driver_auth_params *params)
3965 {
3966 	struct wpa_driver_nl80211_data *drv = bss->drv;
3967 	int ret = -1, i;
3968 	struct nl_msg *msg;
3969 	enum nl80211_auth_type type;
3970 	enum nl80211_iftype nlmode;
3971 	int count = 0;
3972 	int is_retry;
3973 	struct wpa_driver_set_key_params p;
3974 
3975 	nl80211_unmask_11b_rates(bss);
3976 
3977 	is_retry = drv->retry_auth;
3978 	drv->retry_auth = 0;
3979 	drv->ignore_deauth_event = 0;
3980 
3981 	nl80211_mark_disconnected(drv);
3982 	os_memset(drv->auth_bssid, 0, ETH_ALEN);
3983 	if (params->bssid)
3984 		os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN);
3985 	else
3986 		os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
3987 	/* FIX: IBSS mode */
3988 	nlmode = params->p2p ?
3989 		NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
3990 	if (drv->nlmode != nlmode &&
3991 	    wpa_driver_nl80211_set_mode(bss, nlmode) < 0)
3992 		return -1;
3993 
3994 retry:
3995 	wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
3996 		   drv->ifindex);
3997 
3998 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_AUTHENTICATE);
3999 	if (!msg)
4000 		goto fail;
4001 
4002 	os_memset(&p, 0, sizeof(p));
4003 	p.ifname = bss->ifname;
4004 	p.alg = WPA_ALG_WEP;
4005 	p.link_id = -1;
4006 	for (i = 0; i < 4; i++) {
4007 		if (!params->wep_key[i])
4008 			continue;
4009 		p.key_idx = i;
4010 		p.set_tx = i == params->wep_tx_keyidx;
4011 		p.key = params->wep_key[i];
4012 		p.key_len = params->wep_key_len[i];
4013 		p.key_flag = i == params->wep_tx_keyidx ?
4014 			KEY_FLAG_GROUP_RX_TX_DEFAULT :
4015 			KEY_FLAG_GROUP_RX_TX;
4016 		wpa_driver_nl80211_set_key(bss, &p);
4017 		if (params->wep_tx_keyidx != i)
4018 			continue;
4019 		if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
4020 			       params->wep_key[i], params->wep_key_len[i]))
4021 			goto fail;
4022 	}
4023 
4024 	if (params->bssid) {
4025 		wpa_printf(MSG_DEBUG, "  * bssid=" MACSTR,
4026 			   MAC2STR(params->bssid));
4027 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
4028 			goto fail;
4029 	}
4030 	if (params->freq) {
4031 		wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq);
4032 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq))
4033 			goto fail;
4034 	}
4035 	if (params->ssid) {
4036 		wpa_printf(MSG_DEBUG, "  * SSID=%s",
4037 			   wpa_ssid_txt(params->ssid, params->ssid_len));
4038 		if (nla_put(msg, NL80211_ATTR_SSID, params->ssid_len,
4039 			    params->ssid))
4040 			goto fail;
4041 	}
4042 	wpa_hexdump(MSG_DEBUG, "  * IEs", params->ie, params->ie_len);
4043 	if (params->ie &&
4044 	    nla_put(msg, NL80211_ATTR_IE, params->ie_len, params->ie))
4045 		goto fail;
4046 	if (params->auth_data) {
4047 		wpa_hexdump(MSG_DEBUG, "  * auth_data", params->auth_data,
4048 			    params->auth_data_len);
4049 		if (nla_put(msg, NL80211_ATTR_SAE_DATA, params->auth_data_len,
4050 			    params->auth_data))
4051 			goto fail;
4052 	}
4053 	type = get_nl_auth_type(params->auth_alg);
4054 	wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
4055 	if (type == NL80211_AUTHTYPE_MAX ||
4056 	    nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE, type))
4057 		goto fail;
4058 	if (params->local_state_change) {
4059 		wpa_printf(MSG_DEBUG, "  * Local state change only");
4060 		if (nla_put_flag(msg, NL80211_ATTR_LOCAL_STATE_CHANGE))
4061 			goto fail;
4062 	}
4063 
4064 	if (params->mld && params->ap_mld_addr) {
4065 		wpa_printf(MSG_DEBUG, "  * MLD: link_id=%u, MLD addr=" MACSTR,
4066 			   params->mld_link_id, MAC2STR(params->ap_mld_addr));
4067 
4068 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
4069 			       params->mld_link_id) ||
4070 		    nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
4071 			    params->ap_mld_addr))
4072 			goto fail;
4073 	}
4074 
4075 	ret = send_and_recv_cmd(drv, msg);
4076 	msg = NULL;
4077 	if (ret) {
4078 		wpa_dbg(drv->ctx, MSG_DEBUG,
4079 			"nl80211: MLME command failed (auth): count=%d ret=%d (%s)",
4080 			count, ret, strerror(-ret));
4081 		count++;
4082 		if ((ret == -EALREADY || ret == -EEXIST) && count == 1 &&
4083 		    params->bssid && !params->local_state_change) {
4084 			/*
4085 			 * mac80211 does not currently accept new
4086 			 * authentication if we are already authenticated. As a
4087 			 * workaround, force deauthentication and try again.
4088 			 */
4089 			wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
4090 				   "after forced deauthentication");
4091 			drv->ignore_deauth_event = 1;
4092 			wpa_driver_nl80211_deauthenticate(
4093 				bss, params->bssid,
4094 				WLAN_REASON_PREV_AUTH_NOT_VALID);
4095 			nlmsg_free(msg);
4096 			goto retry;
4097 		}
4098 
4099 		if (ret == -ENOENT && params->freq && !is_retry) {
4100 			/*
4101 			 * cfg80211 has likely expired the BSS entry even
4102 			 * though it was previously available in our internal
4103 			 * BSS table. To recover quickly, start a single
4104 			 * channel scan on the specified channel.
4105 			 */
4106 			struct wpa_driver_scan_params scan;
4107 			int freqs[2];
4108 
4109 			os_memset(&scan, 0, sizeof(scan));
4110 			scan.num_ssids = 1;
4111 			if (params->ssid) {
4112 				scan.ssids[0].ssid = params->ssid;
4113 				scan.ssids[0].ssid_len = params->ssid_len;
4114 			}
4115 			freqs[0] = params->freq;
4116 			freqs[1] = 0;
4117 			scan.freqs = freqs;
4118 			wpa_printf(MSG_DEBUG, "nl80211: Trigger single "
4119 				   "channel scan to refresh cfg80211 BSS "
4120 				   "entry");
4121 			ret = wpa_driver_nl80211_scan(bss, &scan);
4122 			if (ret == 0) {
4123 				nl80211_copy_auth_params(drv, params);
4124 				drv->scan_for_auth = 1;
4125 			}
4126 		} else if (is_retry) {
4127 			/*
4128 			 * Need to indicate this with an event since the return
4129 			 * value from the retry is not delivered to core code.
4130 			 */
4131 			union wpa_event_data event;
4132 			wpa_printf(MSG_DEBUG, "nl80211: Authentication retry "
4133 				   "failed");
4134 			os_memset(&event, 0, sizeof(event));
4135 			os_memcpy(event.timeout_event.addr, drv->auth_bssid_,
4136 				  ETH_ALEN);
4137 			wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT,
4138 					     &event);
4139 		}
4140 	} else {
4141 		wpa_printf(MSG_DEBUG,
4142 			   "nl80211: Authentication request send successfully");
4143 	}
4144 
4145 fail:
4146 	nlmsg_free(msg);
4147 	return ret;
4148 }
4149 
4150 
4151 int wpa_driver_nl80211_authenticate_retry(struct wpa_driver_nl80211_data *drv)
4152 {
4153 	struct wpa_driver_auth_params params;
4154 	struct i802_bss *bss = drv->first_bss;
4155 	u8 ap_mld_addr[ETH_ALEN];
4156 	int i;
4157 
4158 	wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again");
4159 
4160 	os_memset(&params, 0, sizeof(params));
4161 	params.freq = drv->auth_freq;
4162 	params.auth_alg = drv->auth_alg;
4163 	params.wep_tx_keyidx = drv->auth_wep_tx_keyidx;
4164 	params.local_state_change = drv->auth_local_state_change;
4165 	params.p2p = drv->auth_p2p;
4166 
4167 	if (!is_zero_ether_addr(drv->auth_bssid_))
4168 		params.bssid = drv->auth_bssid_;
4169 
4170 	if (drv->auth_ssid_len) {
4171 		params.ssid = drv->auth_ssid;
4172 		params.ssid_len = drv->auth_ssid_len;
4173 	}
4174 
4175 	params.ie = drv->auth_ie;
4176 	params.ie_len = drv->auth_ie_len;
4177 	params.auth_data = drv->auth_data;
4178 	params.auth_data_len = drv->auth_data_len;
4179 	params.mld = drv->auth_mld;
4180 	params.mld_link_id = drv->auth_mld_link_id;
4181 	if (drv->auth_mld) {
4182 		os_memcpy(ap_mld_addr, drv->auth_ap_mld_addr, ETH_ALEN);
4183 		params.ap_mld_addr = ap_mld_addr;
4184 	}
4185 
4186 	for (i = 0; i < 4; i++) {
4187 		if (drv->auth_wep_key_len[i]) {
4188 			params.wep_key[i] = drv->auth_wep_key[i];
4189 			params.wep_key_len[i] = drv->auth_wep_key_len[i];
4190 		}
4191 	}
4192 
4193 	drv->retry_auth = 1;
4194 	return wpa_driver_nl80211_authenticate(bss, &params);
4195 }
4196 
4197 
4198 struct i802_link * nl80211_get_link(struct i802_bss *bss, s8 link_id)
4199 {
4200 	if (link_id < 0 || link_id >= MAX_NUM_MLD_LINKS)
4201 		return bss->flink;
4202 
4203 	if (BIT(link_id) & bss->valid_links)
4204 		return &bss->links[link_id];
4205 
4206 	return bss->flink;
4207 }
4208 
4209 
4210 static void nl80211_link_set_freq(struct i802_bss *bss, s8 link_id, int freq)
4211 {
4212 	struct i802_link *link = nl80211_get_link(bss, link_id);
4213 
4214 	link->freq = freq;
4215 }
4216 
4217 
4218 static int nl80211_get_link_freq(struct i802_bss *bss, const u8 *addr,
4219 				 bool bss_freq_debug)
4220 {
4221 	u8 i;
4222 
4223 	for_each_link(bss->valid_links, i) {
4224 		if (ether_addr_equal(bss->links[i].addr, addr)) {
4225 			wpa_printf(MSG_DEBUG,
4226 				   "nl80211: Use link freq=%d for address "
4227 				   MACSTR,
4228 				   bss->links[i].freq, MAC2STR(addr));
4229 			return bss->links[i].freq;
4230 		}
4231 	}
4232 
4233 	if (bss_freq_debug)
4234 		wpa_printf(MSG_DEBUG, "nl80211: Use bss->freq=%d",
4235 			   bss->flink->freq);
4236 
4237 	return bss->flink->freq;
4238 }
4239 
4240 
4241 static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data,
4242 					size_t data_len, int noack,
4243 					unsigned int freq, int no_cck,
4244 					int offchanok,
4245 					unsigned int wait_time,
4246 					const u16 *csa_offs,
4247 					size_t csa_offs_len, int no_encrypt,
4248 					int link_id)
4249 {
4250 	struct wpa_driver_nl80211_data *drv = bss->drv;
4251 	struct ieee80211_mgmt *mgmt;
4252 	int encrypt = !no_encrypt;
4253 	u16 fc;
4254 	int use_cookie = 1;
4255 	int res;
4256 	struct i802_link *link = nl80211_get_link(bss, link_id);
4257 
4258 	mgmt = (struct ieee80211_mgmt *) data;
4259 	fc = le_to_host16(mgmt->frame_control);
4260 	wpa_printf(MSG_DEBUG, "nl80211: send_mlme - da=" MACSTR " sa=" MACSTR
4261 		   " bssid=" MACSTR
4262 		   " noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u no_encrypt=%d fc=0x%x (%s) nlmode=%d",
4263 		   MAC2STR(mgmt->da), MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid),
4264 		   noack, freq, no_cck, offchanok, wait_time,
4265 		   no_encrypt, fc, fc2str(fc), drv->nlmode);
4266 
4267 	if ((is_sta_interface(drv->nlmode) ||
4268 	     drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) &&
4269 	    WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4270 	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
4271 		/*
4272 		 * The use of last_mgmt_freq is a bit of a hack,
4273 		 * but it works due to the single-threaded nature
4274 		 * of wpa_supplicant.
4275 		 */
4276 		if (freq == 0) {
4277 			wpa_printf(MSG_DEBUG, "nl80211: Use last_mgmt_freq=%d",
4278 				   drv->last_mgmt_freq);
4279 			freq = drv->last_mgmt_freq;
4280 		}
4281 		wait_time = 0;
4282 		use_cookie = 0;
4283 		no_cck = 1;
4284 		offchanok = 1;
4285 		goto send_frame_cmd;
4286 	}
4287 
4288 	if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) {
4289 		unsigned int link_freq = nl80211_get_link_freq(bss, mgmt->sa,
4290 							       !freq);
4291 
4292 		if (!freq)
4293 			freq = link_freq;
4294 
4295 		if (freq == link_freq)
4296 			wait_time = 0;
4297 
4298 		goto send_frame_cmd;
4299 	}
4300 
4301 	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4302 	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
4303 		/*
4304 		 * Only one of the authentication frame types is encrypted.
4305 		 * In order for static WEP encryption to work properly (i.e.,
4306 		 * to not encrypt the frame), we need to tell mac80211 about
4307 		 * the frames that must not be encrypted.
4308 		 */
4309 		u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
4310 		u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
4311 		if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
4312 			encrypt = 0;
4313 	}
4314 
4315 	if (is_sta_interface(drv->nlmode) &&
4316 	    WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4317 	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
4318 		if (freq == 0 &&
4319 		    (drv->capa.flags & WPA_DRIVER_FLAGS_SAE) &&
4320 		    !(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
4321 			freq = nl80211_get_assoc_freq(drv);
4322 			wpa_printf(MSG_DEBUG,
4323 				   "nl80211: send_mlme - Use assoc_freq=%u for external auth",
4324 				   freq);
4325 		}
4326 
4327 		/* Allow off channel for PASN authentication */
4328 		if (data_len >= IEEE80211_HDRLEN + 2 &&
4329 		    WPA_GET_LE16(data + IEEE80211_HDRLEN) == WLAN_AUTH_PASN &&
4330 		    !offchanok) {
4331 			wpa_printf(MSG_DEBUG,
4332 				   "nl80211: send_mlme: allow off channel for PASN");
4333 			offchanok = 1;
4334 		}
4335 	}
4336 
4337 #ifdef CONFIG_PASN
4338 	if (is_sta_interface(drv->nlmode) &&
4339 	    WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4340 	     WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_DEAUTH) {
4341 		wpa_printf(MSG_DEBUG,
4342 			   "nl80211: send_mlme: allow Deauthentication frame for PASN");
4343 
4344 		use_cookie = 0;
4345 		offchanok = 1;
4346 		goto send_frame_cmd;
4347 	}
4348 #endif /* CONFIG_PASN */
4349 
4350 	if (freq == 0 && drv->nlmode == NL80211_IFTYPE_ADHOC) {
4351 		freq = nl80211_get_assoc_freq(drv);
4352 		wpa_printf(MSG_DEBUG,
4353 			   "nl80211: send_mlme - Use assoc_freq=%u for IBSS",
4354 			   freq);
4355 	}
4356 	if (freq == 0) {
4357 		wpa_printf(MSG_DEBUG, "nl80211: send_mlme - Use bss->freq=%u",
4358 			   link->freq);
4359 		freq = link->freq;
4360 	}
4361 
4362 	if (drv->use_monitor && is_ap_interface(drv->nlmode)) {
4363 		wpa_printf(MSG_DEBUG,
4364 			   "nl80211: send_frame(freq=%u bss->freq=%u) -> send_monitor",
4365 			   freq, link->freq);
4366 		return nl80211_send_monitor(drv, data, data_len, encrypt,
4367 					    noack);
4368 	}
4369 
4370 	if ((noack || WLAN_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT ||
4371 	     WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ACTION) &&
4372 	    link_id == NL80211_DRV_LINK_ID_NA)
4373 		use_cookie = 0;
4374 send_frame_cmd:
4375 #ifdef CONFIG_TESTING_OPTIONS
4376 	if (no_encrypt && !encrypt && !drv->use_monitor) {
4377 		wpa_printf(MSG_DEBUG,
4378 			   "nl80211: Request to send an unencrypted frame - use a monitor interface for this");
4379 		if (nl80211_create_monitor_interface(drv) < 0)
4380 			return -1;
4381 		res = nl80211_send_monitor(drv, data, data_len, encrypt,
4382 					   noack);
4383 		nl80211_remove_monitor_interface(drv);
4384 		return res;
4385 	}
4386 #endif /* CONFIG_TESTING_OPTIONS */
4387 
4388 	wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame_cmd");
4389 	res = nl80211_send_frame_cmd(bss, freq, wait_time, data, data_len,
4390 				     use_cookie, no_cck, noack, offchanok,
4391 				     csa_offs, csa_offs_len, link_id);
4392 	if (!res)
4393 		drv->send_frame_link_id = link_id;
4394 
4395 	return res;
4396 }
4397 
4398 
4399 static int nl80211_put_basic_rates(struct nl_msg *msg, const int *basic_rates)
4400 {
4401 	u8 rates[NL80211_MAX_SUPP_RATES];
4402 	u8 rates_len = 0;
4403 	int i;
4404 
4405 	if (!basic_rates)
4406 		return 0;
4407 
4408 	for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
4409 		rates[rates_len++] = basic_rates[i] / 5;
4410 
4411 	return nla_put(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
4412 }
4413 
4414 
4415 static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble,
4416 			   int slot, int ht_opmode, int ap_isolate,
4417 			   const int *basic_rates, int link_id)
4418 {
4419 	struct wpa_driver_nl80211_data *drv = bss->drv;
4420 	struct nl_msg *msg;
4421 
4422 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_BSS)) ||
4423 	    (cts >= 0 &&
4424 	     nla_put_u8(msg, NL80211_ATTR_BSS_CTS_PROT, cts)) ||
4425 	    (preamble >= 0 &&
4426 	     nla_put_u8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble)) ||
4427 	    (slot >= 0 &&
4428 	     nla_put_u8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot)) ||
4429 	    (ht_opmode >= 0 &&
4430 	     nla_put_u16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode)) ||
4431 	    (ap_isolate >= 0 &&
4432 	     nla_put_u8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate)) ||
4433 	    nl80211_put_basic_rates(msg, basic_rates) ||
4434 	    (link_id != NL80211_DRV_LINK_ID_NA &&
4435 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))) {
4436 		nlmsg_free(msg);
4437 		return -ENOBUFS;
4438 	}
4439 
4440 	return send_and_recv_cmd(drv, msg);
4441 }
4442 
4443 
4444 static int wpa_driver_nl80211_set_acl(void *priv,
4445 				      struct hostapd_acl_params *params)
4446 {
4447 	struct i802_bss *bss = priv;
4448 	struct wpa_driver_nl80211_data *drv = bss->drv;
4449 	struct nl_msg *msg;
4450 	struct nl_msg *acl;
4451 	unsigned int i;
4452 	int ret;
4453 	size_t acl_nla_sz, acl_nlmsg_sz, nla_sz, nlmsg_sz;
4454 
4455 	if (!(drv->capa.max_acl_mac_addrs))
4456 		return -ENOTSUP;
4457 
4458 	if (params->num_mac_acl > drv->capa.max_acl_mac_addrs)
4459 		return -ENOTSUP;
4460 
4461 	wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)",
4462 		   params->acl_policy ? "Accept" : "Deny", params->num_mac_acl);
4463 
4464 	acl_nla_sz = nla_total_size(ETH_ALEN) * params->num_mac_acl;
4465 	acl_nlmsg_sz = nlmsg_total_size(acl_nla_sz);
4466 	acl = nlmsg_alloc_size(acl_nlmsg_sz);
4467 	if (!acl)
4468 		return -ENOMEM;
4469 	for (i = 0; i < params->num_mac_acl; i++) {
4470 		if (nla_put(acl, i + 1, ETH_ALEN, params->mac_acl[i].addr)) {
4471 			nlmsg_free(acl);
4472 			return -ENOMEM;
4473 		}
4474 	}
4475 
4476 	/*
4477 	 * genetlink message header (Length of user header is 0) +
4478 	 * u32 attr: NL80211_ATTR_IFINDEX +
4479 	 * u32 attr: NL80211_ATTR_ACL_POLICY +
4480 	 * nested acl attr
4481 	 */
4482 	nla_sz = GENL_HDRLEN +
4483 		nla_total_size(4) * 2 +
4484 		nla_total_size(acl_nla_sz);
4485 	nlmsg_sz = nlmsg_total_size(nla_sz);
4486 	if (!(msg = nl80211_ifindex_msg_build(drv, nlmsg_alloc_size(nlmsg_sz),
4487 					      drv->ifindex, 0,
4488 					      NL80211_CMD_SET_MAC_ACL)) ||
4489 	    nla_put_u32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ?
4490 			NL80211_ACL_POLICY_DENY_UNLESS_LISTED :
4491 			NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED) ||
4492 	    nla_put_nested(msg, NL80211_ATTR_MAC_ADDRS, acl)) {
4493 		nlmsg_free(msg);
4494 		nlmsg_free(acl);
4495 		return -ENOMEM;
4496 	}
4497 	nlmsg_free(acl);
4498 
4499 	ret = send_and_recv_cmd(drv, msg);
4500 	if (ret) {
4501 		wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)",
4502 			   ret, strerror(-ret));
4503 	}
4504 
4505 	return ret;
4506 }
4507 
4508 
4509 static int nl80211_put_beacon_int(struct nl_msg *msg, int beacon_int)
4510 {
4511 	if (beacon_int > 0) {
4512 		wpa_printf(MSG_DEBUG, "  * beacon_int=%d", beacon_int);
4513 		return nla_put_u32(msg, NL80211_ATTR_BEACON_INTERVAL,
4514 				   beacon_int);
4515 	}
4516 
4517 	return 0;
4518 }
4519 
4520 
4521 static int nl80211_put_dtim_period(struct nl_msg *msg, int dtim_period)
4522 {
4523 	if (dtim_period > 0) {
4524 		wpa_printf(MSG_DEBUG, "  * dtim_period=%d", dtim_period);
4525 		return nla_put_u32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period);
4526 	}
4527 
4528 	return 0;
4529 }
4530 
4531 
4532 #ifdef CONFIG_MESH
4533 static int nl80211_set_mesh_config(void *priv,
4534 				   struct wpa_driver_mesh_bss_params *params)
4535 {
4536 	struct i802_bss *bss = priv;
4537 	struct wpa_driver_nl80211_data *drv = bss->drv;
4538 	struct nl_msg *msg;
4539 	int ret;
4540 
4541 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_MESH_CONFIG);
4542 	if (!msg)
4543 		return -1;
4544 
4545 	ret = nl80211_put_mesh_config(msg, params);
4546 	if (ret < 0) {
4547 		nlmsg_free(msg);
4548 		return ret;
4549 	}
4550 
4551 	ret = send_and_recv_cmd(drv, msg);
4552 	if (ret) {
4553 		wpa_printf(MSG_ERROR,
4554 			   "nl80211: Mesh config set failed: %d (%s)",
4555 			   ret, strerror(-ret));
4556 		return ret;
4557 	}
4558 	return 0;
4559 }
4560 #endif /* CONFIG_MESH */
4561 
4562 
4563 static int nl80211_put_beacon_rate(struct nl_msg *msg, u64 flags, u64 flags2,
4564 				   struct wpa_driver_ap_params *params)
4565 {
4566 	struct nlattr *bands, *band;
4567 	struct nl80211_txrate_vht vht_rate;
4568 	struct nl80211_txrate_he he_rate;
4569 
4570 	if (!params->freq ||
4571 	    (params->beacon_rate == 0 &&
4572 	     params->rate_type == BEACON_RATE_LEGACY))
4573 		return 0;
4574 
4575 	bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
4576 	if (!bands)
4577 		return -1;
4578 
4579 	switch (params->freq->mode) {
4580 	case HOSTAPD_MODE_IEEE80211B:
4581 	case HOSTAPD_MODE_IEEE80211G:
4582 		band = nla_nest_start(msg, NL80211_BAND_2GHZ);
4583 		break;
4584 	case HOSTAPD_MODE_IEEE80211A:
4585 		if (is_6ghz_freq(params->freq->freq))
4586 			band = nla_nest_start(msg, NL80211_BAND_6GHZ);
4587 		else
4588 			band = nla_nest_start(msg, NL80211_BAND_5GHZ);
4589 		break;
4590 	case HOSTAPD_MODE_IEEE80211AD:
4591 		band = nla_nest_start(msg, NL80211_BAND_60GHZ);
4592 		break;
4593 	default:
4594 		return 0;
4595 	}
4596 
4597 	if (!band)
4598 		return -1;
4599 
4600 	os_memset(&vht_rate, 0, sizeof(vht_rate));
4601 	os_memset(&he_rate, 0, sizeof(he_rate));
4602 
4603 	switch (params->rate_type) {
4604 	case BEACON_RATE_LEGACY:
4605 		if (!(flags & WPA_DRIVER_FLAGS_BEACON_RATE_LEGACY)) {
4606 			wpa_printf(MSG_INFO,
4607 				   "nl80211: Driver does not support setting Beacon frame rate (legacy)");
4608 			return -1;
4609 		}
4610 
4611 		if (nla_put_u8(msg, NL80211_TXRATE_LEGACY,
4612 			       (u8) (params->beacon_rate / 5)) ||
4613 		    nla_put(msg, NL80211_TXRATE_HT, 0, NULL) ||
4614 		    (params->freq->vht_enabled &&
4615 		     nla_put(msg, NL80211_TXRATE_VHT, sizeof(vht_rate),
4616 			     &vht_rate)))
4617 			return -1;
4618 
4619 		wpa_printf(MSG_DEBUG, " * beacon_rate = legacy:%u (* 100 kbps)",
4620 			   params->beacon_rate);
4621 		break;
4622 	case BEACON_RATE_HT:
4623 		if (!(flags & WPA_DRIVER_FLAGS_BEACON_RATE_HT)) {
4624 			wpa_printf(MSG_INFO,
4625 				   "nl80211: Driver does not support setting Beacon frame rate (HT)");
4626 			return -1;
4627 		}
4628 		if (nla_put(msg, NL80211_TXRATE_LEGACY, 0, NULL) ||
4629 		    nla_put_u8(msg, NL80211_TXRATE_HT, params->beacon_rate) ||
4630 		    (params->freq->vht_enabled &&
4631 		     nla_put(msg, NL80211_TXRATE_VHT, sizeof(vht_rate),
4632 			     &vht_rate)))
4633 			return -1;
4634 		wpa_printf(MSG_DEBUG, " * beacon_rate = HT-MCS %u",
4635 			   params->beacon_rate);
4636 		break;
4637 	case BEACON_RATE_VHT:
4638 		if (!(flags & WPA_DRIVER_FLAGS_BEACON_RATE_VHT)) {
4639 			wpa_printf(MSG_INFO,
4640 				   "nl80211: Driver does not support setting Beacon frame rate (VHT)");
4641 			return -1;
4642 		}
4643 		vht_rate.mcs[0] = BIT(params->beacon_rate);
4644 		if (nla_put(msg, NL80211_TXRATE_LEGACY, 0, NULL))
4645 			return -1;
4646 		if (nla_put(msg, NL80211_TXRATE_HT, 0, NULL))
4647 			return -1;
4648 		if (nla_put(msg, NL80211_TXRATE_VHT, sizeof(vht_rate),
4649 			    &vht_rate))
4650 			return -1;
4651 		wpa_printf(MSG_DEBUG, " * beacon_rate = VHT-MCS %u",
4652 			   params->beacon_rate);
4653 		break;
4654 	case BEACON_RATE_HE:
4655 		if (!(flags2 & WPA_DRIVER_FLAGS2_BEACON_RATE_HE)) {
4656 			wpa_printf(MSG_INFO,
4657 				   "nl80211: Driver does not support setting Beacon frame rate (HE)");
4658 			return -1;
4659 		}
4660 		he_rate.mcs[0] = BIT(params->beacon_rate);
4661 		if (nla_put(msg, NL80211_TXRATE_LEGACY, 0, NULL) ||
4662 		    nla_put(msg, NL80211_TXRATE_HT, 0, NULL) ||
4663 		    nla_put(msg, NL80211_TXRATE_VHT, sizeof(vht_rate),
4664 			    &vht_rate) ||
4665 		    nla_put(msg, NL80211_TXRATE_HE, sizeof(he_rate), &he_rate))
4666 			return -1;
4667 		wpa_printf(MSG_DEBUG, " * beacon_rate = HE-MCS %u",
4668 			   params->beacon_rate);
4669 		break;
4670 	}
4671 
4672 	nla_nest_end(msg, band);
4673 	nla_nest_end(msg, bands);
4674 
4675 	return 0;
4676 }
4677 
4678 
4679 static int nl80211_set_multicast_to_unicast(struct i802_bss *bss,
4680 					    int multicast_to_unicast)
4681 {
4682 	struct wpa_driver_nl80211_data *drv = bss->drv;
4683 	struct nl_msg *msg;
4684 	int ret;
4685 
4686 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_MULTICAST_TO_UNICAST);
4687 	if (!msg ||
4688 	    (multicast_to_unicast &&
4689 	     nla_put_flag(msg, NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED))) {
4690 		wpa_printf(MSG_ERROR,
4691 			   "nl80211: Failed to build NL80211_CMD_SET_MULTICAST_TO_UNICAST msg for %s",
4692 			   bss->ifname);
4693 		nlmsg_free(msg);
4694 		return -ENOBUFS;
4695 	}
4696 
4697 	ret = send_and_recv_cmd(drv, msg);
4698 
4699 	switch (ret) {
4700 	case 0:
4701 		wpa_printf(MSG_DEBUG,
4702 			   "nl80211: multicast to unicast %s on interface %s",
4703 			   multicast_to_unicast ? "enabled" : "disabled",
4704 			   bss->ifname);
4705 		break;
4706 	case -EOPNOTSUPP:
4707 		if (!multicast_to_unicast)
4708 			break;
4709 		wpa_printf(MSG_INFO,
4710 			   "nl80211: multicast to unicast not supported on interface %s",
4711 			   bss->ifname);
4712 		break;
4713 	default:
4714 		wpa_printf(MSG_ERROR,
4715 			   "nl80211: %s multicast to unicast failed with %d (%s) on interface %s",
4716 			   multicast_to_unicast ? "enabling" : "disabling",
4717 			   ret, strerror(-ret), bss->ifname);
4718 		break;
4719 	}
4720 
4721 	return ret;
4722 }
4723 
4724 
4725 #ifdef CONFIG_SAE
4726 static int nl80211_put_sae_pwe(struct nl_msg *msg, enum sae_pwe pwe)
4727 {
4728 	u8 sae_pwe;
4729 
4730 	wpa_printf(MSG_DEBUG, "nl802111: sae_pwe=%d", pwe);
4731 	if (pwe == SAE_PWE_HUNT_AND_PECK)
4732 		sae_pwe = NL80211_SAE_PWE_HUNT_AND_PECK;
4733 	else if (pwe == SAE_PWE_HASH_TO_ELEMENT)
4734 		sae_pwe = NL80211_SAE_PWE_HASH_TO_ELEMENT;
4735 	else if (pwe == SAE_PWE_BOTH)
4736 		sae_pwe = NL80211_SAE_PWE_BOTH;
4737 	else if (pwe == SAE_PWE_FORCE_HUNT_AND_PECK)
4738 		return 0; /* special test mode */
4739 	else
4740 		return -1;
4741 	if (nla_put_u8(msg, NL80211_ATTR_SAE_PWE, sae_pwe))
4742 		return -1;
4743 
4744 	return 0;
4745 }
4746 #endif /* CONFIG_SAE */
4747 
4748 
4749 #ifdef CONFIG_FILS
4750 static int nl80211_fils_discovery(struct i802_bss *bss, struct nl_msg *msg,
4751 				  struct wpa_driver_ap_params *params)
4752 {
4753 	struct nlattr *attr;
4754 
4755 	if (!bss->drv->fils_discovery) {
4756 		wpa_printf(MSG_ERROR,
4757 			   "nl80211: Driver does not support FILS Discovery frame transmission for %s",
4758 			   bss->ifname);
4759 		return -1;
4760 	}
4761 
4762 	attr = nla_nest_start(msg, NL80211_ATTR_FILS_DISCOVERY);
4763 	if (!attr ||
4764 	    nla_put_u32(msg, NL80211_FILS_DISCOVERY_ATTR_INT_MIN,
4765 			params->fd_min_int) ||
4766 	    nla_put_u32(msg, NL80211_FILS_DISCOVERY_ATTR_INT_MAX,
4767 			params->fd_max_int) ||
4768 	    (params->fd_frame_tmpl &&
4769 	     nla_put(msg, NL80211_FILS_DISCOVERY_ATTR_TMPL,
4770 		     params->fd_frame_tmpl_len, params->fd_frame_tmpl)))
4771 		return -1;
4772 
4773 	nla_nest_end(msg, attr);
4774 	return 0;
4775 }
4776 #endif /* CONFIG_FILS */
4777 
4778 
4779 #ifdef CONFIG_IEEE80211AX
4780 
4781 static int nl80211_unsol_bcast_probe_resp(struct i802_bss *bss,
4782 					  struct nl_msg *msg,
4783 					  struct unsol_bcast_probe_resp *ubpr)
4784 {
4785 	struct nlattr *attr;
4786 
4787 	if (!bss->drv->unsol_bcast_probe_resp) {
4788 		wpa_printf(MSG_ERROR,
4789 			   "nl80211: Driver does not support unsolicited broadcast Probe Response frame transmission for %s",
4790 			   bss->ifname);
4791 		return -1;
4792 	}
4793 
4794 	wpa_printf(MSG_DEBUG,
4795 		   "nl80211: Unsolicited broadcast Probe Response frame interval: %u",
4796 		   ubpr->unsol_bcast_probe_resp_interval);
4797 	attr = nla_nest_start(msg, NL80211_ATTR_UNSOL_BCAST_PROBE_RESP);
4798 	if (!attr ||
4799 	    nla_put_u32(msg, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT,
4800 			ubpr->unsol_bcast_probe_resp_interval) ||
4801 	    (ubpr->unsol_bcast_probe_resp_tmpl &&
4802 	     nla_put(msg, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL,
4803 		     ubpr->unsol_bcast_probe_resp_tmpl_len,
4804 		     ubpr->unsol_bcast_probe_resp_tmpl)))
4805 		return -1;
4806 
4807 	nla_nest_end(msg, attr);
4808 	return 0;
4809 }
4810 
4811 
4812 static int nl80211_mbssid(struct nl_msg *msg,
4813 			 struct wpa_driver_ap_params *params)
4814 {
4815 	struct nlattr *config, *elems;
4816 	int ifidx;
4817 
4818 	if (!params->mbssid_tx_iface)
4819 		return 0;
4820 
4821 	config = nla_nest_start(msg, NL80211_ATTR_MBSSID_CONFIG);
4822 	if (!config ||
4823 	    nla_put_u8(msg, NL80211_MBSSID_CONFIG_ATTR_INDEX,
4824 		       params->mbssid_index))
4825 		return -1;
4826 
4827 	if (params->mbssid_tx_iface) {
4828 		ifidx = if_nametoindex(params->mbssid_tx_iface);
4829 		if (ifidx <= 0 ||
4830 		    nla_put_u32(msg, NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX,
4831 				ifidx))
4832 			return -1;
4833 	}
4834 
4835 	if (params->ema && nla_put_flag(msg, NL80211_MBSSID_CONFIG_ATTR_EMA))
4836 		return -1;
4837 
4838 	nla_nest_end(msg, config);
4839 
4840 	if (params->mbssid_elem_count && params->mbssid_elem_len &&
4841 	    params->mbssid_elem_offset && *params->mbssid_elem_offset) {
4842 		u8 i, **offs = params->mbssid_elem_offset;
4843 
4844 		elems = nla_nest_start(msg, NL80211_ATTR_MBSSID_ELEMS);
4845 		if (!elems)
4846 			return -1;
4847 
4848 		for (i = 0; i < params->mbssid_elem_count - 1; i++) {
4849 			if (nla_put(msg, i + 1, offs[i + 1] - offs[i], offs[i]))
4850 				return -1;
4851 		}
4852 
4853 		if (nla_put(msg, i + 1,
4854 			    *offs + params->mbssid_elem_len - offs[i],
4855 			    offs[i]))
4856 			return -1;
4857 
4858 		nla_nest_end(msg, elems);
4859 	}
4860 
4861 	if (!params->ema)
4862 		return 0;
4863 
4864 	if (params->rnr_elem_count && params->rnr_elem_len &&
4865 	    params->rnr_elem_offset && *params->rnr_elem_offset) {
4866 		u8 i, **offs = params->rnr_elem_offset;
4867 
4868 		elems = nla_nest_start(msg, NL80211_ATTR_EMA_RNR_ELEMS);
4869 		if (!elems)
4870 			return -1;
4871 
4872 		for (i = 0; i < params->rnr_elem_count - 1; i++) {
4873 			if (nla_put(msg, i + 1, offs[i + 1] - offs[i], offs[i]))
4874 				return -1;
4875 		}
4876 
4877 		if (nla_put(msg, i + 1, *offs + params->rnr_elem_len - offs[i],
4878 			    offs[i]))
4879 			return -1;
4880 		nla_nest_end(msg, elems);
4881 	}
4882 
4883 	return 0;
4884 }
4885 
4886 #endif /* CONFIG_IEEE80211AX */
4887 
4888 
4889 #ifdef CONFIG_DRIVER_NL80211_QCA
4890 static void qca_set_allowed_ap_freqs(struct wpa_driver_nl80211_data *drv,
4891 				     const int *freqs, int num_freqs,
4892 				     int link_id)
4893 {
4894 	struct nl_msg *msg;
4895 	struct nlattr *params, *freqs_list;
4896 	int i, ret;
4897 
4898 	if (!drv->set_wifi_conf_vendor_cmd_avail || !drv->qca_ap_allowed_freqs)
4899 		return;
4900 
4901 	wpa_printf(MSG_DEBUG, "nl80211: Set AP allowed frequency list");
4902 
4903 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
4904 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
4905 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
4906 			QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION) ||
4907 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)))
4908 		goto err;
4909 
4910 	if (link_id != NL80211_DRV_LINK_ID_NA &&
4911 	    nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_CONFIG_MLO_LINK_ID, link_id))
4912 		goto err;
4913 
4914 	freqs_list = nla_nest_start(
4915 		msg, QCA_WLAN_VENDOR_ATTR_CONFIG_AP_ALLOWED_FREQ_LIST);
4916 	if (!freqs_list)
4917 		goto err;
4918 
4919 	for (i = 0; i < num_freqs; i++) {
4920 		if (nla_put_u32(msg, i, freqs[i]))
4921 			goto err;
4922 	}
4923 
4924 	nla_nest_end(msg, freqs_list);
4925 	nla_nest_end(msg, params);
4926 
4927 	ret = send_and_recv_cmd(drv, msg);
4928 	if (ret)
4929 		wpa_printf(MSG_ERROR,
4930 			   "nl80211: Failed set AP alllowed frequency list: %d (%s)",
4931 			   ret, strerror(-ret));
4932 
4933 	return;
4934 err:
4935 	nlmsg_free(msg);
4936 }
4937 #endif /* CONFIG_DRIVER_NL80211_QCA */
4938 
4939 
4940 static int nl80211_put_freq_params(struct nl_msg *msg,
4941 				   const struct hostapd_freq_params *freq)
4942 {
4943 	enum hostapd_hw_mode hw_mode;
4944 	int is_24ghz;
4945 	u8 channel;
4946 
4947 	wpa_printf(MSG_DEBUG, "  * freq=%d", freq->freq);
4948 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq))
4949 		return -ENOBUFS;
4950 
4951 	wpa_printf(MSG_DEBUG, "  * eht_enabled=%d", freq->eht_enabled);
4952 	wpa_printf(MSG_DEBUG, "  * he_enabled=%d", freq->he_enabled);
4953 	wpa_printf(MSG_DEBUG, "  * vht_enabled=%d", freq->vht_enabled);
4954 	wpa_printf(MSG_DEBUG, "  * ht_enabled=%d", freq->ht_enabled);
4955 	wpa_printf(MSG_DEBUG, "  * radar_background=%d",
4956 		   freq->radar_background);
4957 
4958 	hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
4959 	is_24ghz = hw_mode == HOSTAPD_MODE_IEEE80211G ||
4960 		hw_mode == HOSTAPD_MODE_IEEE80211B;
4961 
4962 	if (freq->vht_enabled ||
4963 	    ((freq->he_enabled || freq->eht_enabled) && !is_24ghz)) {
4964 		enum nl80211_chan_width cw;
4965 
4966 		wpa_printf(MSG_DEBUG, "  * bandwidth=%d", freq->bandwidth);
4967 		switch (freq->bandwidth) {
4968 		case 20:
4969 			cw = NL80211_CHAN_WIDTH_20;
4970 			break;
4971 		case 40:
4972 			cw = NL80211_CHAN_WIDTH_40;
4973 			break;
4974 		case 80:
4975 			if (freq->center_freq2)
4976 				cw = NL80211_CHAN_WIDTH_80P80;
4977 			else
4978 				cw = NL80211_CHAN_WIDTH_80;
4979 			break;
4980 		case 160:
4981 			cw = NL80211_CHAN_WIDTH_160;
4982 			break;
4983 		case 320:
4984 			cw = NL80211_CHAN_WIDTH_320;
4985 			break;
4986 		default:
4987 			return -EINVAL;
4988 		}
4989 
4990 		wpa_printf(MSG_DEBUG, "  * channel_width=%d", cw);
4991 		wpa_printf(MSG_DEBUG, "  * center_freq1=%d",
4992 			   freq->center_freq1);
4993 		wpa_printf(MSG_DEBUG, "  * center_freq2=%d",
4994 			   freq->center_freq2);
4995 		if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, cw) ||
4996 		    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1,
4997 				freq->center_freq1) ||
4998 		    (freq->center_freq2 &&
4999 		     nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2,
5000 				 freq->center_freq2)))
5001 			return -ENOBUFS;
5002 	} else if (freq->ht_enabled) {
5003 		enum nl80211_channel_type ct;
5004 
5005 		wpa_printf(MSG_DEBUG, "  * sec_channel_offset=%d",
5006 			   freq->sec_channel_offset);
5007 		switch (freq->sec_channel_offset) {
5008 		case -1:
5009 			ct = NL80211_CHAN_HT40MINUS;
5010 			break;
5011 		case 1:
5012 			ct = NL80211_CHAN_HT40PLUS;
5013 			break;
5014 		default:
5015 			ct = NL80211_CHAN_HT20;
5016 			break;
5017 		}
5018 
5019 		wpa_printf(MSG_DEBUG, "  * channel_type=%d", ct);
5020 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, ct))
5021 			return -ENOBUFS;
5022 	} else if (freq->edmg.channels && freq->edmg.bw_config) {
5023 		wpa_printf(MSG_DEBUG,
5024 			   "  * EDMG configuration: channels=0x%x bw_config=%d",
5025 			   freq->edmg.channels, freq->edmg.bw_config);
5026 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_CHANNELS,
5027 			       freq->edmg.channels) ||
5028 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_BW_CONFIG,
5029 			       freq->edmg.bw_config))
5030 			return -1;
5031 	} else {
5032 		wpa_printf(MSG_DEBUG, "  * channel_type=%d",
5033 			   NL80211_CHAN_NO_HT);
5034 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
5035 				NL80211_CHAN_NO_HT))
5036 			return -ENOBUFS;
5037 	}
5038 	if (freq->radar_background &&
5039 	    nla_put_flag(msg, NL80211_ATTR_RADAR_BACKGROUND))
5040 		return -ENOBUFS;
5041 
5042 	return 0;
5043 }
5044 
5045 
5046 static int wpa_driver_nl80211_set_ap(void *priv,
5047 				     struct wpa_driver_ap_params *params)
5048 {
5049 	struct i802_bss *bss = priv;
5050 	struct wpa_driver_nl80211_data *drv = bss->drv;
5051 	struct i802_link *link = bss->flink;
5052 	struct nl_msg *msg;
5053 	u8 cmd = NL80211_CMD_NEW_BEACON;
5054 	int ret = -ENOBUFS;
5055 	int beacon_set;
5056 	int num_suites;
5057 	u32 suites[20], suite;
5058 	u32 ver;
5059 #ifdef CONFIG_MESH
5060 	struct wpa_driver_mesh_bss_params mesh_params;
5061 #endif /* CONFIG_MESH */
5062 
5063 	if (params->mld_ap) {
5064 		if (!nl80211_link_valid(bss->valid_links,
5065 					params->mld_link_id)) {
5066 			wpa_printf(MSG_DEBUG,
5067 				   "nl80211: Link ID=%u invalid (valid: 0x%04x)",
5068 				   params->mld_link_id, bss->valid_links);
5069 			return -EINVAL;
5070 		}
5071 
5072 		link = nl80211_get_link(bss, params->mld_link_id);
5073 	} else if (bss->valid_links) {
5074 		wpa_printf(MSG_DEBUG, "nl80211: MLD configuration expected");
5075 		return -EINVAL;
5076 	}
5077 
5078 	beacon_set = params->reenable ? 0 : link->beacon_set;
5079 
5080 	wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
5081 		   beacon_set);
5082 	if (beacon_set)
5083 		cmd = NL80211_CMD_SET_BEACON;
5084 	else if (!drv->device_ap_sme && !drv->use_monitor &&
5085 		 !nl80211_get_wiphy_data_ap(bss))
5086 		return -ENOBUFS;
5087 
5088 	wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head",
5089 		    params->head, params->head_len);
5090 	wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail",
5091 		    params->tail, params->tail_len);
5092 	wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", bss->ifindex);
5093 	wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int);
5094 	wpa_printf(MSG_DEBUG, "nl80211: beacon_rate=%u", params->beacon_rate);
5095 	wpa_printf(MSG_DEBUG, "nl80211: rate_type=%d", params->rate_type);
5096 	wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period);
5097 	wpa_printf(MSG_DEBUG, "nl80211: ssid=%s",
5098 		   wpa_ssid_txt(params->ssid, params->ssid_len));
5099 	if (!(msg = nl80211_bss_msg(bss, 0, cmd)) ||
5100 	    nla_put(msg, NL80211_ATTR_BEACON_HEAD, params->head_len,
5101 		    params->head) ||
5102 	    nla_put(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len,
5103 		    params->tail) ||
5104 	    nl80211_put_beacon_int(msg, params->beacon_int) ||
5105 	    nl80211_put_beacon_rate(msg, drv->capa.flags, drv->capa.flags2,
5106 				    params) ||
5107 	    nl80211_put_dtim_period(msg, params->dtim_period) ||
5108 	    nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid))
5109 		goto fail;
5110 
5111 	if (params->mld_ap) {
5112 		wpa_printf(MSG_DEBUG, "nl80211: link_id=%u",
5113 			   params->mld_link_id);
5114 
5115 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
5116 			       params->mld_link_id))
5117 			goto fail;
5118 
5119 		if (params->freq)
5120 			nl80211_link_set_freq(bss, params->mld_link_id,
5121 					      params->freq->freq);
5122 	}
5123 
5124 	if (params->proberesp && params->proberesp_len) {
5125 		wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)",
5126 			    params->proberesp, params->proberesp_len);
5127 		if (nla_put(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len,
5128 			    params->proberesp))
5129 			goto fail;
5130 	}
5131 	switch (params->hide_ssid) {
5132 	case NO_SSID_HIDING:
5133 		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use");
5134 		if (nla_put_u32(msg, NL80211_ATTR_HIDDEN_SSID,
5135 				NL80211_HIDDEN_SSID_NOT_IN_USE))
5136 			goto fail;
5137 		break;
5138 	case HIDDEN_SSID_ZERO_LEN:
5139 		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len");
5140 		if (nla_put_u32(msg, NL80211_ATTR_HIDDEN_SSID,
5141 				NL80211_HIDDEN_SSID_ZERO_LEN))
5142 			goto fail;
5143 		break;
5144 	case HIDDEN_SSID_ZERO_CONTENTS:
5145 		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents");
5146 		if (nla_put_u32(msg, NL80211_ATTR_HIDDEN_SSID,
5147 				NL80211_HIDDEN_SSID_ZERO_CONTENTS))
5148 			goto fail;
5149 		break;
5150 	}
5151 	wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy);
5152 	if (params->privacy &&
5153 	    nla_put_flag(msg, NL80211_ATTR_PRIVACY))
5154 		goto fail;
5155 	wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs);
5156 	if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) ==
5157 	    (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) {
5158 		/* Leave out the attribute */
5159 	} else if (params->auth_algs & WPA_AUTH_ALG_SHARED) {
5160 		if (nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE,
5161 				NL80211_AUTHTYPE_SHARED_KEY))
5162 			goto fail;
5163 	} else {
5164 		if (nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE,
5165 				NL80211_AUTHTYPE_OPEN_SYSTEM))
5166 			goto fail;
5167 	}
5168 
5169 	wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version);
5170 	ver = 0;
5171 	if (params->wpa_version & WPA_PROTO_WPA)
5172 		ver |= NL80211_WPA_VERSION_1;
5173 	if (params->wpa_version & WPA_PROTO_RSN)
5174 		ver |= NL80211_WPA_VERSION_2;
5175 	if (ver &&
5176 	    nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
5177 		goto fail;
5178 
5179 	wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x",
5180 		   params->key_mgmt_suites);
5181 	num_suites = wpa_key_mgmt_to_suites(params->key_mgmt_suites,
5182 					    suites, ARRAY_SIZE(suites));
5183 	if ((unsigned int) num_suites > drv->capa.max_num_akms)
5184 		wpa_printf(MSG_DEBUG,
5185 			   "nl80211: Not enough room for all AKM suites (num_suites=%d > %d)",
5186 			   num_suites, drv->capa.max_num_akms);
5187 	else if (num_suites &&
5188 		 nla_put(msg, NL80211_ATTR_AKM_SUITES, num_suites * sizeof(u32),
5189 			 suites))
5190 		goto fail;
5191 
5192 	if (wpa_key_mgmt_wpa_psk_no_sae(params->key_mgmt_suites) &&
5193 	    (drv->capa.flags2 & WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK) &&
5194 	    params->psk_len &&
5195 	    nla_put(msg, NL80211_ATTR_PMK, params->psk_len, params->psk))
5196 		goto fail;
5197 
5198 	if (wpa_key_mgmt_sae(params->key_mgmt_suites) &&
5199 	    (drv->capa.flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP) &&
5200 	    params->sae_password &&
5201 	    nla_put(msg, NL80211_ATTR_SAE_PASSWORD,
5202 		    os_strlen(params->sae_password), params->sae_password))
5203 		goto fail;
5204 
5205 	if (nl80211_put_control_port(drv, msg) < 0)
5206 		goto fail;
5207 
5208 	if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
5209 	    (!params->pairwise_ciphers ||
5210 	     params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) &&
5211 	    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))
5212 		goto fail;
5213 
5214 	if (drv->device_ap_sme) {
5215 		u32 flags = 0;
5216 
5217 		if (params->key_mgmt_suites & (WPA_KEY_MGMT_SAE |
5218 					       WPA_KEY_MGMT_SAE_EXT_KEY)) {
5219 			/* Add the previously used flag attribute to support
5220 			 * older kernel versions and the newer flag bit for
5221 			 * newer kernels. */
5222 			if (nla_put_flag(msg,
5223 					 NL80211_ATTR_EXTERNAL_AUTH_SUPPORT))
5224 				goto fail;
5225 			flags |= NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
5226 		}
5227 
5228 		flags |= NL80211_AP_SETTINGS_SA_QUERY_OFFLOAD_SUPPORT;
5229 
5230 		if (nl80211_attr_supported(drv,
5231 					   NL80211_ATTR_AP_SETTINGS_FLAGS) &&
5232 		    nla_put_u32(msg, NL80211_ATTR_AP_SETTINGS_FLAGS, flags))
5233 			goto fail;
5234 	}
5235 
5236 	wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x",
5237 		   params->pairwise_ciphers);
5238 	num_suites = wpa_cipher_to_cipher_suites(params->pairwise_ciphers,
5239 						 suites, ARRAY_SIZE(suites));
5240 	if (num_suites &&
5241 	    nla_put(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
5242 		    num_suites * sizeof(u32), suites))
5243 		goto fail;
5244 
5245 	wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x",
5246 		   params->group_cipher);
5247 	suite = wpa_cipher_to_cipher_suite(params->group_cipher);
5248 	if (suite &&
5249 	    nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite))
5250 		goto fail;
5251 
5252 	if (params->beacon_ies) {
5253 		wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies",
5254 				params->beacon_ies);
5255 		if (nla_put(msg, NL80211_ATTR_IE,
5256 			    wpabuf_len(params->beacon_ies),
5257 			    wpabuf_head(params->beacon_ies)))
5258 			goto fail;
5259 	}
5260 	if (params->proberesp_ies) {
5261 		wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies",
5262 				params->proberesp_ies);
5263 		if (nla_put(msg, NL80211_ATTR_IE_PROBE_RESP,
5264 			    wpabuf_len(params->proberesp_ies),
5265 			    wpabuf_head(params->proberesp_ies)))
5266 			goto fail;
5267 	}
5268 	if (params->assocresp_ies) {
5269 		wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies",
5270 				params->assocresp_ies);
5271 		if (nla_put(msg, NL80211_ATTR_IE_ASSOC_RESP,
5272 			    wpabuf_len(params->assocresp_ies),
5273 			    wpabuf_head(params->assocresp_ies)))
5274 			goto fail;
5275 	}
5276 
5277 	if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)  {
5278 		wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d",
5279 			   params->ap_max_inactivity);
5280 		if (nla_put_u16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT,
5281 				params->ap_max_inactivity))
5282 			goto fail;
5283 	}
5284 
5285 #ifdef CONFIG_P2P
5286 	if (params->p2p_go_ctwindow > 0) {
5287 		if (drv->p2p_go_ctwindow_supported) {
5288 			wpa_printf(MSG_DEBUG, "nl80211: P2P GO ctwindow=%d",
5289 				   params->p2p_go_ctwindow);
5290 			if (nla_put_u8(msg, NL80211_ATTR_P2P_CTWINDOW,
5291 				       params->p2p_go_ctwindow))
5292 				goto fail;
5293 		} else {
5294 			wpa_printf(MSG_INFO,
5295 				   "nl80211: Driver does not support CTWindow configuration - ignore this parameter");
5296 		}
5297 	}
5298 #endif /* CONFIG_P2P */
5299 
5300 	if (params->pbss) {
5301 		wpa_printf(MSG_DEBUG, "nl80211: PBSS");
5302 		if (nla_put_flag(msg, NL80211_ATTR_PBSS))
5303 			goto fail;
5304 	}
5305 
5306 	if (params->ftm_responder) {
5307 		struct nlattr *ftm;
5308 
5309 		if (!(drv->capa.flags & WPA_DRIVER_FLAGS_FTM_RESPONDER)) {
5310 			ret = -ENOTSUP;
5311 			goto fail;
5312 		}
5313 
5314 		ftm = nla_nest_start(msg, NL80211_ATTR_FTM_RESPONDER);
5315 		if (!ftm ||
5316 		    nla_put_flag(msg, NL80211_FTM_RESP_ATTR_ENABLED) ||
5317 		    (params->lci &&
5318 		     nla_put(msg, NL80211_FTM_RESP_ATTR_LCI,
5319 			     wpabuf_len(params->lci),
5320 			     wpabuf_head(params->lci))) ||
5321 		    (params->civic &&
5322 		     nla_put(msg, NL80211_FTM_RESP_ATTR_CIVICLOC,
5323 			     wpabuf_len(params->civic),
5324 			     wpabuf_head(params->civic))))
5325 			goto fail;
5326 		nla_nest_end(msg, ftm);
5327 	}
5328 
5329 	if (params->freq && nl80211_put_freq_params(msg, params->freq) < 0)
5330 		goto fail;
5331 
5332 #ifdef CONFIG_IEEE80211AX
5333 	if (params->he_spr_ctrl) {
5334 		struct nlattr *spr;
5335 
5336 		spr = nla_nest_start(msg, NL80211_ATTR_HE_OBSS_PD);
5337 		wpa_printf(MSG_DEBUG, "nl80211: he_spr_ctrl=0x%x",
5338 			   params->he_spr_ctrl);
5339 
5340 		if (!spr ||
5341 		    nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_SR_CTRL,
5342 			       params->he_spr_ctrl) ||
5343 		    ((params->he_spr_ctrl &
5344 		      SPATIAL_REUSE_NON_SRG_OFFSET_PRESENT) &&
5345 		     nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET,
5346 				params->he_spr_non_srg_obss_pd_max_offset)))
5347 			goto fail;
5348 
5349 		if ((params->he_spr_ctrl &
5350 		     SPATIAL_REUSE_SRG_INFORMATION_PRESENT) &&
5351 		    (nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET,
5352 				params->he_spr_srg_obss_pd_min_offset) ||
5353 		     nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET,
5354 				params->he_spr_srg_obss_pd_max_offset) ||
5355 		     nla_put(msg, NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP,
5356 			     sizeof(params->he_spr_bss_color_bitmap),
5357 			     params->he_spr_bss_color_bitmap) ||
5358 		     nla_put(msg, NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP,
5359 			     sizeof(params->he_spr_partial_bssid_bitmap),
5360 			     params->he_spr_partial_bssid_bitmap)))
5361 			goto fail;
5362 
5363 		nla_nest_end(msg, spr);
5364 	}
5365 
5366 	if (params->freq && params->freq->he_enabled &&
5367 	    nl80211_attr_supported(drv, NL80211_ATTR_HE_BSS_COLOR)) {
5368 		struct nlattr *bss_color;
5369 
5370 		bss_color = nla_nest_start(msg, NL80211_ATTR_HE_BSS_COLOR);
5371 		if (!bss_color ||
5372 		    (params->he_bss_color_disabled &&
5373 		     nla_put_flag(msg, NL80211_HE_BSS_COLOR_ATTR_DISABLED)) ||
5374 		    (params->he_bss_color_partial &&
5375 		     nla_put_flag(msg, NL80211_HE_BSS_COLOR_ATTR_PARTIAL)) ||
5376 		    nla_put_u8(msg, NL80211_HE_BSS_COLOR_ATTR_COLOR,
5377 			       params->he_bss_color))
5378 			goto fail;
5379 		nla_nest_end(msg, bss_color);
5380 	}
5381 
5382 	if (params->twt_responder) {
5383 		wpa_printf(MSG_DEBUG, "nl80211: twt_responder=%d",
5384 			   params->twt_responder);
5385 		if (nla_put_flag(msg, NL80211_ATTR_TWT_RESPONDER))
5386 			goto fail;
5387 	}
5388 
5389 	if (params->ubpr.unsol_bcast_probe_resp_interval &&
5390 	    nl80211_unsol_bcast_probe_resp(bss, msg, &params->ubpr) < 0)
5391 		goto fail;
5392 
5393 	if (nl80211_mbssid(msg, params) < 0)
5394 		goto fail;
5395 #endif /* CONFIG_IEEE80211AX */
5396 
5397 #ifdef CONFIG_SAE
5398 	if (wpa_key_mgmt_sae(params->key_mgmt_suites) &&
5399 	    nl80211_put_sae_pwe(msg, params->sae_pwe) < 0)
5400 		goto fail;
5401 #endif /* CONFIG_SAE */
5402 
5403 #ifdef CONFIG_FILS
5404 	if (params->fd_max_int && nl80211_fils_discovery(bss, msg, params) < 0)
5405 		goto fail;
5406 #endif /* CONFIG_FILS */
5407 
5408 	if (params->punct_bitmap) {
5409 		wpa_printf(MSG_DEBUG, "nl80211: Puncturing bitmap=0x%04x",
5410 			   params->punct_bitmap);
5411 		if (nla_put_u32(msg, NL80211_ATTR_PUNCT_BITMAP,
5412 				params->punct_bitmap))
5413 			goto fail;
5414 	}
5415 
5416 #ifdef CONFIG_DRIVER_NL80211_QCA
5417 	if (cmd == NL80211_CMD_NEW_BEACON && params->allowed_freqs)
5418 		qca_set_allowed_ap_freqs(drv, params->allowed_freqs,
5419 					 int_array_len(params->allowed_freqs),
5420 					 params->mld_ap ? params->mld_link_id :
5421 					 NL80211_DRV_LINK_ID_NA);
5422 #endif /* CONFIG_DRIVER_NL80211_QCA */
5423 
5424 	if (nla_put_flag(msg, NL80211_ATTR_SOCKET_OWNER))
5425 		goto fail;
5426 	ret = send_and_recv(drv->global, bss->nl_connect, msg, NULL, NULL, NULL,
5427 			    NULL, NULL);
5428 	if (ret) {
5429 		wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
5430 			   ret, strerror(-ret));
5431 	} else {
5432 		link->beacon_set = 1;
5433 		nl80211_set_bss(bss, params->cts_protect, params->preamble,
5434 				params->short_slot_time, params->ht_opmode,
5435 				params->isolate, params->basic_rates,
5436 				params->mld_ap ? params->mld_link_id :
5437 				NL80211_DRV_LINK_ID_NA);
5438 		nl80211_set_multicast_to_unicast(bss,
5439 						 params->multicast_to_unicast);
5440 		if (beacon_set && params->freq &&
5441 		    params->freq->bandwidth != link->bandwidth) {
5442 			wpa_printf(MSG_DEBUG,
5443 				   "nl80211: Update BSS %s bandwidth: %d -> %d",
5444 				   bss->ifname, link->bandwidth,
5445 				   params->freq->bandwidth);
5446 			ret = nl80211_set_channel(bss, params->freq, 1);
5447 			if (ret) {
5448 				wpa_printf(MSG_DEBUG,
5449 					   "nl80211: Frequency set failed: %d (%s)",
5450 					   ret, strerror(-ret));
5451 			} else {
5452 				wpa_printf(MSG_DEBUG,
5453 					   "nl80211: Frequency set succeeded for ht2040 coex");
5454 				link->bandwidth = params->freq->bandwidth;
5455 			}
5456 		} else if (!beacon_set && params->freq) {
5457 			/*
5458 			 * cfg80211 updates the driver on frequence change in AP
5459 			 * mode only at the point when beaconing is started, so
5460 			 * set the initial value here.
5461 			 */
5462 			link->bandwidth = params->freq->bandwidth;
5463 		}
5464 	}
5465 
5466 #ifdef CONFIG_MESH
5467 	if (is_mesh_interface(drv->nlmode) && params->ht_opmode != -1) {
5468 		os_memset(&mesh_params, 0, sizeof(mesh_params));
5469 		mesh_params.flags |= WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE;
5470 		mesh_params.ht_opmode = params->ht_opmode;
5471 		ret = nl80211_set_mesh_config(priv, &mesh_params);
5472 		if (ret < 0)
5473 			return ret;
5474 	}
5475 #endif /* CONFIG_MESH */
5476 
5477 	return ret;
5478 fail:
5479 	nlmsg_free(msg);
5480 	return ret;
5481 }
5482 
5483 
5484 static int nl80211_set_channel(struct i802_bss *bss,
5485 			       struct hostapd_freq_params *freq, int set_chan)
5486 {
5487 	struct wpa_driver_nl80211_data *drv = bss->drv;
5488 	struct nl_msg *msg;
5489 	int ret;
5490 
5491 	wpa_printf(MSG_DEBUG,
5492 		   "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, he_enabled=%d, eht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
5493 		   freq->freq, freq->ht_enabled, freq->vht_enabled,
5494 		   freq->he_enabled, freq->eht_enabled, freq->bandwidth,
5495 		   freq->center_freq1, freq->center_freq2);
5496 
5497 	msg = nl80211_drv_msg(drv, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
5498 			      NL80211_CMD_SET_WIPHY);
5499 	if (!msg || nl80211_put_freq_params(msg, freq) < 0) {
5500 		nlmsg_free(msg);
5501 		return -1;
5502 	}
5503 
5504 	if (nl80211_link_valid(bss->valid_links, freq->link_id)) {
5505 		wpa_printf(MSG_DEBUG, "nl80211: Set link_id=%u for freq",
5506 			   freq->link_id);
5507 
5508 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, freq->link_id)) {
5509 			nlmsg_free(msg);
5510 			return -ENOBUFS;
5511 		}
5512 	}
5513 
5514 	ret = send_and_recv_cmd(drv, msg);
5515 	if (ret == 0) {
5516 		nl80211_link_set_freq(bss, freq->link_id, freq->freq);
5517 		return 0;
5518 	}
5519 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
5520 		   "%d (%s)", freq->freq, ret, strerror(-ret));
5521 	return -1;
5522 }
5523 
5524 
5525 static u32 sta_flags_nl80211(int flags)
5526 {
5527 	u32 f = 0;
5528 
5529 	if (flags & WPA_STA_AUTHORIZED)
5530 		f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
5531 	if (flags & WPA_STA_WMM)
5532 		f |= BIT(NL80211_STA_FLAG_WME);
5533 	if (flags & WPA_STA_SHORT_PREAMBLE)
5534 		f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
5535 	if (flags & WPA_STA_MFP)
5536 		f |= BIT(NL80211_STA_FLAG_MFP);
5537 	if (flags & WPA_STA_TDLS_PEER)
5538 		f |= BIT(NL80211_STA_FLAG_TDLS_PEER);
5539 	if (flags & WPA_STA_AUTHENTICATED)
5540 		f |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
5541 	if (flags & WPA_STA_ASSOCIATED)
5542 		f |= BIT(NL80211_STA_FLAG_ASSOCIATED);
5543 
5544 	return f;
5545 }
5546 
5547 
5548 #ifdef CONFIG_MESH
5549 static u32 sta_plink_state_nl80211(enum mesh_plink_state state)
5550 {
5551 	switch (state) {
5552 	case PLINK_IDLE:
5553 		return NL80211_PLINK_LISTEN;
5554 	case PLINK_OPN_SNT:
5555 		return NL80211_PLINK_OPN_SNT;
5556 	case PLINK_OPN_RCVD:
5557 		return NL80211_PLINK_OPN_RCVD;
5558 	case PLINK_CNF_RCVD:
5559 		return NL80211_PLINK_CNF_RCVD;
5560 	case PLINK_ESTAB:
5561 		return NL80211_PLINK_ESTAB;
5562 	case PLINK_HOLDING:
5563 		return NL80211_PLINK_HOLDING;
5564 	case PLINK_BLOCKED:
5565 		return NL80211_PLINK_BLOCKED;
5566 	default:
5567 		wpa_printf(MSG_ERROR, "nl80211: Invalid mesh plink state %d",
5568 			   state);
5569 	}
5570 	return -1;
5571 }
5572 #endif /* CONFIG_MESH */
5573 
5574 
5575 static int wpa_driver_nl80211_sta_add(void *priv,
5576 				      struct hostapd_sta_add_params *params)
5577 {
5578 	struct i802_bss *bss = priv;
5579 	struct wpa_driver_nl80211_data *drv = bss->drv;
5580 	struct nl_msg *msg;
5581 	struct nl80211_sta_flag_update upd;
5582 	int ret = -ENOBUFS;
5583 	u8 cmd;
5584 	const char *cmd_string;
5585 
5586 	if ((params->flags & WPA_STA_TDLS_PEER) &&
5587 	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
5588 		return -EOPNOTSUPP;
5589 
5590 	if (params->mld_link_sta) {
5591 		cmd = params->set ? NL80211_CMD_MODIFY_LINK_STA :
5592 			NL80211_CMD_ADD_LINK_STA;
5593 		cmd_string = params->set ? "NL80211_CMD_MODIFY_LINK_STA" :
5594 			"NL80211_CMD_ADD_LINK_STA";
5595 	} else {
5596 		cmd = params->set ? NL80211_CMD_SET_STATION :
5597 			NL80211_CMD_NEW_STATION;
5598 		cmd_string = params->set ? "NL80211_CMD_SET_STATION" :
5599 			"NL80211_CMD_NEW_STATION";
5600 	}
5601 
5602 	wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR,
5603 		   cmd_string, MAC2STR(params->addr));
5604 	msg = nl80211_bss_msg(bss, 0, cmd);
5605 	if (!msg)
5606 		goto fail;
5607 
5608 	/*
5609 	 * Set the below properties only in one of the following cases:
5610 	 * 1. New station is added, already associated.
5611 	 * 2. Set WPA_STA_TDLS_PEER station.
5612 	 * 3. Set an already added unassociated station, if driver supports
5613 	 * full AP client state. (Set these properties after station became
5614 	 * associated will be rejected by the driver).
5615 	 */
5616 	if (!params->set || (params->flags & WPA_STA_TDLS_PEER) ||
5617 	    (params->set && FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags) &&
5618 	     (params->flags & WPA_STA_ASSOCIATED))) {
5619 		wpa_hexdump(MSG_DEBUG, "  * supported rates",
5620 			    params->supp_rates, params->supp_rates_len);
5621 		wpa_printf(MSG_DEBUG, "  * capability=0x%x",
5622 			   params->capability);
5623 		if (nla_put(msg, NL80211_ATTR_STA_SUPPORTED_RATES,
5624 			    params->supp_rates_len, params->supp_rates) ||
5625 		    nla_put_u16(msg, NL80211_ATTR_STA_CAPABILITY,
5626 				params->capability))
5627 			goto fail;
5628 
5629 		if (params->ht_capabilities) {
5630 			wpa_hexdump(MSG_DEBUG, "  * ht_capabilities",
5631 				    (u8 *) params->ht_capabilities,
5632 				    sizeof(*params->ht_capabilities));
5633 			if (nla_put(msg, NL80211_ATTR_HT_CAPABILITY,
5634 				    sizeof(*params->ht_capabilities),
5635 				    params->ht_capabilities))
5636 				goto fail;
5637 		}
5638 
5639 		if (params->vht_capabilities) {
5640 			wpa_hexdump(MSG_DEBUG, "  * vht_capabilities",
5641 				    (u8 *) params->vht_capabilities,
5642 				    sizeof(*params->vht_capabilities));
5643 			if (nla_put(msg, NL80211_ATTR_VHT_CAPABILITY,
5644 				    sizeof(*params->vht_capabilities),
5645 				    params->vht_capabilities))
5646 				goto fail;
5647 		}
5648 
5649 		if (params->he_capab) {
5650 			wpa_hexdump(MSG_DEBUG, "  * he_capab",
5651 				    params->he_capab, params->he_capab_len);
5652 			if (nla_put(msg, NL80211_ATTR_HE_CAPABILITY,
5653 				    params->he_capab_len, params->he_capab))
5654 				goto fail;
5655 		}
5656 
5657 		if (params->he_6ghz_capab) {
5658 			wpa_hexdump(MSG_DEBUG, "  * he_6ghz_capab",
5659 				    params->he_6ghz_capab,
5660 				    sizeof(*params->he_6ghz_capab));
5661 			if (nla_put(msg, NL80211_ATTR_HE_6GHZ_CAPABILITY,
5662 				    sizeof(*params->he_6ghz_capab),
5663 				    params->he_6ghz_capab))
5664 				goto fail;
5665 		}
5666 
5667 		if (params->eht_capab) {
5668 			wpa_hexdump(MSG_DEBUG, "  * eht_capab",
5669 				    params->eht_capab, params->eht_capab_len);
5670 			if (nla_put(msg, NL80211_ATTR_EHT_CAPABILITY,
5671 				    params->eht_capab_len, params->eht_capab))
5672 				goto fail;
5673 		}
5674 
5675 		if (params->ext_capab) {
5676 			wpa_hexdump(MSG_DEBUG, "  * ext_capab",
5677 				    params->ext_capab, params->ext_capab_len);
5678 			if (nla_put(msg, NL80211_ATTR_STA_EXT_CAPABILITY,
5679 				    params->ext_capab_len, params->ext_capab))
5680 				goto fail;
5681 		}
5682 
5683 		if (is_ap_interface(drv->nlmode) &&
5684 		    nla_put_u8(msg, NL80211_ATTR_STA_SUPPORT_P2P_PS,
5685 			       params->support_p2p_ps ?
5686 			       NL80211_P2P_PS_SUPPORTED :
5687 			       NL80211_P2P_PS_UNSUPPORTED))
5688 			goto fail;
5689 	}
5690 	if (!params->set) {
5691 		if (params->aid) {
5692 			wpa_printf(MSG_DEBUG, "  * aid=%u", params->aid);
5693 			if (nla_put_u16(msg, NL80211_ATTR_STA_AID, params->aid))
5694 				goto fail;
5695 		} else {
5696 			/*
5697 			 * cfg80211 validates that AID is non-zero, so we have
5698 			 * to make this a non-zero value for the TDLS case where
5699 			 * a stub STA entry is used for now and for a station
5700 			 * that is still not associated.
5701 			 */
5702 			wpa_printf(MSG_DEBUG, "  * aid=1 (%s workaround)",
5703 				   (params->flags & WPA_STA_TDLS_PEER) ?
5704 				   "TDLS" : "UNASSOC_STA");
5705 			if (nla_put_u16(msg, NL80211_ATTR_STA_AID, 1))
5706 				goto fail;
5707 		}
5708 		wpa_printf(MSG_DEBUG, "  * listen_interval=%u",
5709 			   params->listen_interval);
5710 		if (nla_put_u16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
5711 				params->listen_interval))
5712 			goto fail;
5713 	} else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) {
5714 		wpa_printf(MSG_DEBUG, "  * peer_aid=%u", params->aid);
5715 		if (nla_put_u16(msg, NL80211_ATTR_PEER_AID, params->aid))
5716 			goto fail;
5717 	} else if (FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags) &&
5718 		   (params->flags & WPA_STA_ASSOCIATED)) {
5719 		wpa_printf(MSG_DEBUG, "  * aid=%u", params->aid);
5720 		wpa_printf(MSG_DEBUG, "  * listen_interval=%u",
5721 			   params->listen_interval);
5722 		if (nla_put_u16(msg, NL80211_ATTR_STA_AID, params->aid) ||
5723 		    nla_put_u16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
5724 				params->listen_interval))
5725 			goto fail;
5726 	}
5727 
5728 	if (params->vht_opmode_enabled) {
5729 		wpa_printf(MSG_DEBUG, "  * opmode=%u", params->vht_opmode);
5730 		if (nla_put_u8(msg, NL80211_ATTR_OPMODE_NOTIF,
5731 			       params->vht_opmode))
5732 			goto fail;
5733 	}
5734 
5735 	if (params->supp_channels) {
5736 		wpa_hexdump(MSG_DEBUG, "  * supported channels",
5737 			    params->supp_channels, params->supp_channels_len);
5738 		if (nla_put(msg, NL80211_ATTR_STA_SUPPORTED_CHANNELS,
5739 			    params->supp_channels_len, params->supp_channels))
5740 			goto fail;
5741 	}
5742 
5743 	if (params->supp_oper_classes) {
5744 		wpa_hexdump(MSG_DEBUG, "  * supported operating classes",
5745 			    params->supp_oper_classes,
5746 			    params->supp_oper_classes_len);
5747 		if (nla_put(msg, NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES,
5748 			    params->supp_oper_classes_len,
5749 			    params->supp_oper_classes))
5750 			goto fail;
5751 	}
5752 
5753 	os_memset(&upd, 0, sizeof(upd));
5754 	upd.set = sta_flags_nl80211(params->flags);
5755 	upd.mask = upd.set | sta_flags_nl80211(params->flags_mask);
5756 
5757 	/*
5758 	 * If the driver doesn't support full AP client state, ignore ASSOC/AUTH
5759 	 * flags, as nl80211 driver moves a new station, by default, into
5760 	 * associated state.
5761 	 *
5762 	 * On the other hand, if the driver supports that feature and the
5763 	 * station is added in unauthenticated state, set the
5764 	 * authenticated/associated bits in the mask to prevent moving this
5765 	 * station to associated state before it is actually associated.
5766 	 *
5767 	 * This is irrelevant for mesh mode where the station is added to the
5768 	 * driver as authenticated already, and ASSOCIATED isn't part of the
5769 	 * nl80211 API.
5770 	 */
5771 	if (!is_mesh_interface(drv->nlmode)) {
5772 		if (!FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags)) {
5773 			wpa_printf(MSG_DEBUG,
5774 				   "nl80211: Ignore ASSOC/AUTH flags since driver doesn't support full AP client state");
5775 			upd.mask &= ~(BIT(NL80211_STA_FLAG_ASSOCIATED) |
5776 				      BIT(NL80211_STA_FLAG_AUTHENTICATED));
5777 		} else if (!params->set &&
5778 			   !(params->flags & WPA_STA_TDLS_PEER)) {
5779 			if (!(params->flags & WPA_STA_AUTHENTICATED))
5780 				upd.mask |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
5781 			if (!(params->flags & WPA_STA_ASSOCIATED))
5782 				upd.mask |= BIT(NL80211_STA_FLAG_ASSOCIATED);
5783 		}
5784 #ifdef CONFIG_MESH
5785 	} else {
5786 		if (params->plink_state == PLINK_ESTAB && params->peer_aid) {
5787 			ret = nla_put_u16(msg, NL80211_ATTR_MESH_PEER_AID,
5788 					  params->peer_aid);
5789 			if (ret)
5790 				goto fail;
5791 		}
5792 #endif /* CONFIG_MESH */
5793 	}
5794 
5795 	wpa_printf(MSG_DEBUG, "  * flags set=0x%x mask=0x%x",
5796 		   upd.set, upd.mask);
5797 	if (nla_put(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd))
5798 		goto fail;
5799 
5800 #ifdef CONFIG_MESH
5801 	if (params->plink_state &&
5802 	    nla_put_u8(msg, NL80211_ATTR_STA_PLINK_STATE,
5803 		       sta_plink_state_nl80211(params->plink_state)))
5804 		goto fail;
5805 #endif /* CONFIG_MESH */
5806 
5807 	if ((!params->set || (params->flags & WPA_STA_TDLS_PEER) ||
5808 	     FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags)) &&
5809 	     (params->flags & WPA_STA_WMM)) {
5810 		struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME);
5811 
5812 		wpa_printf(MSG_DEBUG, "  * qosinfo=0x%x", params->qosinfo);
5813 		if (!wme ||
5814 		    nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
5815 			       params->qosinfo & WMM_QOSINFO_STA_AC_MASK) ||
5816 		    nla_put_u8(msg, NL80211_STA_WME_MAX_SP,
5817 			       (params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) &
5818 			       WMM_QOSINFO_STA_SP_MASK))
5819 			goto fail;
5820 		nla_nest_end(msg, wme);
5821 	}
5822 
5823 	/* In case we are an AP MLD need to always specify the link ID */
5824 	if (params->mld_link_id >= 0) {
5825 		wpa_printf(MSG_DEBUG, "  * mld_link_id=%d",
5826 			   params->mld_link_id);
5827 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
5828 			       params->mld_link_id))
5829 			goto fail;
5830 
5831 		/*
5832 		 * If the link address is specified the station is a non-AP MLD
5833 		 * and thus need to provide the MLD address as the station
5834 		 * address, and the non-AP MLD link address as the link address.
5835 		 */
5836 		if (params->mld_link_addr) {
5837 			wpa_printf(MSG_DEBUG, "  * mld_link_addr=" MACSTR,
5838 				   MAC2STR(params->mld_link_addr));
5839 
5840 			if (nla_put(msg, NL80211_ATTR_MLD_ADDR,
5841 				    ETH_ALEN, params->addr) ||
5842 			    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
5843 				    params->mld_link_addr))
5844 				goto fail;
5845 		} else {
5846 			if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
5847 				    params->addr))
5848 				goto fail;
5849 		}
5850 	} else {
5851 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr))
5852 			goto fail;
5853 	}
5854 
5855 	ret = send_and_recv_cmd(drv, msg);
5856 	msg = NULL;
5857 	if (ret)
5858 		wpa_printf(MSG_DEBUG, "nl80211: %s result: %d (%s)",
5859 			   cmd_string, ret, strerror(-ret));
5860 	if (ret == -EEXIST)
5861 		ret = 0;
5862 fail:
5863 	nlmsg_free(msg);
5864 	return ret;
5865 }
5866 
5867 
5868 static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
5869 {
5870 	struct wpa_driver_nl80211_data *drv = bss->drv;
5871 	struct ndmsg nhdr = {
5872 		.ndm_state = NUD_PERMANENT,
5873 		.ndm_ifindex = bss->ifindex,
5874 		.ndm_family = AF_BRIDGE,
5875 	};
5876 	struct nl_msg *msg;
5877 	int err;
5878 
5879 	msg = nlmsg_alloc_simple(RTM_DELNEIGH, NLM_F_CREATE);
5880 	if (!msg)
5881 		return;
5882 
5883 	if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0 ||
5884 	    nla_put(msg, NDA_LLADDR, ETH_ALEN, (void *) addr) ||
5885 	    nl_send_auto_complete(drv->rtnl_sk, msg) < 0)
5886 		goto errout;
5887 
5888 	err = nl_wait_for_ack(drv->rtnl_sk);
5889 	if (err < 0) {
5890 		wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
5891 			   MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
5892 			   bss->ifindex, nl_geterror(err));
5893 	} else {
5894 		wpa_printf(MSG_DEBUG, "nl80211: deleted bridge FDB entry for "
5895 			   MACSTR, MAC2STR(addr));
5896 	}
5897 
5898 errout:
5899 	nlmsg_free(msg);
5900 }
5901 
5902 
5903 static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr,
5904 					 int deauth, u16 reason_code)
5905 {
5906 	struct wpa_driver_nl80211_data *drv = bss->drv;
5907 	struct nl_msg *msg;
5908 	int ret;
5909 
5910 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_STATION)) ||
5911 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
5912 	    (deauth == 0 &&
5913 	     nla_put_u8(msg, NL80211_ATTR_MGMT_SUBTYPE,
5914 			WLAN_FC_STYPE_DISASSOC)) ||
5915 	    (deauth == 1 &&
5916 	     nla_put_u8(msg, NL80211_ATTR_MGMT_SUBTYPE,
5917 			WLAN_FC_STYPE_DEAUTH)) ||
5918 	    (reason_code &&
5919 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code))) {
5920 		nlmsg_free(msg);
5921 		return -ENOBUFS;
5922 	}
5923 
5924 	ret = send_and_recv_cmd(drv, msg);
5925 	wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR
5926 		   " --> %d (%s)",
5927 		   bss->ifname, MAC2STR(addr), ret, strerror(-ret));
5928 
5929 	if (drv->rtnl_sk)
5930 		rtnl_neigh_delete_fdb_entry(bss, addr);
5931 
5932 	if (ret == -ENOENT)
5933 		return 0;
5934 	return ret;
5935 }
5936 
5937 
5938 void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, int ifidx)
5939 {
5940 	struct nl_msg *msg;
5941 	struct wpa_driver_nl80211_data *drv2;
5942 
5943 	wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
5944 
5945 	/* stop listening for EAPOL on this interface */
5946 	dl_list_for_each(drv2, &drv->global->interfaces,
5947 			 struct wpa_driver_nl80211_data, list)
5948 	{
5949 		del_ifidx(drv2, ifidx, IFIDX_ANY);
5950 		/* Remove all bridges learned for this iface */
5951 		del_ifidx(drv2, IFIDX_ANY, ifidx);
5952 	}
5953 
5954 	msg = nl80211_ifindex_msg(drv, ifidx, 0, NL80211_CMD_DEL_INTERFACE);
5955 	if (send_and_recv_cmd(drv, msg) == 0)
5956 		return;
5957 	wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
5958 }
5959 
5960 
5961 const char * nl80211_iftype_str(enum nl80211_iftype mode)
5962 {
5963 	switch (mode) {
5964 	case NL80211_IFTYPE_ADHOC:
5965 		return "ADHOC";
5966 	case NL80211_IFTYPE_STATION:
5967 		return "STATION";
5968 	case NL80211_IFTYPE_AP:
5969 		return "AP";
5970 	case NL80211_IFTYPE_AP_VLAN:
5971 		return "AP_VLAN";
5972 	case NL80211_IFTYPE_WDS:
5973 		return "WDS";
5974 	case NL80211_IFTYPE_MONITOR:
5975 		return "MONITOR";
5976 	case NL80211_IFTYPE_MESH_POINT:
5977 		return "MESH_POINT";
5978 	case NL80211_IFTYPE_P2P_CLIENT:
5979 		return "P2P_CLIENT";
5980 	case NL80211_IFTYPE_P2P_GO:
5981 		return "P2P_GO";
5982 	case NL80211_IFTYPE_P2P_DEVICE:
5983 		return "P2P_DEVICE";
5984 	case NL80211_IFTYPE_OCB:
5985 		return "OCB";
5986 	case NL80211_IFTYPE_NAN:
5987 		return "NAN";
5988 	default:
5989 		return "unknown";
5990 	}
5991 }
5992 
5993 
5994 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
5995 				     const char *ifname,
5996 				     enum nl80211_iftype iftype,
5997 				     const u8 *addr, int wds,
5998 				     int (*handler)(struct nl_msg *, void *),
5999 				     void *arg)
6000 {
6001 	struct nl_msg *msg;
6002 	int ifidx;
6003 	int ret = -ENOBUFS;
6004 
6005 	wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)",
6006 		   iftype, nl80211_iftype_str(iftype));
6007 
6008 	msg = nl80211_cmd_msg(drv->first_bss, 0, NL80211_CMD_NEW_INTERFACE);
6009 	if (!msg ||
6010 	    nla_put_string(msg, NL80211_ATTR_IFNAME, ifname) ||
6011 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, iftype))
6012 		goto fail;
6013 
6014 	if (iftype == NL80211_IFTYPE_MONITOR) {
6015 		struct nlattr *flags;
6016 
6017 		flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS);
6018 		if (!flags ||
6019 		    nla_put_flag(msg, NL80211_MNTR_FLAG_COOK_FRAMES))
6020 			goto fail;
6021 
6022 		nla_nest_end(msg, flags);
6023 	} else if (wds) {
6024 		if (nla_put_u8(msg, NL80211_ATTR_4ADDR, wds))
6025 			goto fail;
6026 	}
6027 
6028 	/*
6029 	 * Tell cfg80211 that the interface belongs to the socket that created
6030 	 * it, and the interface should be deleted when the socket is closed.
6031 	 */
6032 	if (nla_put_flag(msg, NL80211_ATTR_IFACE_SOCKET_OWNER))
6033 		goto fail;
6034 
6035 	if ((addr && iftype == NL80211_IFTYPE_P2P_DEVICE) &&
6036 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
6037 		goto fail;
6038 
6039 	ret = send_and_recv_resp(drv, msg, handler, arg);
6040 	msg = NULL;
6041 	if (ret) {
6042 	fail:
6043 		nlmsg_free(msg);
6044 		wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
6045 			   ifname, ret, strerror(-ret));
6046 		return ret;
6047 	}
6048 
6049 	if (iftype == NL80211_IFTYPE_P2P_DEVICE)
6050 		return 0;
6051 
6052 	ifidx = if_nametoindex(ifname);
6053 	wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
6054 		   ifname, ifidx);
6055 
6056 	if (ifidx <= 0)
6057 		return -1;
6058 
6059 	/*
6060 	 * Some virtual interfaces need to process EAPOL packets and events on
6061 	 * the parent interface. This is used mainly with hostapd.
6062 	 */
6063 	if (drv->hostapd ||
6064 	    iftype == NL80211_IFTYPE_AP_VLAN ||
6065 	    iftype == NL80211_IFTYPE_WDS ||
6066 	    iftype == NL80211_IFTYPE_MONITOR) {
6067 		/* start listening for EAPOL on this interface */
6068 		add_ifidx(drv, ifidx, IFIDX_ANY);
6069 	}
6070 
6071 	if (addr && iftype != NL80211_IFTYPE_MONITOR &&
6072 	    linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) {
6073 		nl80211_remove_iface(drv, ifidx);
6074 		return -1;
6075 	}
6076 
6077 	return ifidx;
6078 }
6079 
6080 
6081 int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
6082 			 const char *ifname, enum nl80211_iftype iftype,
6083 			 const u8 *addr, int wds,
6084 			 int (*handler)(struct nl_msg *, void *),
6085 			 void *arg, int use_existing)
6086 {
6087 	int ret;
6088 
6089 	ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler,
6090 					arg);
6091 
6092 	/* if error occurred and interface exists already */
6093 	if (ret == -ENFILE && if_nametoindex(ifname)) {
6094 		if (use_existing) {
6095 			wpa_printf(MSG_DEBUG, "nl80211: Continue using existing interface %s",
6096 				   ifname);
6097 			if (addr && iftype != NL80211_IFTYPE_MONITOR &&
6098 			    linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
6099 					       addr) < 0 &&
6100 			    (linux_set_iface_flags(drv->global->ioctl_sock,
6101 						   ifname, 0) < 0 ||
6102 			     linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
6103 						addr) < 0 ||
6104 			     linux_set_iface_flags(drv->global->ioctl_sock,
6105 						   ifname, 1) < 0))
6106 					return -1;
6107 			return -ENFILE;
6108 		}
6109 		wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
6110 
6111 		/* Try to remove the interface that was already there. */
6112 		nl80211_remove_iface(drv, if_nametoindex(ifname));
6113 
6114 		/* Try to create the interface again */
6115 		ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
6116 						wds, handler, arg);
6117 	}
6118 
6119 	if (ret >= 0 && is_p2p_net_interface(iftype)) {
6120 		wpa_printf(MSG_DEBUG,
6121 			   "nl80211: Interface %s created for P2P - disable 11b rates",
6122 			   ifname);
6123 		nl80211_disable_11b_rates(drv, ret, 1);
6124 	}
6125 
6126 	return ret;
6127 }
6128 
6129 
6130 static int nl80211_setup_ap(struct i802_bss *bss)
6131 {
6132 	struct wpa_driver_nl80211_data *drv = bss->drv;
6133 
6134 	wpa_printf(MSG_DEBUG, "nl80211: Setup AP(%s) - device_ap_sme=%d use_monitor=%d",
6135 		   bss->ifname, drv->device_ap_sme, drv->use_monitor);
6136 
6137 	/*
6138 	 * Disable Probe Request reporting unless we need it in this way for
6139 	 * devices that include the AP SME, in the other case (unless using
6140 	 * monitor iface) we'll get it through the nl_mgmt socket instead.
6141 	 */
6142 	if (!drv->device_ap_sme)
6143 		wpa_driver_nl80211_probe_req_report(bss, 0);
6144 
6145 	if (!drv->device_ap_sme && !drv->use_monitor)
6146 		if (nl80211_mgmt_subscribe_ap(bss))
6147 			return -1;
6148 
6149 	if (drv->device_ap_sme && !drv->use_monitor)
6150 		if (nl80211_mgmt_subscribe_ap_dev_sme(bss))
6151 			wpa_printf(MSG_DEBUG,
6152 				   "nl80211: Failed to subscribe for mgmt frames from SME driver - trying to run without it");
6153 
6154 	if (!drv->device_ap_sme && drv->use_monitor &&
6155 	    nl80211_create_monitor_interface(drv) &&
6156 	    !drv->device_ap_sme)
6157 		return -1;
6158 
6159 	if (drv->device_ap_sme &&
6160 	    wpa_driver_nl80211_probe_req_report(bss, 1) < 0) {
6161 		wpa_printf(MSG_DEBUG, "nl80211: Failed to enable "
6162 			   "Probe Request frame reporting in AP mode");
6163 		/* Try to survive without this */
6164 	}
6165 
6166 	return 0;
6167 }
6168 
6169 
6170 static void nl80211_teardown_ap(struct i802_bss *bss)
6171 {
6172 	struct wpa_driver_nl80211_data *drv = bss->drv;
6173 
6174 	wpa_printf(MSG_DEBUG, "nl80211: Teardown AP(%s) - device_ap_sme=%d use_monitor=%d",
6175 		   bss->ifname, drv->device_ap_sme, drv->use_monitor);
6176 	if (drv->device_ap_sme) {
6177 		wpa_driver_nl80211_probe_req_report(bss, 0);
6178 		if (!drv->use_monitor)
6179 			nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)");
6180 	} else if (drv->use_monitor)
6181 		nl80211_remove_monitor_interface(drv);
6182 	else
6183 		nl80211_mgmt_unsubscribe(bss, "AP teardown");
6184 
6185 	nl80211_put_wiphy_data_ap(bss);
6186 	if (bss->flink)
6187 		bss->flink->beacon_set = 0;
6188 }
6189 
6190 
6191 static int nl80211_tx_control_port(void *priv, const u8 *dest,
6192 				   u16 proto, const u8 *buf, size_t len,
6193 				   int no_encrypt, int link_id)
6194 {
6195 	struct nl80211_ack_ext_arg ext_arg;
6196 	struct i802_bss *bss = priv;
6197 	struct nl_msg *msg;
6198 	u64 cookie = 0;
6199 	int ret;
6200 
6201 	wpa_printf(MSG_DEBUG,
6202 		   "nl80211: Send over control port dest=" MACSTR
6203 		   " proto=0x%04x len=%u no_encrypt=%d",
6204 		   MAC2STR(dest), proto, (unsigned int) len, no_encrypt);
6205 
6206 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_CONTROL_PORT_FRAME);
6207 	if (!msg ||
6208 	    nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
6209 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dest) ||
6210 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
6211 	    (no_encrypt &&
6212 	     nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)) ||
6213 	    (link_id != NL80211_DRV_LINK_ID_NA &&
6214 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))) {
6215 		nlmsg_free(msg);
6216 		return -ENOBUFS;
6217 	}
6218 
6219 	os_memset(&ext_arg, 0, sizeof(struct nl80211_ack_ext_arg));
6220 	ext_arg.ext_data = &cookie;
6221 	ret = send_and_recv(bss->drv->global, bss->drv->global->nl, msg,
6222 			    NULL, NULL, ack_handler_cookie, &ext_arg, NULL);
6223 	if (ret) {
6224 		wpa_printf(MSG_DEBUG,
6225 			   "nl80211: tx_control_port failed: ret=%d (%s)",
6226 			   ret, strerror(-ret));
6227 	} else {
6228 		struct wpa_driver_nl80211_data *drv = bss->drv;
6229 
6230 		wpa_printf(MSG_DEBUG,
6231 			   "nl80211: tx_control_port cookie=0x%llx",
6232 			   (long long unsigned int) cookie);
6233 		drv->eapol_tx_cookie = cookie;
6234 		drv->eapol_tx_link_id = link_id;
6235 	}
6236 
6237 	return ret;
6238 }
6239 
6240 
6241 static int nl80211_send_eapol_data(struct i802_bss *bss,
6242 				   const u8 *addr, const u8 *data,
6243 				   size_t data_len)
6244 {
6245 	struct sockaddr_ll ll;
6246 	int ret;
6247 
6248 	if (bss->drv->eapol_tx_sock < 0) {
6249 		wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL");
6250 		return -1;
6251 	}
6252 
6253 	os_memset(&ll, 0, sizeof(ll));
6254 	ll.sll_family = AF_PACKET;
6255 	ll.sll_ifindex = bss->ifindex;
6256 	ll.sll_protocol = htons(ETH_P_PAE);
6257 	ll.sll_halen = ETH_ALEN;
6258 	os_memcpy(ll.sll_addr, addr, ETH_ALEN);
6259 	ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0,
6260 		     (struct sockaddr *) &ll, sizeof(ll));
6261 	if (ret < 0)
6262 		wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s",
6263 			   strerror(errno));
6264 
6265 	return ret;
6266 }
6267 
6268 
6269 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
6270 
6271 static int wpa_driver_nl80211_hapd_send_eapol(
6272 	void *priv, const u8 *addr, const u8 *data,
6273 	size_t data_len, int encrypt, const u8 *own_addr, u32 flags,
6274 	int link_id)
6275 {
6276 	struct i802_bss *bss = priv;
6277 	struct wpa_driver_nl80211_data *drv = bss->drv;
6278 	struct ieee80211_hdr *hdr;
6279 	size_t len;
6280 	u8 *pos;
6281 	int res;
6282 	int qos = flags & WPA_STA_WMM;
6283 
6284 	/* For now, disable EAPOL TX over control port in AP mode by default
6285 	 * since it does not provide TX status notifications. */
6286 	if (drv->control_port_ap &&
6287 	    (drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT))
6288 		return nl80211_tx_control_port(bss, addr, ETH_P_EAPOL,
6289 					       data, data_len, !encrypt,
6290 					       link_id);
6291 
6292 	if (drv->device_ap_sme || !drv->use_monitor)
6293 		return nl80211_send_eapol_data(bss, addr, data, data_len);
6294 
6295 	len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
6296 		data_len;
6297 	hdr = os_zalloc(len);
6298 	if (hdr == NULL) {
6299 		wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)",
6300 			   (unsigned long) len);
6301 		return -1;
6302 	}
6303 
6304 	hdr->frame_control =
6305 		IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
6306 	hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
6307 	if (encrypt)
6308 		hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
6309 	if (qos) {
6310 		hdr->frame_control |=
6311 			host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
6312 	}
6313 
6314 	memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
6315 	memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
6316 	memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
6317 	pos = (u8 *) (hdr + 1);
6318 
6319 	if (qos) {
6320 		/* Set highest priority in QoS header */
6321 		pos[0] = 7;
6322 		pos[1] = 0;
6323 		pos += 2;
6324 	}
6325 
6326 	memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
6327 	pos += sizeof(rfc1042_header);
6328 	WPA_PUT_BE16(pos, ETH_P_PAE);
6329 	pos += 2;
6330 	memcpy(pos, data, data_len);
6331 
6332 	res = nl80211_send_monitor(drv, hdr, len, encrypt, 0);
6333 	if (res < 0) {
6334 		wpa_printf(MSG_ERROR,
6335 			   "hapd_send_eapol - packet len: %lu - failed",
6336 			   (unsigned long) len);
6337 	}
6338 	os_free(hdr);
6339 
6340 	return res;
6341 }
6342 
6343 
6344 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
6345 					    unsigned int total_flags,
6346 					    unsigned int flags_or,
6347 					    unsigned int flags_and)
6348 {
6349 	struct i802_bss *bss = priv;
6350 	struct nl_msg *msg;
6351 	struct nlattr *flags;
6352 	struct nl80211_sta_flag_update upd;
6353 
6354 	wpa_printf(MSG_DEBUG, "nl80211: Set STA flags - ifname=%s addr=" MACSTR
6355 		   " total_flags=0x%x flags_or=0x%x flags_and=0x%x authorized=%d",
6356 		   bss->ifname, MAC2STR(addr), total_flags, flags_or, flags_and,
6357 		   !!(total_flags & WPA_STA_AUTHORIZED));
6358 
6359 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
6360 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
6361 		goto fail;
6362 
6363 	/*
6364 	 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
6365 	 * can be removed eventually.
6366 	 */
6367 	flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS);
6368 	if (!flags ||
6369 	    ((total_flags & WPA_STA_AUTHORIZED) &&
6370 	     nla_put_flag(msg, NL80211_STA_FLAG_AUTHORIZED)) ||
6371 	    ((total_flags & WPA_STA_WMM) &&
6372 	     nla_put_flag(msg, NL80211_STA_FLAG_WME)) ||
6373 	    ((total_flags & WPA_STA_SHORT_PREAMBLE) &&
6374 	     nla_put_flag(msg, NL80211_STA_FLAG_SHORT_PREAMBLE)) ||
6375 	    ((total_flags & WPA_STA_MFP) &&
6376 	     nla_put_flag(msg, NL80211_STA_FLAG_MFP)) ||
6377 	    ((total_flags & WPA_STA_TDLS_PEER) &&
6378 	     nla_put_flag(msg, NL80211_STA_FLAG_TDLS_PEER)))
6379 		goto fail;
6380 
6381 	nla_nest_end(msg, flags);
6382 
6383 	os_memset(&upd, 0, sizeof(upd));
6384 	upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
6385 	upd.set = sta_flags_nl80211(flags_or);
6386 	if (nla_put(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd))
6387 		goto fail;
6388 
6389 	return send_and_recv_cmd(bss->drv, msg);
6390 fail:
6391 	nlmsg_free(msg);
6392 	return -ENOBUFS;
6393 }
6394 
6395 
6396 static int driver_nl80211_sta_set_airtime_weight(void *priv, const u8 *addr,
6397 						 unsigned int weight)
6398 {
6399 	struct i802_bss *bss = priv;
6400 	struct nl_msg *msg;
6401 	int ret;
6402 
6403 	wpa_printf(MSG_DEBUG,
6404 		   "nl80211: Set STA airtime weight - ifname=%s addr=" MACSTR
6405 		   " weight=%u", bss->ifname, MAC2STR(addr), weight);
6406 
6407 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
6408 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
6409 	    nla_put_u16(msg, NL80211_ATTR_AIRTIME_WEIGHT, weight))
6410 		goto fail;
6411 
6412 	ret = send_and_recv_cmd(bss->drv, msg);
6413 	if (ret) {
6414 		wpa_printf(MSG_DEBUG,
6415 			   "nl80211: SET_STATION[AIRTIME_WEIGHT] failed: ret=%d (%s)",
6416 			   ret, strerror(-ret));
6417 	}
6418 	return ret;
6419 fail:
6420 	nlmsg_free(msg);
6421 	return -ENOBUFS;
6422 }
6423 
6424 
6425 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
6426 				 struct wpa_driver_associate_params *params)
6427 {
6428 	enum nl80211_iftype nlmode, old_mode;
6429 
6430 	if (params->p2p) {
6431 		wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P "
6432 			   "group (GO)");
6433 		nlmode = NL80211_IFTYPE_P2P_GO;
6434 	} else
6435 		nlmode = NL80211_IFTYPE_AP;
6436 
6437 	old_mode = drv->nlmode;
6438 	if (wpa_driver_nl80211_set_mode(drv->first_bss, nlmode)) {
6439 		nl80211_remove_monitor_interface(drv);
6440 		return -1;
6441 	}
6442 
6443 	if (params->freq.freq &&
6444 	    nl80211_set_channel(drv->first_bss, &params->freq, 0)) {
6445 		if (old_mode != nlmode)
6446 			wpa_driver_nl80211_set_mode(drv->first_bss, old_mode);
6447 		nl80211_remove_monitor_interface(drv);
6448 		return -1;
6449 	}
6450 
6451 	return 0;
6452 }
6453 
6454 
6455 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv,
6456 			      int reset_mode)
6457 {
6458 	struct nl_msg *msg;
6459 	int ret;
6460 
6461 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_IBSS);
6462 	ret = send_and_recv(drv->global, drv->first_bss->nl_connect, msg, NULL,
6463 			    NULL, NULL, NULL, NULL);
6464 	if (ret) {
6465 		wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
6466 			   "(%s)", ret, strerror(-ret));
6467 	} else {
6468 		wpa_printf(MSG_DEBUG,
6469 			   "nl80211: Leave IBSS request sent successfully");
6470 	}
6471 
6472 	if (reset_mode &&
6473 	    wpa_driver_nl80211_set_mode(drv->first_bss,
6474 					NL80211_IFTYPE_STATION)) {
6475 		wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
6476 			   "station mode");
6477 	}
6478 
6479 	return ret;
6480 }
6481 
6482 
6483 static int nl80211_ht_vht_overrides(struct nl_msg *msg,
6484 				    struct wpa_driver_associate_params *params)
6485 {
6486 	if (params->disable_ht && nla_put_flag(msg, NL80211_ATTR_DISABLE_HT))
6487 		return -1;
6488 
6489 	if (params->htcaps && params->htcaps_mask) {
6490 		int sz = sizeof(struct ieee80211_ht_capabilities);
6491 		wpa_hexdump(MSG_DEBUG, "  * htcaps", params->htcaps, sz);
6492 		wpa_hexdump(MSG_DEBUG, "  * htcaps_mask",
6493 			    params->htcaps_mask, sz);
6494 		if (nla_put(msg, NL80211_ATTR_HT_CAPABILITY, sz,
6495 			    params->htcaps) ||
6496 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz,
6497 			    params->htcaps_mask))
6498 			return -1;
6499 	}
6500 
6501 #ifdef CONFIG_VHT_OVERRIDES
6502 	if (params->disable_vht) {
6503 		wpa_printf(MSG_DEBUG, "  * VHT disabled");
6504 		if (nla_put_flag(msg, NL80211_ATTR_DISABLE_VHT))
6505 			return -1;
6506 	}
6507 
6508 	if (params->vhtcaps && params->vhtcaps_mask) {
6509 		int sz = sizeof(struct ieee80211_vht_capabilities);
6510 		wpa_hexdump(MSG_DEBUG, "  * vhtcaps", params->vhtcaps, sz);
6511 		wpa_hexdump(MSG_DEBUG, "  * vhtcaps_mask",
6512 			    params->vhtcaps_mask, sz);
6513 		if (nla_put(msg, NL80211_ATTR_VHT_CAPABILITY, sz,
6514 			    params->vhtcaps) ||
6515 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz,
6516 			    params->vhtcaps_mask))
6517 			return -1;
6518 	}
6519 #endif /* CONFIG_VHT_OVERRIDES */
6520 
6521 #ifdef CONFIG_HE_OVERRIDES
6522 	if (params->disable_he) {
6523 		wpa_printf(MSG_DEBUG, "  * HE disabled");
6524 		if (nla_put_flag(msg, NL80211_ATTR_DISABLE_HE))
6525 			return -1;
6526 	}
6527 #endif /* CONFIG_HE_OVERRIDES */
6528 
6529 	if (params->disable_eht) {
6530 		wpa_printf(MSG_DEBUG, "  * EHT disabled");
6531 		if (nla_put_flag(msg, NL80211_ATTR_DISABLE_EHT))
6532 			return -1;
6533 	}
6534 
6535 	return 0;
6536 }
6537 
6538 
6539 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
6540 				   struct wpa_driver_associate_params *params)
6541 {
6542 	struct nl_msg *msg;
6543 	int ret = -1;
6544 	int count = 0;
6545 
6546 	wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
6547 
6548 	if (wpa_driver_nl80211_set_mode_ibss(drv->first_bss, &params->freq)) {
6549 		wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
6550 			   "IBSS mode");
6551 		return -1;
6552 	}
6553 
6554 retry:
6555 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_JOIN_IBSS)) ||
6556 	    params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
6557 		goto fail;
6558 
6559 	wpa_printf(MSG_DEBUG, "  * SSID=%s",
6560 		   wpa_ssid_txt(params->ssid, params->ssid_len));
6561 	if (nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid))
6562 		goto fail;
6563 	os_memcpy(drv->ssid, params->ssid, params->ssid_len);
6564 	drv->ssid_len = params->ssid_len;
6565 
6566 	if (nl80211_put_freq_params(msg, &params->freq) < 0 ||
6567 	    nl80211_put_beacon_int(msg, params->beacon_int))
6568 		goto fail;
6569 
6570 	ret = nl80211_set_conn_keys(params, msg);
6571 	if (ret)
6572 		goto fail;
6573 
6574 	if (params->bssid && params->fixed_bssid) {
6575 		wpa_printf(MSG_DEBUG, "  * BSSID=" MACSTR,
6576 			   MAC2STR(params->bssid));
6577 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
6578 			goto fail;
6579 	}
6580 
6581 	if (params->fixed_freq) {
6582 		wpa_printf(MSG_DEBUG, "  * fixed_freq");
6583 		if (nla_put_flag(msg, NL80211_ATTR_FREQ_FIXED))
6584 			goto fail;
6585 	}
6586 
6587 	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
6588 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
6589 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
6590 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
6591 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA384) {
6592 		wpa_printf(MSG_DEBUG, "  * control port");
6593 		if (nl80211_put_control_port(drv, msg))
6594 			goto fail;
6595 	}
6596 
6597 	if (params->wpa_ie) {
6598 		wpa_hexdump(MSG_DEBUG,
6599 			    "  * Extra IEs for Beacon/Probe Response frames",
6600 			    params->wpa_ie, params->wpa_ie_len);
6601 		if (nla_put(msg, NL80211_ATTR_IE, params->wpa_ie_len,
6602 			    params->wpa_ie))
6603 			goto fail;
6604 	}
6605 
6606 	ret = nl80211_ht_vht_overrides(msg, params);
6607 	if (ret < 0)
6608 		goto fail;
6609 
6610 	if (nla_put_flag(msg, NL80211_ATTR_SOCKET_OWNER))
6611 		goto fail;
6612 	ret = send_and_recv(drv->global, drv->first_bss->nl_connect, msg, NULL,
6613 			    NULL, NULL, NULL, NULL);
6614 	msg = NULL;
6615 	if (ret) {
6616 		wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
6617 			   ret, strerror(-ret));
6618 		count++;
6619 		if (ret == -EALREADY && count == 1) {
6620 			wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
6621 				   "forced leave");
6622 			nl80211_leave_ibss(drv, 0);
6623 			nlmsg_free(msg);
6624 			goto retry;
6625 		}
6626 	} else {
6627 		wpa_printf(MSG_DEBUG,
6628 			   "nl80211: Join IBSS request sent successfully");
6629 	}
6630 
6631 fail:
6632 	nlmsg_free(msg);
6633 	return ret;
6634 }
6635 
6636 
6637 static int nl80211_put_fils_connect_params(struct wpa_driver_nl80211_data *drv,
6638 					   struct wpa_driver_associate_params *params,
6639 					   struct nl_msg *msg)
6640 {
6641 	if (params->fils_erp_username_len) {
6642 		wpa_hexdump_ascii(MSG_DEBUG, "  * FILS ERP EMSKname/username",
6643 				  params->fils_erp_username,
6644 				  params->fils_erp_username_len);
6645 		if (nla_put(msg, NL80211_ATTR_FILS_ERP_USERNAME,
6646 			    params->fils_erp_username_len,
6647 			    params->fils_erp_username))
6648 			return -1;
6649 	}
6650 
6651 	if (params->fils_erp_realm_len) {
6652 		wpa_hexdump_ascii(MSG_DEBUG, "  * FILS ERP Realm",
6653 				  params->fils_erp_realm,
6654 				  params->fils_erp_realm_len);
6655 		if (nla_put(msg, NL80211_ATTR_FILS_ERP_REALM,
6656 			    params->fils_erp_realm_len, params->fils_erp_realm))
6657 			return -1;
6658 	}
6659 
6660 	if (params->fils_erp_rrk_len) {
6661 		wpa_printf(MSG_DEBUG, "  * FILS ERP next seq %u",
6662 			   params->fils_erp_next_seq_num);
6663 		if (nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
6664 				params->fils_erp_next_seq_num))
6665 			return -1;
6666 
6667 		wpa_printf(MSG_DEBUG, "  * FILS ERP rRK (len=%lu)",
6668 			   (unsigned long) params->fils_erp_rrk_len);
6669 		if (nla_put(msg, NL80211_ATTR_FILS_ERP_RRK,
6670 			    params->fils_erp_rrk_len, params->fils_erp_rrk))
6671 			return -1;
6672 	}
6673 
6674 	return 0;
6675 }
6676 
6677 
6678 static unsigned int num_bits_set(u32 val)
6679 {
6680 	unsigned int c;
6681 
6682 	for (c = 0; val; c++)
6683 		val &= val - 1;
6684 
6685 	return c;
6686 }
6687 
6688 
6689 static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
6690 				  struct wpa_driver_associate_params *params,
6691 				  struct nl_msg *msg)
6692 {
6693 	if (params->mld_params.mld_addr && params->mld_params.valid_links > 0) {
6694 		struct wpa_driver_mld_params *mld_params = &params->mld_params;
6695 		struct nlattr *links, *attr;
6696 		u8 link_id;
6697 
6698 		wpa_printf(MSG_DEBUG, "  * MLD: MLD addr=" MACSTR,
6699 			   MAC2STR(mld_params->mld_addr));
6700 
6701 		if (nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
6702 			    mld_params->mld_addr) ||
6703 		    nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
6704 			       mld_params->assoc_link_id))
6705 			return -1;
6706 
6707 		links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
6708 		if (!links)
6709 			return -1;
6710 
6711 		for_each_link(mld_params->valid_links, link_id) {
6712 			attr = nla_nest_start(msg, 0);
6713 			if (!attr)
6714 				return -1;
6715 
6716 			if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
6717 				       link_id) ||
6718 			    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
6719 				    mld_params->mld_links[link_id].bssid) ||
6720 			    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
6721 					mld_params->mld_links[link_id].freq) ||
6722 			    (mld_params->mld_links[link_id].disabled &&
6723 			     nla_put_flag(msg,
6724 					  NL80211_ATTR_MLO_LINK_DISABLED)) ||
6725 			    (mld_params->mld_links[link_id].ies &&
6726 			     mld_params->mld_links[link_id].ies_len &&
6727 			     nla_put(msg, NL80211_ATTR_IE,
6728 				     mld_params->mld_links[link_id].ies_len,
6729 				     mld_params->mld_links[link_id].ies)))
6730 				return -1;
6731 
6732 			os_memcpy(drv->sta_mlo_info.links[link_id].bssid,
6733 				  mld_params->mld_links[link_id].bssid,
6734 				  ETH_ALEN);
6735 			nla_nest_end(msg, attr);
6736 		}
6737 
6738 		nla_nest_end(msg, links);
6739 
6740 		os_memcpy(drv->sta_mlo_info.ap_mld_addr,
6741 			  params->mld_params.mld_addr, ETH_ALEN);
6742 		drv->sta_mlo_info.assoc_link_id = mld_params->assoc_link_id;
6743 		drv->sta_mlo_info.req_links = mld_params->valid_links;
6744 	}
6745 
6746 	if (nla_put_flag(msg, NL80211_ATTR_IFACE_SOCKET_OWNER))
6747 		return -1;
6748 
6749 	if (params->bssid && !params->mld_params.mld_addr) {
6750 		wpa_printf(MSG_DEBUG, "  * bssid=" MACSTR,
6751 			   MAC2STR(params->bssid));
6752 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
6753 			return -1;
6754 	}
6755 
6756 	if (params->bssid_hint) {
6757 		wpa_printf(MSG_DEBUG, "  * bssid_hint=" MACSTR,
6758 			   MAC2STR(params->bssid_hint));
6759 		if (nla_put(msg, NL80211_ATTR_MAC_HINT, ETH_ALEN,
6760 			    params->bssid_hint))
6761 			return -1;
6762 	}
6763 
6764 	if (params->freq.freq && !params->mld_params.mld_addr) {
6765 		wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq.freq);
6766 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
6767 				params->freq.freq))
6768 			return -1;
6769 		drv->assoc_freq = params->freq.freq;
6770 	} else
6771 		drv->assoc_freq = 0;
6772 
6773 	if (params->freq_hint) {
6774 		wpa_printf(MSG_DEBUG, "  * freq_hint=%d", params->freq_hint);
6775 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_HINT,
6776 				params->freq_hint))
6777 			return -1;
6778 	}
6779 
6780 	if (params->freq.edmg.channels && params->freq.edmg.bw_config) {
6781 		wpa_printf(MSG_DEBUG,
6782 			   "  * EDMG configuration: channels=0x%x bw_config=%d",
6783 			   params->freq.edmg.channels,
6784 			   params->freq.edmg.bw_config);
6785 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_CHANNELS,
6786 			       params->freq.edmg.channels) ||
6787 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_BW_CONFIG,
6788 			       params->freq.edmg.bw_config))
6789 			return -1;
6790 	}
6791 
6792 	if (params->bg_scan_period >= 0) {
6793 		wpa_printf(MSG_DEBUG, "  * bg scan period=%d",
6794 			   params->bg_scan_period);
6795 		if (nla_put_u16(msg, NL80211_ATTR_BG_SCAN_PERIOD,
6796 				params->bg_scan_period))
6797 			return -1;
6798 	}
6799 
6800 	if (params->ssid) {
6801 		wpa_printf(MSG_DEBUG, "  * SSID=%s",
6802 			   wpa_ssid_txt(params->ssid, params->ssid_len));
6803 		if (nla_put(msg, NL80211_ATTR_SSID, params->ssid_len,
6804 			    params->ssid))
6805 			return -1;
6806 		if (params->ssid_len > sizeof(drv->ssid))
6807 			return -1;
6808 		os_memcpy(drv->ssid, params->ssid, params->ssid_len);
6809 		drv->ssid_len = params->ssid_len;
6810 	}
6811 
6812 	wpa_hexdump(MSG_DEBUG, "  * IEs", params->wpa_ie, params->wpa_ie_len);
6813 	if (params->wpa_ie &&
6814 	    nla_put(msg, NL80211_ATTR_IE, params->wpa_ie_len, params->wpa_ie))
6815 		return -1;
6816 
6817 	if (params->wpa_proto) {
6818 		enum nl80211_wpa_versions ver = 0;
6819 
6820 		if (params->wpa_proto & WPA_PROTO_WPA)
6821 			ver |= NL80211_WPA_VERSION_1;
6822 		if (params->wpa_proto & WPA_PROTO_RSN) {
6823 			/*
6824 			 * NL80211_ATTR_SAE_PASSWORD is related and was added
6825 			 * at the same time as NL80211_WPA_VERSION_3.
6826 			 */
6827 			if (nl80211_attr_supported(drv,
6828 						   NL80211_ATTR_SAE_PASSWORD) &&
6829 			    wpa_key_mgmt_sae(params->key_mgmt_suite))
6830 				ver |= NL80211_WPA_VERSION_3;
6831 			else
6832 				ver |= NL80211_WPA_VERSION_2;
6833 		}
6834 
6835 		wpa_printf(MSG_DEBUG, "  * WPA Versions 0x%x", ver);
6836 		if (nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
6837 			return -1;
6838 	}
6839 
6840 	if (params->pairwise_suite != WPA_CIPHER_NONE) {
6841 		u32 cipher = wpa_cipher_to_cipher_suite(params->pairwise_suite);
6842 		wpa_printf(MSG_DEBUG, "  * pairwise=0x%x", cipher);
6843 		if (nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
6844 				cipher))
6845 			return -1;
6846 	}
6847 
6848 	if (params->group_suite == WPA_CIPHER_GTK_NOT_USED &&
6849 	    !(drv->capa.enc & WPA_DRIVER_CAPA_ENC_GTK_NOT_USED)) {
6850 		/*
6851 		 * This is likely to work even though many drivers do not
6852 		 * advertise support for operations without GTK.
6853 		 */
6854 		wpa_printf(MSG_DEBUG, "  * skip group cipher configuration for GTK_NOT_USED due to missing driver support advertisement");
6855 	} else if (params->group_suite != WPA_CIPHER_NONE) {
6856 		u32 cipher = wpa_cipher_to_cipher_suite(params->group_suite);
6857 		wpa_printf(MSG_DEBUG, "  * group=0x%x", cipher);
6858 		if (nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher))
6859 			return -1;
6860 	}
6861 
6862 	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
6863 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
6864 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X ||
6865 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK ||
6866 	    params->key_mgmt_suite == WPA_KEY_MGMT_CCKM ||
6867 	    params->key_mgmt_suite == WPA_KEY_MGMT_OSEN ||
6868 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
6869 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
6870 	    params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
6871 	    params->key_mgmt_suite == WPA_KEY_MGMT_SAE_EXT_KEY ||
6872 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE ||
6873 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE_EXT_KEY ||
6874 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
6875 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 ||
6876 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X_SHA384 ||
6877 	    params->key_mgmt_suite == WPA_KEY_MGMT_FILS_SHA256 ||
6878 	    params->key_mgmt_suite == WPA_KEY_MGMT_FILS_SHA384 ||
6879 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_FILS_SHA256 ||
6880 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_FILS_SHA384 ||
6881 	    params->key_mgmt_suite == WPA_KEY_MGMT_OWE ||
6882 	    params->key_mgmt_suite == WPA_KEY_MGMT_DPP ||
6883 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA384) {
6884 		u32 *mgmt;
6885 		unsigned int akm_count = 1, i;
6886 
6887 		/*
6888 		 * Make sure the driver has capability to handle default AKM in
6889 		 * key_mgmt_suite plus allowed AKMs in allowed_key_mgmts.
6890 		 */
6891 		if (drv->capa.max_num_akms <=
6892 		    num_bits_set(params->allowed_key_mgmts)) {
6893 			wpa_printf(MSG_INFO,
6894 				   "nl80211: Not enough support for the allowed AKMs (max_num_akms=%u <= num_bits_set=%u)",
6895 				   drv->capa.max_num_akms,
6896 				   num_bits_set(params->allowed_key_mgmts));
6897 			return -1;
6898 		}
6899 
6900 		mgmt = os_malloc(sizeof(u32) * drv->capa.max_num_akms);
6901 		if (!mgmt)
6902 			return -1;
6903 
6904 		mgmt[0] = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
6905 
6906 		switch (params->key_mgmt_suite) {
6907 		case WPA_KEY_MGMT_CCKM:
6908 			mgmt[0] = RSN_AUTH_KEY_MGMT_CCKM;
6909 			break;
6910 		case WPA_KEY_MGMT_IEEE8021X:
6911 			mgmt[0] = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
6912 			break;
6913 		case WPA_KEY_MGMT_FT_IEEE8021X:
6914 			mgmt[0] = RSN_AUTH_KEY_MGMT_FT_802_1X;
6915 			break;
6916 		case WPA_KEY_MGMT_FT_PSK:
6917 			mgmt[0] = RSN_AUTH_KEY_MGMT_FT_PSK;
6918 			break;
6919 		case WPA_KEY_MGMT_IEEE8021X_SHA256:
6920 			mgmt[0] = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
6921 			break;
6922 		case WPA_KEY_MGMT_PSK_SHA256:
6923 			mgmt[0] = RSN_AUTH_KEY_MGMT_PSK_SHA256;
6924 			break;
6925 		case WPA_KEY_MGMT_OSEN:
6926 			mgmt[0] = RSN_AUTH_KEY_MGMT_OSEN;
6927 			break;
6928 		case WPA_KEY_MGMT_SAE:
6929 			mgmt[0] = RSN_AUTH_KEY_MGMT_SAE;
6930 			break;
6931 		case WPA_KEY_MGMT_SAE_EXT_KEY:
6932 			mgmt[0] = RSN_AUTH_KEY_MGMT_SAE_EXT_KEY;
6933 			break;
6934 		case WPA_KEY_MGMT_FT_SAE:
6935 			mgmt[0] = RSN_AUTH_KEY_MGMT_FT_SAE;
6936 			break;
6937 		case WPA_KEY_MGMT_FT_SAE_EXT_KEY:
6938 			mgmt[0] = RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY;
6939 			break;
6940 		case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
6941 			mgmt[0] = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
6942 			break;
6943 		case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
6944 			mgmt[0] = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
6945 			break;
6946 		case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
6947 			mgmt[0] = RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384;
6948 			break;
6949 		case WPA_KEY_MGMT_FILS_SHA256:
6950 			mgmt[0] = RSN_AUTH_KEY_MGMT_FILS_SHA256;
6951 			break;
6952 		case WPA_KEY_MGMT_FILS_SHA384:
6953 			mgmt[0] = RSN_AUTH_KEY_MGMT_FILS_SHA384;
6954 			break;
6955 		case WPA_KEY_MGMT_FT_FILS_SHA256:
6956 			mgmt[0] = RSN_AUTH_KEY_MGMT_FT_FILS_SHA256;
6957 			break;
6958 		case WPA_KEY_MGMT_FT_FILS_SHA384:
6959 			mgmt[0] = RSN_AUTH_KEY_MGMT_FT_FILS_SHA384;
6960 			break;
6961 		case WPA_KEY_MGMT_OWE:
6962 			mgmt[0] = RSN_AUTH_KEY_MGMT_OWE;
6963 			break;
6964 		case WPA_KEY_MGMT_DPP:
6965 			mgmt[0] = RSN_AUTH_KEY_MGMT_DPP;
6966 			break;
6967 		case WPA_KEY_MGMT_IEEE8021X_SHA384:
6968 			mgmt[0] = RSN_AUTH_KEY_MGMT_802_1X_SHA384;
6969 			break;
6970 		case WPA_KEY_MGMT_PSK:
6971 		default:
6972 			mgmt[0] = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
6973 			break;
6974 		}
6975 
6976 		if (drv->capa.max_num_akms > 1) {
6977 			akm_count += wpa_key_mgmt_to_suites(
6978 				params->allowed_key_mgmts, &mgmt[1],
6979 				drv->capa.max_num_akms - 1);
6980 		}
6981 
6982 		for (i = 0; i < akm_count; i++)
6983 			wpa_printf(MSG_DEBUG, "  * akm[%d]=0x%x", i, mgmt[i]);
6984 
6985 		if (nla_put(msg, NL80211_ATTR_AKM_SUITES,
6986 			    akm_count * sizeof(u32), mgmt)) {
6987 			os_free(mgmt);
6988 			return -1;
6989 		}
6990 
6991 		os_free(mgmt);
6992 	}
6993 
6994 	if (params->req_handshake_offload &&
6995 	    (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)) {
6996 		    wpa_printf(MSG_DEBUG, "  * WANT_1X_4WAY_HS");
6997 		    if (nla_put_flag(msg, NL80211_ATTR_WANT_1X_4WAY_HS))
6998 			    return -1;
6999 	    }
7000 
7001 	/* Add PSK in case of 4-way handshake offload */
7002 	if (params->psk &&
7003 	    (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK)) {
7004 		wpa_hexdump_key(MSG_DEBUG, "  * PSK", params->psk, 32);
7005 		if (nla_put(msg, NL80211_ATTR_PMK, 32, params->psk))
7006 			return -1;
7007 	}
7008 
7009 	if (nl80211_put_control_port(drv, msg))
7010 		return -1;
7011 
7012 	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
7013 	    (params->pairwise_suite == WPA_CIPHER_NONE ||
7014 	     params->pairwise_suite == WPA_CIPHER_WEP104 ||
7015 	     params->pairwise_suite == WPA_CIPHER_WEP40) &&
7016 	    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))
7017 		return -1;
7018 
7019 	if (params->rrm_used) {
7020 		u32 drv_rrm_flags = drv->capa.rrm_flags;
7021 		if ((!((drv_rrm_flags &
7022 			WPA_DRIVER_FLAGS_DS_PARAM_SET_IE_IN_PROBES) &&
7023 		       (drv_rrm_flags & WPA_DRIVER_FLAGS_QUIET)) &&
7024 		     !(drv_rrm_flags & WPA_DRIVER_FLAGS_SUPPORT_RRM)) ||
7025 		    nla_put_flag(msg, NL80211_ATTR_USE_RRM))
7026 			return -1;
7027 	}
7028 
7029 	if (nl80211_ht_vht_overrides(msg, params) < 0)
7030 		return -1;
7031 
7032 	if (params->p2p)
7033 		wpa_printf(MSG_DEBUG, "  * P2P group");
7034 
7035 	if (params->pbss) {
7036 		wpa_printf(MSG_DEBUG, "  * PBSS");
7037 		if (nla_put_flag(msg, NL80211_ATTR_PBSS))
7038 			return -1;
7039 	}
7040 
7041 	drv->connect_reassoc = 0;
7042 	if (params->prev_bssid) {
7043 		wpa_printf(MSG_DEBUG, "  * prev_bssid=" MACSTR,
7044 			   MAC2STR(params->prev_bssid));
7045 		if (nla_put(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
7046 			    params->prev_bssid))
7047 			return -1;
7048 		drv->connect_reassoc = 1;
7049 	}
7050 
7051 	if ((params->auth_alg & WPA_AUTH_ALG_FILS) &&
7052 	    nl80211_put_fils_connect_params(drv, params, msg) != 0)
7053 		return -1;
7054 
7055 	if ((wpa_key_mgmt_sae(params->key_mgmt_suite) ||
7056 	     wpa_key_mgmt_sae(params->allowed_key_mgmts)) &&
7057 	    (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) &&
7058 	    nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT))
7059 		return -1;
7060 
7061 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME) &&
7062 	    nla_put_flag(msg, NL80211_ATTR_MLO_SUPPORT))
7063 		return -1;
7064 
7065 	return 0;
7066 }
7067 
7068 
7069 static int wpa_driver_nl80211_try_connect(
7070 	struct wpa_driver_nl80211_data *drv,
7071 	struct wpa_driver_associate_params *params,
7072 	struct i802_bss *bss)
7073 {
7074 	struct nl_msg *msg;
7075 	enum nl80211_auth_type type;
7076 	int ret;
7077 	int algs;
7078 
7079 #ifdef CONFIG_DRIVER_NL80211_QCA
7080 	if (params->req_key_mgmt_offload && params->psk &&
7081 	    (wpa_key_mgmt_wpa_psk_no_sae(params->key_mgmt_suite) ||
7082 	     wpa_key_mgmt_wpa_psk_no_sae(params->allowed_key_mgmts))) {
7083 		wpa_printf(MSG_DEBUG, "nl80211: Key management set PSK");
7084 		ret = issue_key_mgmt_set_key(drv, params->psk, 32);
7085 		if (ret)
7086 			return ret;
7087 	}
7088 #endif /* CONFIG_DRIVER_NL80211_QCA */
7089 
7090 	wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
7091 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_CONNECT);
7092 	if (!msg)
7093 		return -1;
7094 
7095 	ret = nl80211_connect_common(drv, params, msg);
7096 	if (ret)
7097 		goto fail;
7098 
7099 	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
7100 	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
7101 		goto fail;
7102 
7103 	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_OPTIONAL &&
7104 	    (drv->capa.flags & WPA_DRIVER_FLAGS_MFP_OPTIONAL) &&
7105 	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_OPTIONAL))
7106 		goto fail;
7107 
7108 #ifdef CONFIG_SAE
7109 	if ((wpa_key_mgmt_sae(params->key_mgmt_suite) ||
7110 	     wpa_key_mgmt_sae(params->allowed_key_mgmts)) &&
7111 	    nl80211_put_sae_pwe(msg, params->sae_pwe) < 0)
7112 		goto fail;
7113 
7114 	/* Add SAE password in case of SAE authentication offload */
7115 	if ((params->sae_password || params->passphrase) &&
7116 	    (drv->capa.flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA)) {
7117 		const char *password;
7118 		size_t pwd_len;
7119 
7120 		if (params->sae_password && params->sae_password_id) {
7121 			wpa_printf(MSG_INFO,
7122 				   "nl80211: Use of SAE password identifiers not supported with driver-based SAE");
7123 			goto fail;
7124 		}
7125 
7126 		password = params->sae_password;
7127 		if (!password)
7128 			password = params->passphrase;
7129 		pwd_len = os_strlen(password);
7130 		wpa_printf(MSG_DEBUG, "  * SAE password");
7131 		if (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, pwd_len, password))
7132 			goto fail;
7133 	}
7134 #endif /* CONFIG_SAE */
7135 
7136 	algs = 0;
7137 	if (params->auth_alg & WPA_AUTH_ALG_OPEN)
7138 		algs++;
7139 	if (params->auth_alg & WPA_AUTH_ALG_SHARED)
7140 		algs++;
7141 	if (params->auth_alg & WPA_AUTH_ALG_LEAP)
7142 		algs++;
7143 	if (params->auth_alg & WPA_AUTH_ALG_FILS)
7144 		algs++;
7145 	if (params->auth_alg & WPA_AUTH_ALG_FT)
7146 		algs++;
7147 	if (params->auth_alg & WPA_AUTH_ALG_SAE)
7148 		algs++;
7149 	if (algs > 1) {
7150 		wpa_printf(MSG_DEBUG, "  * Leave out Auth Type for automatic "
7151 			   "selection");
7152 		goto skip_auth_type;
7153 	}
7154 
7155 	type = get_nl_auth_type(params->auth_alg);
7156 	wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
7157 	if (type == NL80211_AUTHTYPE_MAX ||
7158 	    nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE, type))
7159 		goto fail;
7160 
7161 skip_auth_type:
7162 	ret = nl80211_set_conn_keys(params, msg);
7163 	if (ret)
7164 		goto fail;
7165 
7166 	if (nla_put_flag(msg, NL80211_ATTR_SOCKET_OWNER))
7167 		goto fail;
7168 	ret = send_and_recv(drv->global, bss->nl_connect, msg, NULL, NULL, NULL,
7169 			    NULL, NULL);
7170 	msg = NULL;
7171 	if (ret) {
7172 		wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
7173 			   "(%s)", ret, strerror(-ret));
7174 	} else {
7175 #ifdef CONFIG_DRIVER_NL80211_QCA
7176 		drv->roam_indication_done = false;
7177 #endif /* CONFIG_DRIVER_NL80211_QCA */
7178 		wpa_printf(MSG_DEBUG,
7179 			   "nl80211: Connect request send successfully");
7180 	}
7181 
7182 fail:
7183 	nl80211_nlmsg_clear(msg);
7184 	nlmsg_free(msg);
7185 	return ret;
7186 
7187 }
7188 
7189 
7190 static int wpa_driver_nl80211_connect(
7191 	struct wpa_driver_nl80211_data *drv,
7192 	struct wpa_driver_associate_params *params,
7193 	struct i802_bss *bss)
7194 {
7195 	int ret;
7196 
7197 	/* Store the connection attempted bssid for future use */
7198 	if (params->bssid)
7199 		os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN);
7200 	else
7201 		os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
7202 
7203 	ret = wpa_driver_nl80211_try_connect(drv, params, bss);
7204 	if (ret == -EALREADY) {
7205 		/*
7206 		 * cfg80211 does not currently accept new connections if
7207 		 * we are already connected. As a workaround, force
7208 		 * disconnection and try again.
7209 		 */
7210 		wpa_printf(MSG_DEBUG, "nl80211: Explicitly "
7211 			   "disconnecting before reassociation "
7212 			   "attempt");
7213 		if (wpa_driver_nl80211_disconnect(
7214 			    drv, WLAN_REASON_PREV_AUTH_NOT_VALID, bss))
7215 			return -1;
7216 		ret = wpa_driver_nl80211_try_connect(drv, params, bss);
7217 	}
7218 	return ret;
7219 }
7220 
7221 
7222 static int wpa_driver_nl80211_associate(
7223 	void *priv, struct wpa_driver_associate_params *params)
7224 {
7225 	struct i802_bss *bss = priv;
7226 	struct wpa_driver_nl80211_data *drv = bss->drv;
7227 	struct nl80211_err_info err_info;
7228 	int ret = -1;
7229 	struct nl_msg *msg;
7230 
7231 	nl80211_unmask_11b_rates(bss);
7232 
7233 	if (params->mode == IEEE80211_MODE_AP)
7234 		return wpa_driver_nl80211_ap(drv, params);
7235 
7236 	if (params->mode == IEEE80211_MODE_IBSS)
7237 		return wpa_driver_nl80211_ibss(drv, params);
7238 
7239 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
7240 		enum nl80211_iftype nlmode = params->p2p ?
7241 			NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
7242 
7243 		if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
7244 			return -1;
7245 
7246 		return wpa_driver_nl80211_connect(drv, params, bss);
7247 	}
7248 
7249 	nl80211_mark_disconnected(drv);
7250 
7251 	wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
7252 		   drv->ifindex);
7253 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_ASSOCIATE);
7254 	if (!msg)
7255 		return -1;
7256 
7257 	ret = nl80211_connect_common(drv, params, msg);
7258 	if (ret)
7259 		goto fail;
7260 
7261 	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
7262 	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
7263 		goto fail;
7264 
7265 	if (params->fils_kek) {
7266 		wpa_printf(MSG_DEBUG, "  * FILS KEK (len=%u)",
7267 			   (unsigned int) params->fils_kek_len);
7268 		if (nla_put(msg, NL80211_ATTR_FILS_KEK, params->fils_kek_len,
7269 			    params->fils_kek))
7270 			goto fail;
7271 	}
7272 	if (params->fils_nonces) {
7273 		wpa_hexdump(MSG_DEBUG, "  * FILS nonces (for AAD)",
7274 			    params->fils_nonces,
7275 			    params->fils_nonces_len);
7276 		if (nla_put(msg, NL80211_ATTR_FILS_NONCES,
7277 			    params->fils_nonces_len, params->fils_nonces))
7278 			goto fail;
7279 	}
7280 
7281 	if (!TEST_FAIL_TAG("assoc")) {
7282 		if (nla_put_flag(msg, NL80211_ATTR_SOCKET_OWNER))
7283 			goto fail;
7284 		ret = send_and_recv(drv->global, drv->first_bss->nl_connect,
7285 				    msg, NULL, NULL, NULL, NULL, &err_info);
7286 		msg = NULL;
7287 	} else {
7288 		int i;
7289 
7290 		/* Error and force TEST_FAIL checking for each link */
7291 		ret = -EINVAL;
7292 		for_each_link(params->mld_params.valid_links, i) {
7293 			if (TEST_FAIL_TAG("link"))
7294 				err_info.link_id = i;
7295 		}
7296 	}
7297 
7298 	if (ret) {
7299 		wpa_dbg(drv->ctx, MSG_DEBUG,
7300 			"nl80211: MLME command failed (assoc): ret=%d (%s)",
7301 			ret, strerror(-ret));
7302 		nl80211_dump_scan(drv);
7303 
7304 		/* Mark failed link within params */
7305 		if (err_info.link_id >= 0) {
7306 			if (err_info.link_id >= MAX_NUM_MLD_LINKS ||
7307 			    !(params->mld_params.valid_links &
7308 			      BIT(err_info.link_id))) {
7309 				wpa_printf(MSG_DEBUG,
7310 					   "nl80211: Invalid errorred link_id %d",
7311 					   err_info.link_id);
7312 				goto fail;
7313 			}
7314 			params->mld_params.mld_links[err_info.link_id].error =
7315 				ret;
7316 		}
7317 	} else {
7318 		wpa_printf(MSG_DEBUG,
7319 			   "nl80211: Association request send successfully");
7320 	}
7321 
7322 fail:
7323 	nlmsg_free(msg);
7324 	return ret;
7325 }
7326 
7327 
7328 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
7329 			    int ifindex, enum nl80211_iftype mode)
7330 {
7331 	struct nl_msg *msg;
7332 	int ret = -ENOBUFS;
7333 
7334 	wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)",
7335 		   ifindex, mode, nl80211_iftype_str(mode));
7336 
7337 	msg = nl80211_cmd_msg(drv->first_bss, 0, NL80211_CMD_SET_INTERFACE);
7338 	if (!msg || nla_put_u32(msg, NL80211_ATTR_IFTYPE, mode))
7339 		goto fail;
7340 
7341 	ret = send_and_recv_cmd(drv, msg);
7342 	msg = NULL;
7343 	if (!ret)
7344 		return 0;
7345 fail:
7346 	nlmsg_free(msg);
7347 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
7348 		   " %d (%s)", ifindex, mode, ret, strerror(-ret));
7349 	return ret;
7350 }
7351 
7352 
7353 static int wpa_driver_nl80211_set_mode_impl(
7354 		struct i802_bss *bss,
7355 		enum nl80211_iftype nlmode,
7356 		struct hostapd_freq_params *desired_freq_params)
7357 {
7358 	struct wpa_driver_nl80211_data *drv = bss->drv;
7359 	int ret = -1;
7360 	int i;
7361 	int was_ap = is_ap_interface(drv->nlmode);
7362 	int res;
7363 	int mode_switch_res;
7364 
7365 	if (TEST_FAIL())
7366 		return -1;
7367 
7368 	mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode);
7369 	if (mode_switch_res && nlmode == nl80211_get_ifmode(bss))
7370 		mode_switch_res = 0;
7371 
7372 	if (mode_switch_res == 0) {
7373 		drv->nlmode = nlmode;
7374 		ret = 0;
7375 		goto done;
7376 	}
7377 
7378 	if (mode_switch_res == -ENODEV)
7379 		return -1;
7380 
7381 	if (nlmode == drv->nlmode) {
7382 		wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
7383 			   "requested mode - ignore error");
7384 		ret = 0;
7385 		goto done; /* Already in the requested mode */
7386 	}
7387 
7388 	/* mac80211 doesn't allow mode changes while the device is up, so
7389 	 * take the device down, try to set the mode again, and bring the
7390 	 * device back up.
7391 	 */
7392 	wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
7393 		   "interface down");
7394 	for (i = 0; i < 10; i++) {
7395 		res = i802_set_iface_flags(bss, 0);
7396 		if (res == -EACCES || res == -ENODEV)
7397 			break;
7398 		if (res != 0) {
7399 			wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
7400 				   "interface down");
7401 			os_sleep(0, 100000);
7402 			continue;
7403 		}
7404 
7405 		/*
7406 		 * Setting the mode will fail for some drivers if the phy is
7407 		 * on a frequency that the mode is disallowed in.
7408 		 */
7409 		if (desired_freq_params) {
7410 			res = nl80211_set_channel(bss, desired_freq_params, 0);
7411 			if (res) {
7412 				wpa_printf(MSG_DEBUG,
7413 					   "nl80211: Failed to set frequency on interface");
7414 			}
7415 		}
7416 
7417 		if (i == 0 && was_ap && !is_ap_interface(nlmode) &&
7418 		    bss->brname[0] &&
7419 		    (bss->added_if_into_bridge || bss->already_in_bridge)) {
7420 			wpa_printf(MSG_DEBUG,
7421 				   "nl80211: Remove AP interface %s temporarily from the bridge %s to allow its mode to be set to STATION",
7422 				   bss->ifname, bss->brname);
7423 			if (linux_br_del_if(drv->global->ioctl_sock,
7424 					    bss->brname, bss->ifname) < 0)
7425 				wpa_printf(MSG_INFO,
7426 					   "nl80211: Failed to remove interface %s from bridge %s: %s",
7427 					   bss->ifname, bss->brname,
7428 					   strerror(errno));
7429 		}
7430 
7431 		/* Try to set the mode again while the interface is down */
7432 		mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode);
7433 		if (mode_switch_res == -EBUSY) {
7434 			wpa_printf(MSG_DEBUG,
7435 				   "nl80211: Delaying mode set while interface going down");
7436 			os_sleep(0, 100000);
7437 			continue;
7438 		}
7439 		ret = mode_switch_res;
7440 		break;
7441 	}
7442 
7443 	if (!ret) {
7444 		wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
7445 			   "interface is down");
7446 		drv->nlmode = nlmode;
7447 		drv->ignore_if_down_event = 1;
7448 	}
7449 
7450 	/* Bring the interface back up */
7451 	res = linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1);
7452 	if (res != 0) {
7453 		wpa_printf(MSG_DEBUG,
7454 			   "nl80211: Failed to set interface up after switching mode");
7455 		ret = -1;
7456 	}
7457 
7458 done:
7459 	if (ret) {
7460 		wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
7461 			   "from %d failed", nlmode, drv->nlmode);
7462 		return ret;
7463 	}
7464 
7465 	if (is_p2p_net_interface(nlmode)) {
7466 		wpa_printf(MSG_DEBUG,
7467 			   "nl80211: Interface %s mode change to P2P - disable 11b rates",
7468 			   bss->ifname);
7469 		nl80211_disable_11b_rates(drv, drv->ifindex, 1);
7470 	} else if (drv->disabled_11b_rates) {
7471 		wpa_printf(MSG_DEBUG,
7472 			   "nl80211: Interface %s mode changed to non-P2P - re-enable 11b rates",
7473 			   bss->ifname);
7474 		nl80211_disable_11b_rates(drv, drv->ifindex, 0);
7475 	}
7476 
7477 	if (is_ap_interface(nlmode)) {
7478 		nl80211_mgmt_unsubscribe(bss, "start AP");
7479 		/* Setup additional AP mode functionality if needed */
7480 		if (nl80211_setup_ap(bss))
7481 			return -1;
7482 	} else if (was_ap) {
7483 		/* Remove additional AP mode functionality */
7484 		nl80211_teardown_ap(bss);
7485 	} else {
7486 		nl80211_mgmt_unsubscribe(bss, "mode change");
7487 	}
7488 
7489 	if (is_mesh_interface(nlmode) &&
7490 	    nl80211_mgmt_subscribe_mesh(bss))
7491 		return -1;
7492 
7493 	if (!bss->in_deinit && !is_ap_interface(nlmode) &&
7494 	    !is_mesh_interface(nlmode) &&
7495 	    nl80211_mgmt_subscribe_non_ap(bss) < 0)
7496 		wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
7497 			   "frame processing - ignore for now");
7498 
7499 	return 0;
7500 }
7501 
7502 
7503 void nl80211_restore_ap_mode(struct i802_bss *bss)
7504 {
7505 	struct wpa_driver_nl80211_data *drv = bss->drv;
7506 	int was_ap = is_ap_interface(drv->nlmode);
7507 
7508 	wpa_driver_nl80211_set_mode(bss, drv->ap_scan_as_station);
7509 	if (!was_ap && is_ap_interface(drv->ap_scan_as_station) &&
7510 	    bss->brname[0] &&
7511 	    (bss->added_if_into_bridge || bss->already_in_bridge)) {
7512 		wpa_printf(MSG_DEBUG,
7513 			   "nl80211: Add AP interface %s back into the bridge %s",
7514 			   bss->ifname, bss->brname);
7515 		if (linux_br_add_if(drv->global->ioctl_sock, bss->brname,
7516 				    bss->ifname) < 0) {
7517 			wpa_printf(MSG_WARNING,
7518 				   "nl80211: Failed to add interface %s into bridge %s: %s",
7519 				   bss->ifname, bss->brname, strerror(errno));
7520 		}
7521 	}
7522 	drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
7523 }
7524 
7525 
7526 int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
7527 				enum nl80211_iftype nlmode)
7528 {
7529 	return wpa_driver_nl80211_set_mode_impl(bss, nlmode, NULL);
7530 }
7531 
7532 
7533 static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss,
7534 					    struct hostapd_freq_params *freq)
7535 {
7536 	return wpa_driver_nl80211_set_mode_impl(bss, NL80211_IFTYPE_ADHOC,
7537 						freq);
7538 }
7539 
7540 
7541 static int wpa_driver_nl80211_get_capa(void *priv,
7542 				       struct wpa_driver_capa *capa)
7543 {
7544 	struct i802_bss *bss = priv;
7545 	struct wpa_driver_nl80211_data *drv = bss->drv;
7546 
7547 	if (!drv->has_capability)
7548 		return -1;
7549 	os_memcpy(capa, &drv->capa, sizeof(*capa));
7550 	if (drv->extended_capa && drv->extended_capa_mask) {
7551 		capa->extended_capa = drv->extended_capa;
7552 		capa->extended_capa_mask = drv->extended_capa_mask;
7553 		capa->extended_capa_len = drv->extended_capa_len;
7554 	}
7555 
7556 	return 0;
7557 }
7558 
7559 
7560 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
7561 {
7562 	struct i802_bss *bss = priv;
7563 	struct wpa_driver_nl80211_data *drv = bss->drv;
7564 
7565 	wpa_printf(MSG_DEBUG, "nl80211: Set %s operstate %d->%d (%s)",
7566 		   bss->ifname, drv->operstate, state,
7567 		   state ? "UP" : "DORMANT");
7568 	drv->operstate = state;
7569 	return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1,
7570 				      state ? IF_OPER_UP : IF_OPER_DORMANT);
7571 }
7572 
7573 
7574 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
7575 {
7576 	struct i802_bss *bss = priv;
7577 	struct wpa_driver_nl80211_data *drv = bss->drv;
7578 	struct nl_msg *msg;
7579 	struct nl80211_sta_flag_update upd;
7580 	int ret;
7581 	const u8 *connected_addr = drv->sta_mlo_info.valid_links ?
7582 		drv->sta_mlo_info.ap_mld_addr : drv->bssid;
7583 
7584 	if (!drv->associated && is_zero_ether_addr(connected_addr) &&
7585 	    !authorized) {
7586 		wpa_printf(MSG_DEBUG, "nl80211: Skip set_supp_port(unauthorized) while not associated");
7587 		return 0;
7588 	}
7589 
7590 	wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for "
7591 		   MACSTR, authorized ? "" : "un", MAC2STR(connected_addr));
7592 
7593 	os_memset(&upd, 0, sizeof(upd));
7594 	upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
7595 	if (authorized)
7596 		upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
7597 
7598 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
7599 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr) ||
7600 	    nla_put(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd)) {
7601 		nlmsg_free(msg);
7602 		return -ENOBUFS;
7603 	}
7604 
7605 	ret = send_and_recv_cmd(drv, msg);
7606 	if (!ret)
7607 		return 0;
7608 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set STA flag: %d (%s)",
7609 		   ret, strerror(-ret));
7610 	return ret;
7611 }
7612 
7613 
7614 /* Set kernel driver on given frequency (MHz) */
7615 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
7616 {
7617 	struct i802_bss *bss = priv;
7618 	return nl80211_set_channel(bss, freq, 0);
7619 }
7620 
7621 
7622 static inline int min_int(int a, int b)
7623 {
7624 	if (a < b)
7625 		return a;
7626 	return b;
7627 }
7628 
7629 
7630 static int get_key_handler(struct nl_msg *msg, void *arg)
7631 {
7632 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
7633 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
7634 
7635 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
7636 		  genlmsg_attrlen(gnlh, 0), NULL);
7637 
7638 	/*
7639 	 * TODO: validate the key index and mac address!
7640 	 * Otherwise, there's a race condition as soon as
7641 	 * the kernel starts sending key notifications.
7642 	 */
7643 
7644 	if (tb[NL80211_ATTR_KEY_SEQ])
7645 		memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
7646 		       min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
7647 	nl80211_nlmsg_clear(msg);
7648 	return NL_SKIP;
7649 }
7650 
7651 
7652 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
7653 			   int idx, int link_id, u8 *seq)
7654 {
7655 	struct i802_bss *bss = priv;
7656 	struct wpa_driver_nl80211_data *drv = bss->drv;
7657 	struct nl_msg *msg;
7658 	int res;
7659 
7660 	msg = nl80211_ifindex_msg(drv, if_nametoindex(iface), 0,
7661 				  NL80211_CMD_GET_KEY);
7662 	if (!msg ||
7663 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
7664 	    (link_id != NL80211_DRV_LINK_ID_NA &&
7665 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) ||
7666 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, idx)) {
7667 		nlmsg_free(msg);
7668 		return -ENOBUFS;
7669 	}
7670 
7671 	os_memset(seq, 0, 6);
7672 	res = send_and_recv_resp(drv, msg, get_key_handler, seq);
7673 	if (res) {
7674 		wpa_printf(MSG_DEBUG,
7675 			   "nl80211: Failed to get current TX sequence for a key (link_id=%d idx=%d): %d (%s)",
7676 			   link_id, idx, res, strerror(-res));
7677 	}
7678 
7679 	return res;
7680 }
7681 
7682 
7683 static int i802_set_rts(void *priv, int rts)
7684 {
7685 	struct i802_bss *bss = priv;
7686 	struct wpa_driver_nl80211_data *drv = bss->drv;
7687 	struct nl_msg *msg;
7688 	int ret;
7689 	u32 val;
7690 
7691 	if (rts >= 2347 || rts == -1)
7692 		val = (u32) -1;
7693 	else
7694 		val = rts;
7695 
7696 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_WIPHY)) ||
7697 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val)) {
7698 		nlmsg_free(msg);
7699 		return -ENOBUFS;
7700 	}
7701 
7702 	ret = send_and_recv_cmd(drv, msg);
7703 	if (!ret)
7704 		return 0;
7705 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
7706 		   "%d (%s)", rts, ret, strerror(-ret));
7707 	return ret;
7708 }
7709 
7710 
7711 static int i802_set_frag(void *priv, int frag)
7712 {
7713 	struct i802_bss *bss = priv;
7714 	struct wpa_driver_nl80211_data *drv = bss->drv;
7715 	struct nl_msg *msg;
7716 	int ret;
7717 	u32 val;
7718 
7719 	if (frag >= 2346 || frag == -1)
7720 		val = (u32) -1;
7721 	else
7722 		val = frag;
7723 
7724 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_WIPHY)) ||
7725 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val)) {
7726 		nlmsg_free(msg);
7727 		return -ENOBUFS;
7728 	}
7729 
7730 	ret = send_and_recv_cmd(drv, msg);
7731 	if (!ret)
7732 		return 0;
7733 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
7734 		   "%d: %d (%s)", frag, ret, strerror(-ret));
7735 	return ret;
7736 }
7737 
7738 
7739 static int i802_flush(void *priv, int link_id)
7740 {
7741 	struct i802_bss *bss = priv;
7742 	struct nl_msg *msg;
7743 	int res;
7744 
7745 	if (link_id == NL80211_DRV_LINK_ID_NA)
7746 		wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)",
7747 			   bss->ifname);
7748 	else
7749 		wpa_printf(MSG_DEBUG,
7750 			   "nl80211: flush -> DEL_STATION %s (with link %d)",
7751 			   bss->ifname, link_id);
7752 
7753 	/*
7754 	 * XXX: FIX! this needs to flush all VLANs too
7755 	 */
7756 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_STATION);
7757 	if (link_id >= 0 && (bss->valid_links & BIT(link_id)) &&
7758 	    nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
7759 		goto fail;
7760 
7761 	res = send_and_recv_cmd(bss->drv, msg);
7762 	if (res) {
7763 		wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d "
7764 			   "(%s)", res, strerror(-res));
7765 	}
7766 	return res;
7767 fail:
7768 	nlmsg_free(msg);
7769 	return -1;
7770 }
7771 
7772 
7773 static void get_sta_tid_stats(struct hostap_sta_driver_data *data,
7774 			      struct nlattr *attr)
7775 {
7776 	struct nlattr *tid_stats[NL80211_TID_STATS_MAX + 1], *tidattr;
7777 	struct nlattr *txq_stats[NL80211_TXQ_STATS_MAX + 1];
7778 	static struct nla_policy txq_stats_policy[NL80211_TXQ_STATS_MAX + 1] = {
7779 		[NL80211_TXQ_STATS_BACKLOG_BYTES] = { .type = NLA_U32 },
7780 		[NL80211_TXQ_STATS_BACKLOG_PACKETS] = { .type = NLA_U32 },
7781 	};
7782 	int rem;
7783 
7784 	nla_for_each_nested(tidattr, attr, rem) {
7785 		if (nla_parse_nested(tid_stats, NL80211_TID_STATS_MAX,
7786 				     tidattr, NULL) != 0 ||
7787 		    !tid_stats[NL80211_TID_STATS_TXQ_STATS] ||
7788 		    nla_parse_nested(txq_stats, NL80211_TXQ_STATS_MAX,
7789 				     tid_stats[NL80211_TID_STATS_TXQ_STATS],
7790 				     txq_stats_policy) != 0)
7791 			continue;
7792 		/* sum the backlogs over all TIDs for station */
7793 		if (txq_stats[NL80211_TXQ_STATS_BACKLOG_BYTES])
7794 			data->backlog_bytes += nla_get_u32(
7795 				txq_stats[NL80211_TXQ_STATS_BACKLOG_BYTES]);
7796 		if (txq_stats[NL80211_TXQ_STATS_BACKLOG_PACKETS])
7797 			data->backlog_bytes += nla_get_u32(
7798 				txq_stats[NL80211_TXQ_STATS_BACKLOG_PACKETS]);
7799 	}
7800 }
7801 
7802 
7803 static int get_sta_handler(struct nl_msg *msg, void *arg)
7804 {
7805 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
7806 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
7807 	struct hostap_sta_driver_data *data = arg;
7808 	struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
7809 	static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
7810 		[NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
7811 		[NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
7812 		[NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
7813 		[NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
7814 		[NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
7815 		[NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
7816 		[NL80211_STA_INFO_TX_RETRIES] = { .type = NLA_U32 },
7817 		[NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 },
7818 		[NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 },
7819 		[NL80211_STA_INFO_CONNECTED_TIME] = { .type = NLA_U32 },
7820 		[NL80211_STA_INFO_BEACON_LOSS] = { .type = NLA_U32 },
7821 		[NL80211_STA_INFO_RX_BYTES64] = { .type = NLA_U64 },
7822 		[NL80211_STA_INFO_TX_BYTES64] = { .type = NLA_U64 },
7823 		[NL80211_STA_INFO_EXPECTED_THROUGHPUT] = { .type = NLA_U32 },
7824 		[NL80211_STA_INFO_RX_DROP_MISC] = { .type = NLA_U64 },
7825 		[NL80211_STA_INFO_BEACON_RX] = { .type = NLA_U64 },
7826 		[NL80211_STA_INFO_BEACON_SIGNAL_AVG] = { .type = NLA_U8},
7827 		[NL80211_STA_INFO_RX_DURATION] = { .type = NLA_U64 },
7828 		[NL80211_STA_INFO_ACK_SIGNAL] = { .type = NLA_U8 },
7829 		[NL80211_STA_INFO_ACK_SIGNAL_AVG] = { .type = NLA_S8 },
7830 		[NL80211_STA_INFO_RX_MPDUS] = { .type = NLA_U32 },
7831 		[NL80211_STA_INFO_FCS_ERROR_COUNT] = { .type = NLA_U32 },
7832 		[NL80211_STA_INFO_TX_DURATION] = { .type = NLA_U64 },
7833 	};
7834 	struct nlattr *rate[NL80211_RATE_INFO_MAX + 1];
7835 	static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
7836 		[NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
7837 		[NL80211_RATE_INFO_BITRATE32] = { .type = NLA_U32 },
7838 		[NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
7839 		[NL80211_RATE_INFO_VHT_MCS] = { .type = NLA_U8 },
7840 		[NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
7841 		[NL80211_RATE_INFO_VHT_NSS] = { .type = NLA_U8 },
7842 		[NL80211_RATE_INFO_HE_MCS] = { .type = NLA_U8 },
7843 		[NL80211_RATE_INFO_HE_NSS] = { .type = NLA_U8 },
7844 		[NL80211_RATE_INFO_HE_GI] = { .type = NLA_U8 },
7845 		[NL80211_RATE_INFO_HE_DCM] = { .type = NLA_U8 },
7846 	};
7847 
7848 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
7849 		  genlmsg_attrlen(gnlh, 0), NULL);
7850 
7851 	/*
7852 	 * TODO: validate the interface and mac address!
7853 	 * Otherwise, there's a race condition as soon as
7854 	 * the kernel starts sending station notifications.
7855 	 */
7856 
7857 	if (!tb[NL80211_ATTR_STA_INFO]) {
7858 		wpa_printf(MSG_DEBUG, "sta stats missing!");
7859 		return NL_SKIP;
7860 	}
7861 	if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
7862 			     tb[NL80211_ATTR_STA_INFO],
7863 			     stats_policy)) {
7864 		wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
7865 		return NL_SKIP;
7866 	}
7867 
7868 	if (stats[NL80211_STA_INFO_INACTIVE_TIME])
7869 		data->inactive_msec =
7870 			nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
7871 	/* For backwards compatibility, fetch the 32-bit counters first. */
7872 	if (stats[NL80211_STA_INFO_RX_BYTES])
7873 		data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
7874 	if (stats[NL80211_STA_INFO_TX_BYTES])
7875 		data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
7876 	if (stats[NL80211_STA_INFO_RX_BYTES64] &&
7877 	    stats[NL80211_STA_INFO_TX_BYTES64]) {
7878 		/*
7879 		 * The driver supports 64-bit counters, so use them to override
7880 		 * the 32-bit values.
7881 		 */
7882 		data->rx_bytes =
7883 			nla_get_u64(stats[NL80211_STA_INFO_RX_BYTES64]);
7884 		data->tx_bytes =
7885 			nla_get_u64(stats[NL80211_STA_INFO_TX_BYTES64]);
7886 		data->bytes_64bit = 1;
7887 	}
7888 	if (stats[NL80211_STA_INFO_SIGNAL])
7889 		data->signal = (s8) nla_get_u8(stats[NL80211_STA_INFO_SIGNAL]);
7890 	if (stats[NL80211_STA_INFO_RX_PACKETS])
7891 		data->rx_packets =
7892 			nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
7893 	if (stats[NL80211_STA_INFO_TX_PACKETS])
7894 		data->tx_packets =
7895 			nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
7896 	if (stats[NL80211_STA_INFO_TX_RETRIES])
7897 		data->tx_retry_count =
7898 			nla_get_u32(stats[NL80211_STA_INFO_TX_RETRIES]);
7899 	if (stats[NL80211_STA_INFO_TX_FAILED])
7900 		data->tx_retry_failed =
7901 			nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]);
7902 	if (stats[NL80211_STA_INFO_SIGNAL_AVG])
7903 		data->avg_signal =
7904 			(s8) nla_get_u8(stats[NL80211_STA_INFO_SIGNAL_AVG]);
7905 	if (stats[NL80211_STA_INFO_CONNECTED_TIME]) {
7906 		data->connected_sec =
7907 			nla_get_u32(stats[NL80211_STA_INFO_CONNECTED_TIME]);
7908 		data->flags |= STA_DRV_DATA_CONN_TIME;
7909 	}
7910 	if (stats[NL80211_STA_INFO_BEACON_LOSS])
7911 		data->beacon_loss_count =
7912 			nla_get_u32(stats[NL80211_STA_INFO_BEACON_LOSS]);
7913 	if (stats[NL80211_STA_INFO_EXPECTED_THROUGHPUT])
7914 		data->expected_throughput =
7915 			nla_get_u32(stats[NL80211_STA_INFO_EXPECTED_THROUGHPUT]);
7916 	if (stats[NL80211_STA_INFO_RX_DROP_MISC])
7917 		data->rx_drop_misc =
7918 			nla_get_u64(stats[NL80211_STA_INFO_RX_DROP_MISC]);
7919 	if (stats[NL80211_STA_INFO_BEACON_RX])
7920 		data->beacons_count =
7921 			nla_get_u64(stats[NL80211_STA_INFO_BEACON_RX]);
7922 	if (stats[NL80211_STA_INFO_BEACON_SIGNAL_AVG])
7923 		data->avg_beacon_signal =
7924 			(s8) nla_get_u8(stats[NL80211_STA_INFO_BEACON_SIGNAL_AVG]);
7925 	if (stats[NL80211_STA_INFO_RX_DURATION])
7926 		data->rx_airtime =
7927 			nla_get_u64(stats[NL80211_STA_INFO_RX_DURATION]);
7928 	if (stats[NL80211_STA_INFO_ACK_SIGNAL]) {
7929 		data->last_ack_rssi =
7930 			nla_get_u8(stats[NL80211_STA_INFO_ACK_SIGNAL]);
7931 		data->flags |= STA_DRV_DATA_LAST_ACK_RSSI;
7932 	}
7933 	if (stats[NL80211_STA_INFO_ACK_SIGNAL_AVG])
7934 		data->avg_ack_signal =
7935 			nla_get_s8(stats[NL80211_STA_INFO_ACK_SIGNAL_AVG]);
7936 	if (stats[NL80211_STA_INFO_RX_MPDUS])
7937 		data->rx_mpdus = nla_get_u32(stats[NL80211_STA_INFO_RX_MPDUS]);
7938 	if (stats[NL80211_STA_INFO_FCS_ERROR_COUNT])
7939 		data->fcs_error_count =
7940 			nla_get_u32(stats[NL80211_STA_INFO_FCS_ERROR_COUNT]);
7941 	if (stats[NL80211_STA_INFO_TX_DURATION])
7942 		data->tx_airtime =
7943 			nla_get_u64(stats[NL80211_STA_INFO_TX_DURATION]);
7944 
7945 	if (stats[NL80211_STA_INFO_TX_BITRATE] &&
7946 	    nla_parse_nested(rate, NL80211_RATE_INFO_MAX,
7947 			     stats[NL80211_STA_INFO_TX_BITRATE],
7948 			     rate_policy) == 0) {
7949 		if (rate[NL80211_RATE_INFO_BITRATE32])
7950 			data->current_tx_rate =
7951 				nla_get_u32(rate[NL80211_RATE_INFO_BITRATE32]);
7952 		else if (rate[NL80211_RATE_INFO_BITRATE])
7953 			data->current_tx_rate =
7954 				nla_get_u16(rate[NL80211_RATE_INFO_BITRATE]);
7955 
7956 		/* Convert from 100 kbps to kbps; it's a more convenient unit.
7957 		 * It's also safe up until ~1Tbps. */
7958 		data->current_tx_rate = data->current_tx_rate * 100;
7959 
7960 		if (rate[NL80211_RATE_INFO_MCS]) {
7961 			data->tx_mcs = nla_get_u8(rate[NL80211_RATE_INFO_MCS]);
7962 			data->flags |= STA_DRV_DATA_TX_MCS;
7963 		}
7964 		if (rate[NL80211_RATE_INFO_VHT_MCS]) {
7965 			data->tx_vhtmcs =
7966 				nla_get_u8(rate[NL80211_RATE_INFO_VHT_MCS]);
7967 			data->flags |= STA_DRV_DATA_TX_VHT_MCS;
7968 		}
7969 		if (rate[NL80211_RATE_INFO_SHORT_GI]) {
7970 			data->tx_guard_interval = GUARD_INTERVAL_0_4;
7971 			data->flags |= STA_DRV_DATA_TX_SHORT_GI;
7972 		}
7973 		if (rate[NL80211_RATE_INFO_VHT_NSS]) {
7974 			data->tx_vht_nss =
7975 				nla_get_u8(rate[NL80211_RATE_INFO_VHT_NSS]);
7976 			data->flags |= STA_DRV_DATA_TX_VHT_NSS;
7977 		}
7978 		if (rate[NL80211_RATE_INFO_HE_MCS]) {
7979 			data->tx_hemcs =
7980 				nla_get_u8(rate[NL80211_RATE_INFO_HE_MCS]);
7981 			data->flags |= STA_DRV_DATA_TX_HE_MCS;
7982 		}
7983 		if (rate[NL80211_RATE_INFO_HE_NSS]) {
7984 			data->tx_he_nss =
7985 				nla_get_u8(rate[NL80211_RATE_INFO_HE_NSS]);
7986 			data->flags |= STA_DRV_DATA_TX_HE_NSS;
7987 		}
7988 		if (rate[NL80211_RATE_INFO_HE_GI]) {
7989 			switch (nla_get_u8(rate[NL80211_RATE_INFO_HE_GI])) {
7990 			case NL80211_RATE_INFO_HE_GI_0_8:
7991 				data->tx_guard_interval = GUARD_INTERVAL_0_8;
7992 				break;
7993 			case NL80211_RATE_INFO_HE_GI_1_6:
7994 				data->tx_guard_interval = GUARD_INTERVAL_1_6;
7995 				break;
7996 			case NL80211_RATE_INFO_HE_GI_3_2:
7997 				data->tx_guard_interval = GUARD_INTERVAL_3_2;
7998 				break;
7999 			}
8000 			data->flags |= STA_DRV_DATA_TX_HE_GI;
8001 		}
8002 		if (rate[NL80211_RATE_INFO_HE_DCM]) {
8003 			data->tx_dcm =
8004 				nla_get_u8(rate[NL80211_RATE_INFO_HE_DCM]);
8005 			data->flags |= STA_DRV_DATA_TX_HE_DCM;
8006 		}
8007 	}
8008 
8009 	if (stats[NL80211_STA_INFO_RX_BITRATE] &&
8010 	    nla_parse_nested(rate, NL80211_RATE_INFO_MAX,
8011 			     stats[NL80211_STA_INFO_RX_BITRATE],
8012 			     rate_policy) == 0) {
8013 		if (rate[NL80211_RATE_INFO_BITRATE32])
8014 			data->current_rx_rate =
8015 				nla_get_u32(rate[NL80211_RATE_INFO_BITRATE32]);
8016 		else if (rate[NL80211_RATE_INFO_BITRATE])
8017 			data->current_rx_rate =
8018 				nla_get_u16(rate[NL80211_RATE_INFO_BITRATE]);
8019 
8020 		/* Convert from 100 kbps to kbps; it's a more convenient unit.
8021 		 * It's also safe up until ~1Tbps. */
8022 		data->current_rx_rate = data->current_rx_rate * 100;
8023 
8024 		if (rate[NL80211_RATE_INFO_MCS]) {
8025 			data->rx_mcs = nla_get_u8(rate[NL80211_RATE_INFO_MCS]);
8026 			data->flags |= STA_DRV_DATA_RX_MCS;
8027 		}
8028 		if (rate[NL80211_RATE_INFO_VHT_MCS]) {
8029 			data->rx_vhtmcs =
8030 				nla_get_u8(rate[NL80211_RATE_INFO_VHT_MCS]);
8031 			data->flags |= STA_DRV_DATA_RX_VHT_MCS;
8032 		}
8033 		if (rate[NL80211_RATE_INFO_SHORT_GI]) {
8034 			data->rx_guard_interval = GUARD_INTERVAL_0_4;
8035 			data->flags |= STA_DRV_DATA_RX_SHORT_GI;
8036 		}
8037 		if (rate[NL80211_RATE_INFO_VHT_NSS]) {
8038 			data->rx_vht_nss =
8039 				nla_get_u8(rate[NL80211_RATE_INFO_VHT_NSS]);
8040 			data->flags |= STA_DRV_DATA_RX_VHT_NSS;
8041 		}
8042 		if (rate[NL80211_RATE_INFO_HE_MCS]) {
8043 			data->rx_hemcs =
8044 				nla_get_u8(rate[NL80211_RATE_INFO_HE_MCS]);
8045 			data->flags |= STA_DRV_DATA_RX_HE_MCS;
8046 		}
8047 		if (rate[NL80211_RATE_INFO_HE_NSS]) {
8048 			data->rx_he_nss =
8049 				nla_get_u8(rate[NL80211_RATE_INFO_HE_NSS]);
8050 			data->flags |= STA_DRV_DATA_RX_HE_NSS;
8051 		}
8052 		if (rate[NL80211_RATE_INFO_HE_GI]) {
8053 			switch (nla_get_u8(rate[NL80211_RATE_INFO_HE_GI])) {
8054 			case NL80211_RATE_INFO_HE_GI_0_8:
8055 				data->rx_guard_interval = GUARD_INTERVAL_0_8;
8056 				break;
8057 			case NL80211_RATE_INFO_HE_GI_1_6:
8058 				data->rx_guard_interval = GUARD_INTERVAL_1_6;
8059 				break;
8060 			case NL80211_RATE_INFO_HE_GI_3_2:
8061 				data->rx_guard_interval = GUARD_INTERVAL_3_2;
8062 				break;
8063 			}
8064 			data->flags |= STA_DRV_DATA_RX_HE_GI;
8065 		}
8066 		if (rate[NL80211_RATE_INFO_HE_DCM]) {
8067 			data->rx_dcm =
8068 				nla_get_u8(rate[NL80211_RATE_INFO_HE_DCM]);
8069 			data->flags |= STA_DRV_DATA_RX_HE_DCM;
8070 		}
8071 	}
8072 
8073 	if (stats[NL80211_STA_INFO_TID_STATS])
8074 		get_sta_tid_stats(data, stats[NL80211_STA_INFO_TID_STATS]);
8075 
8076 	return NL_SKIP;
8077 }
8078 
8079 
8080 int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
8081 			    const u8 *bssid,
8082 			    struct hostap_sta_driver_data *data)
8083 {
8084 	struct nl_msg *msg;
8085 
8086 	data->signal = -WPA_INVALID_NOISE;
8087 	data->current_tx_rate = 0;
8088 
8089 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_STATION)) ||
8090 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) {
8091 		nlmsg_free(msg);
8092 		return -ENOBUFS;
8093 	}
8094 
8095 	return send_and_recv_resp(drv, msg, get_sta_handler, data);
8096 }
8097 
8098 
8099 static int i802_read_sta_data(struct i802_bss *bss,
8100 			      struct hostap_sta_driver_data *data,
8101 			      const u8 *addr)
8102 {
8103 	struct nl_msg *msg;
8104 
8105 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_GET_STATION)) ||
8106 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
8107 		nlmsg_free(msg);
8108 		return -ENOBUFS;
8109 	}
8110 
8111 	return send_and_recv_resp(bss->drv, msg, get_sta_handler, data);
8112 }
8113 
8114 
8115 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
8116 				    int cw_min, int cw_max, int burst_time,
8117 				    int link_id)
8118 {
8119 	struct i802_bss *bss = priv;
8120 	struct wpa_driver_nl80211_data *drv = bss->drv;
8121 	struct nl_msg *msg;
8122 	struct nlattr *txq, *params;
8123 	int res;
8124 
8125 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_WIPHY);
8126 	if (!msg)
8127 		return -1;
8128 
8129 	txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
8130 	if (!txq)
8131 		goto fail;
8132 
8133 	/* We are only sending parameters for a single TXQ at a time */
8134 	params = nla_nest_start(msg, 1);
8135 	if (!params)
8136 		goto fail;
8137 
8138 	switch (queue) {
8139 	case 0:
8140 		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO))
8141 			goto fail;
8142 		break;
8143 	case 1:
8144 		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI))
8145 			goto fail;
8146 		break;
8147 	case 2:
8148 		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE))
8149 			goto fail;
8150 		break;
8151 	case 3:
8152 		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK))
8153 			goto fail;
8154 		break;
8155 	}
8156 	/* Burst time is configured in units of 0.1 msec and TXOP parameter in
8157 	 * 32 usec, so need to convert the value here. */
8158 	if (nla_put_u16(msg, NL80211_TXQ_ATTR_TXOP,
8159 			(burst_time * 100 + 16) / 32) ||
8160 	    nla_put_u16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min) ||
8161 	    nla_put_u16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max) ||
8162 	    nla_put_u8(msg, NL80211_TXQ_ATTR_AIFS, aifs))
8163 		goto fail;
8164 
8165 	nla_nest_end(msg, params);
8166 
8167 	nla_nest_end(msg, txq);
8168 
8169 	if (link_id != NL80211_DRV_LINK_ID_NA &&
8170 	    nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
8171 		goto fail;
8172 
8173 	res = send_and_recv_cmd(drv, msg);
8174 	wpa_printf(MSG_DEBUG,
8175 		   "nl80211: link=%d: TX queue param set: queue=%d aifs=%d cw_min=%d cw_max=%d burst_time=%d --> res=%d",
8176 		   link_id, queue, aifs, cw_min, cw_max, burst_time, res);
8177 	if (res == 0)
8178 		return 0;
8179 	msg = NULL;
8180 fail:
8181 	nlmsg_free(msg);
8182 	return -1;
8183 }
8184 
8185 
8186 static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr,
8187 			     const char *ifname, int vlan_id, int link_id)
8188 {
8189 	struct wpa_driver_nl80211_data *drv = bss->drv;
8190 	struct nl_msg *msg;
8191 	int ret;
8192 
8193 	wpa_printf(MSG_DEBUG, "nl80211: %s[%d]: set_sta_vlan(" MACSTR
8194 		   ", ifname=%s[%d], vlan_id=%d)",
8195 		   bss->ifname, if_nametoindex(bss->ifname),
8196 		   MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id);
8197 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
8198 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
8199 	    (vlan_id && (drv->capa.flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD) &&
8200 	     nla_put_u16(msg, NL80211_ATTR_VLAN_ID, vlan_id)) ||
8201 	    (link_id != NL80211_DRV_LINK_ID_NA &&
8202 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) ||
8203 	    nla_put_u32(msg, NL80211_ATTR_STA_VLAN, if_nametoindex(ifname))) {
8204 		nlmsg_free(msg);
8205 		return -ENOBUFS;
8206 	}
8207 
8208 	ret = send_and_recv_cmd(drv, msg);
8209 	if (ret < 0) {
8210 		wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
8211 			   MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
8212 			   MAC2STR(addr), ifname, vlan_id, ret,
8213 			   strerror(-ret));
8214 	}
8215 	return ret;
8216 }
8217 
8218 
8219 static int i802_get_inact_sec(void *priv, const u8 *addr)
8220 {
8221 	struct hostap_sta_driver_data data;
8222 	int ret;
8223 
8224 	os_memset(&data, 0, sizeof(data));
8225 	data.inactive_msec = (unsigned long) -1;
8226 	ret = i802_read_sta_data(priv, &data, addr);
8227 	if (ret == -ENOENT)
8228 		return -ENOENT;
8229 	if (ret || data.inactive_msec == (unsigned long) -1)
8230 		return -1;
8231 	return data.inactive_msec / 1000;
8232 }
8233 
8234 
8235 static int i802_sta_clear_stats(void *priv, const u8 *addr)
8236 {
8237 #if 0
8238 	/* TODO */
8239 #endif
8240 	return 0;
8241 }
8242 
8243 
8244 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
8245 			   u16 reason, int link_id)
8246 {
8247 	struct i802_bss *bss = priv;
8248 	struct wpa_driver_nl80211_data *drv = bss->drv;
8249 	struct ieee80211_mgmt mgmt;
8250 	u8 channel;
8251 	struct i802_link *link = nl80211_get_link(bss, link_id);
8252 
8253 	if (ieee80211_freq_to_chan(link->freq, &channel) ==
8254 	    HOSTAPD_MODE_IEEE80211AD) {
8255 		/* Deauthentication is not used in DMG/IEEE 802.11ad;
8256 		 * disassociate the STA instead. */
8257 		return i802_sta_disassoc(priv, own_addr, addr, reason);
8258 	}
8259 
8260 	if (is_mesh_interface(drv->nlmode))
8261 		return -1;
8262 
8263 	if (drv->device_ap_sme)
8264 		return wpa_driver_nl80211_sta_remove(bss, addr, 1, reason);
8265 
8266 	memset(&mgmt, 0, sizeof(mgmt));
8267 	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
8268 					  WLAN_FC_STYPE_DEAUTH);
8269 	memcpy(mgmt.da, addr, ETH_ALEN);
8270 	memcpy(mgmt.sa, own_addr, ETH_ALEN);
8271 	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
8272 	mgmt.u.deauth.reason_code = host_to_le16(reason);
8273 	return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
8274 					    IEEE80211_HDRLEN +
8275 					    sizeof(mgmt.u.deauth), 0, 0, 0, 0,
8276 					    0, NULL, 0, 0, link_id);
8277 }
8278 
8279 
8280 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
8281 			     u16 reason)
8282 {
8283 	struct i802_bss *bss = priv;
8284 	struct wpa_driver_nl80211_data *drv = bss->drv;
8285 	struct ieee80211_mgmt mgmt;
8286 
8287 	if (is_mesh_interface(drv->nlmode))
8288 		return -1;
8289 
8290 	if (drv->device_ap_sme)
8291 		return wpa_driver_nl80211_sta_remove(bss, addr, 0, reason);
8292 
8293 	memset(&mgmt, 0, sizeof(mgmt));
8294 	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
8295 					  WLAN_FC_STYPE_DISASSOC);
8296 	memcpy(mgmt.da, addr, ETH_ALEN);
8297 	memcpy(mgmt.sa, own_addr, ETH_ALEN);
8298 	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
8299 	mgmt.u.disassoc.reason_code = host_to_le16(reason);
8300 	return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
8301 					    IEEE80211_HDRLEN +
8302 					    sizeof(mgmt.u.disassoc), 0, 0, 0, 0,
8303 					    0, NULL, 0, 0, -1);
8304 }
8305 
8306 
8307 static void dump_ifidx(struct wpa_driver_nl80211_data *drv)
8308 {
8309 	char buf[200], *pos, *end;
8310 	int i, res;
8311 
8312 	pos = buf;
8313 	end = pos + sizeof(buf);
8314 
8315 	for (i = 0; i < drv->num_if_indices; i++) {
8316 		if (!drv->if_indices[i].ifindex)
8317 			continue;
8318 		res = os_snprintf(pos, end - pos, " %d(%d)",
8319 				  drv->if_indices[i].ifindex,
8320 				  drv->if_indices[i].reason);
8321 		if (os_snprintf_error(end - pos, res))
8322 			break;
8323 		pos += res;
8324 	}
8325 	*pos = '\0';
8326 
8327 	wpa_printf(MSG_DEBUG, "nl80211: if_indices[%d]:%s",
8328 		   drv->num_if_indices, buf);
8329 }
8330 
8331 
8332 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
8333 		      int ifidx_reason)
8334 {
8335 	int i;
8336 	struct drv_nl80211_if_info *old;
8337 
8338 	wpa_printf(MSG_DEBUG,
8339 		   "nl80211: Add own interface ifindex %d (ifidx_reason %d)",
8340 		   ifidx, ifidx_reason);
8341 	if (have_ifidx(drv, ifidx, ifidx_reason)) {
8342 		wpa_printf(MSG_DEBUG, "nl80211: ifindex %d already in the list",
8343 			   ifidx);
8344 		return;
8345 	}
8346 	for (i = 0; i < drv->num_if_indices; i++) {
8347 		if (drv->if_indices[i].ifindex == 0) {
8348 			drv->if_indices[i].ifindex = ifidx;
8349 			drv->if_indices[i].reason = ifidx_reason;
8350 			dump_ifidx(drv);
8351 			return;
8352 		}
8353 	}
8354 
8355 	if (drv->if_indices != drv->default_if_indices)
8356 		old = drv->if_indices;
8357 	else
8358 		old = NULL;
8359 
8360 	drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1,
8361 					   sizeof(*old));
8362 	if (!drv->if_indices) {
8363 		if (!old)
8364 			drv->if_indices = drv->default_if_indices;
8365 		else
8366 			drv->if_indices = old;
8367 		wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
8368 			   "interfaces");
8369 		wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
8370 		return;
8371 	}
8372 	if (!old)
8373 		os_memcpy(drv->if_indices, drv->default_if_indices,
8374 			  sizeof(drv->default_if_indices));
8375 	drv->if_indices[drv->num_if_indices].ifindex = ifidx;
8376 	drv->if_indices[drv->num_if_indices].reason = ifidx_reason;
8377 	drv->num_if_indices++;
8378 	dump_ifidx(drv);
8379 }
8380 
8381 
8382 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
8383 		      int ifidx_reason)
8384 {
8385 	int i;
8386 
8387 	for (i = 0; i < drv->num_if_indices; i++) {
8388 		if ((drv->if_indices[i].ifindex == ifidx ||
8389 		     ifidx == IFIDX_ANY) &&
8390 		    (drv->if_indices[i].reason == ifidx_reason ||
8391 		     ifidx_reason == IFIDX_ANY)) {
8392 			drv->if_indices[i].ifindex = 0;
8393 			drv->if_indices[i].reason = 0;
8394 			break;
8395 		}
8396 	}
8397 	dump_ifidx(drv);
8398 }
8399 
8400 
8401 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
8402 		      int ifidx_reason)
8403 {
8404 	int i;
8405 
8406 	for (i = 0; i < drv->num_if_indices; i++)
8407 		if (drv->if_indices[i].ifindex == ifidx &&
8408 		    (drv->if_indices[i].reason == ifidx_reason ||
8409 		     ifidx_reason == IFIDX_ANY))
8410 			return 1;
8411 
8412 	return 0;
8413 }
8414 
8415 
8416 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val,
8417 			    const char *bridge_ifname, char *ifname_wds)
8418 {
8419 	struct i802_bss *bss = priv;
8420 	struct wpa_driver_nl80211_data *drv = bss->drv;
8421 	char name[IFNAMSIZ + 1];
8422 	union wpa_event_data event;
8423 	int ret;
8424 
8425 	ret = os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
8426 	if (ret >= (int) sizeof(name))
8427 		wpa_printf(MSG_WARNING,
8428 			   "nl80211: WDS interface name was truncated");
8429 	else if (ret < 0)
8430 		return ret;
8431 
8432 	if (ifname_wds)
8433 		os_strlcpy(ifname_wds, name, IFNAMSIZ + 1);
8434 
8435 	wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
8436 		   " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
8437 	if (val) {
8438 		if (!if_nametoindex(name)) {
8439 			if (nl80211_create_iface(drv, name,
8440 						 NL80211_IFTYPE_AP_VLAN,
8441 						 bss->addr, 1, NULL, NULL, 0) <
8442 			    0)
8443 				return -1;
8444 			if (bridge_ifname &&
8445 			    linux_br_add_if(drv->global->ioctl_sock,
8446 					    bridge_ifname, name) < 0)
8447 				return -1;
8448 
8449 			os_memset(&event, 0, sizeof(event));
8450 			event.wds_sta_interface.sta_addr = addr;
8451 			event.wds_sta_interface.ifname = name;
8452 			event.wds_sta_interface.istatus = INTERFACE_ADDED;
8453 			wpa_supplicant_event(bss->ctx,
8454 					     EVENT_WDS_STA_INTERFACE_STATUS,
8455 					     &event);
8456 		}
8457 		if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) {
8458 			wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA "
8459 				   "interface %s up", name);
8460 		}
8461 		return i802_set_sta_vlan(priv, addr, name, 0,
8462 					 NL80211_DRV_LINK_ID_NA);
8463 	} else {
8464 		if (bridge_ifname &&
8465 		    linux_br_del_if(drv->global->ioctl_sock, bridge_ifname,
8466 				    name) < 0)
8467 			wpa_printf(MSG_INFO,
8468 				   "nl80211: Failed to remove interface %s from bridge %s: %s",
8469 				   name, bridge_ifname, strerror(errno));
8470 
8471 		i802_set_sta_vlan(priv, addr, bss->ifname, 0,
8472 				  NL80211_DRV_LINK_ID_NA);
8473 		nl80211_remove_iface(drv, if_nametoindex(name));
8474 		os_memset(&event, 0, sizeof(event));
8475 		event.wds_sta_interface.sta_addr = addr;
8476 		event.wds_sta_interface.ifname = name;
8477 		event.wds_sta_interface.istatus = INTERFACE_REMOVED;
8478 		wpa_supplicant_event(bss->ctx, EVENT_WDS_STA_INTERFACE_STATUS,
8479 				     &event);
8480 		return 0;
8481 	}
8482 }
8483 
8484 
8485 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
8486 {
8487 	struct wpa_driver_nl80211_data *drv = eloop_ctx;
8488 	struct sockaddr_ll lladdr;
8489 	unsigned char buf[3000];
8490 	int len;
8491 	socklen_t fromlen = sizeof(lladdr);
8492 
8493 	len = recvfrom(sock, buf, sizeof(buf), 0,
8494 		       (struct sockaddr *)&lladdr, &fromlen);
8495 	if (len < 0) {
8496 		wpa_printf(MSG_ERROR, "nl80211: EAPOL recv failed: %s",
8497 			   strerror(errno));
8498 		return;
8499 	}
8500 
8501 	if (have_ifidx(drv, lladdr.sll_ifindex, IFIDX_ANY))
8502 		drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
8503 }
8504 
8505 
8506 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
8507 			     struct i802_bss *bss,
8508 			     const char *brname, const char *ifname)
8509 {
8510 	int br_ifindex;
8511 	char in_br[IFNAMSIZ];
8512 
8513 	os_strlcpy(bss->brname, brname, IFNAMSIZ);
8514 	br_ifindex = if_nametoindex(brname);
8515 	if (br_ifindex == 0) {
8516 		/*
8517 		 * Bridge was configured, but the bridge device does
8518 		 * not exist. Try to add it now.
8519 		 */
8520 		if (linux_br_add(drv->global->ioctl_sock, brname) < 0) {
8521 			wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
8522 				   "bridge interface %s: %s",
8523 				   brname, strerror(errno));
8524 			return -1;
8525 		}
8526 		bss->added_bridge = 1;
8527 		br_ifindex = if_nametoindex(brname);
8528 		add_ifidx(drv, br_ifindex, drv->ifindex);
8529 	}
8530 	bss->br_ifindex = br_ifindex;
8531 
8532 	if (linux_br_get(in_br, ifname) == 0) {
8533 		if (os_strcmp(in_br, brname) == 0) {
8534 			bss->already_in_bridge = 1;
8535 			return 0; /* already in the bridge */
8536 		}
8537 
8538 		wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
8539 			   "bridge %s", ifname, in_br);
8540 		if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) <
8541 		    0) {
8542 			wpa_printf(MSG_ERROR, "nl80211: Failed to "
8543 				   "remove interface %s from bridge "
8544 				   "%s: %s",
8545 				   ifname, in_br, strerror(errno));
8546 			return -1;
8547 		}
8548 	}
8549 
8550 	wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
8551 		   ifname, brname);
8552 	if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) {
8553 		wpa_printf(MSG_WARNING,
8554 			   "nl80211: Failed to add interface %s into bridge %s: %s",
8555 			   ifname, brname, strerror(errno));
8556 		/* Try to continue without the interface being in a bridge. This
8557 		 * may be needed for some cases, e.g., with Open vSwitch, where
8558 		 * an external component will need to handle bridge
8559 		 * configuration. */
8560 		return 0;
8561 	}
8562 	bss->added_if_into_bridge = 1;
8563 
8564 	return 0;
8565 }
8566 
8567 
8568 static void *i802_init(struct hostapd_data *hapd,
8569 		       struct wpa_init_params *params)
8570 {
8571 	struct wpa_driver_nl80211_data *drv;
8572 	struct i802_bss *bss;
8573 	size_t i;
8574 	char master_ifname[IFNAMSIZ];
8575 	int ifindex, br_ifindex = 0;
8576 	int br_added = 0;
8577 
8578 	bss = wpa_driver_nl80211_drv_init(hapd, params->ifname,
8579 					  params->global_priv, 1,
8580 					  params->bssid, params->driver_params);
8581 	if (bss == NULL)
8582 		return NULL;
8583 
8584 	drv = bss->drv;
8585 
8586 	if (linux_br_get(master_ifname, params->ifname) == 0) {
8587 		wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
8588 			   params->ifname, master_ifname);
8589 		br_ifindex = if_nametoindex(master_ifname);
8590 		os_strlcpy(bss->brname, master_ifname, IFNAMSIZ);
8591 	} else if ((params->num_bridge == 0 || !params->bridge[0]) &&
8592 		   linux_master_get(master_ifname, params->ifname) == 0) {
8593 		wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in master %s",
8594 			params->ifname, master_ifname);
8595 		/* start listening for EAPOL on the master interface */
8596 		add_ifidx(drv, if_nametoindex(master_ifname), drv->ifindex);
8597 
8598 		/* check if master itself is under bridge */
8599 		if (linux_br_get(master_ifname, master_ifname) == 0) {
8600 			wpa_printf(MSG_DEBUG, "nl80211: which is in bridge %s",
8601 				   master_ifname);
8602 			br_ifindex = if_nametoindex(master_ifname);
8603 			os_strlcpy(bss->brname, master_ifname, IFNAMSIZ);
8604 		}
8605 	} else {
8606 		master_ifname[0] = '\0';
8607 	}
8608 
8609 	bss->br_ifindex = br_ifindex;
8610 
8611 	for (i = 0; i < params->num_bridge; i++) {
8612 		if (params->bridge[i]) {
8613 			ifindex = if_nametoindex(params->bridge[i]);
8614 			if (ifindex)
8615 				add_ifidx(drv, ifindex, drv->ifindex);
8616 			if (ifindex == br_ifindex)
8617 				br_added = 1;
8618 		}
8619 	}
8620 
8621 	/* start listening for EAPOL on the default AP interface */
8622 	add_ifidx(drv, drv->ifindex, IFIDX_ANY);
8623 
8624 	if (params->num_bridge && params->bridge[0]) {
8625 		if (i802_check_bridge(drv, bss, params->bridge[0],
8626 				      params->ifname) < 0)
8627 			goto failed;
8628 		if (os_strcmp(params->bridge[0], master_ifname) != 0)
8629 			br_added = 1;
8630 	}
8631 
8632 	if (!br_added && br_ifindex &&
8633 	    (params->num_bridge == 0 || !params->bridge[0]))
8634 		add_ifidx(drv, br_ifindex, drv->ifindex);
8635 
8636 	if (bss->added_if_into_bridge || bss->already_in_bridge) {
8637 		int err;
8638 
8639 		drv->rtnl_sk = nl_socket_alloc();
8640 		if (drv->rtnl_sk == NULL) {
8641 			wpa_printf(MSG_ERROR, "nl80211: Failed to allocate nl_sock");
8642 			goto failed;
8643 		}
8644 
8645 		err = nl_connect(drv->rtnl_sk, NETLINK_ROUTE);
8646 		if (err) {
8647 			wpa_printf(MSG_ERROR, "nl80211: Failed to connect nl_sock to NETLINK_ROUTE: %s",
8648 				   nl_geterror(err));
8649 			goto failed;
8650 		}
8651 	}
8652 
8653 	if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
8654 		wpa_printf(MSG_DEBUG,
8655 			   "nl80211: Do not open EAPOL RX socket - using control port for RX");
8656 		goto skip_eapol_sock;
8657 	}
8658 
8659 	drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
8660 	if (drv->eapol_sock < 0) {
8661 		wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s",
8662 			   strerror(errno));
8663 		goto failed;
8664 	}
8665 
8666 	if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
8667 	{
8668 		wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol");
8669 		goto failed;
8670 	}
8671 skip_eapol_sock:
8672 
8673 	if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
8674 			       params->own_addr))
8675 		goto failed;
8676 	os_memcpy(drv->perm_addr, params->own_addr, ETH_ALEN);
8677 
8678 	memcpy(bss->addr, params->own_addr, ETH_ALEN);
8679 
8680 	return bss;
8681 
8682 failed:
8683 	wpa_driver_nl80211_deinit(bss);
8684 	return NULL;
8685 }
8686 
8687 
8688 static void i802_deinit(void *priv)
8689 {
8690 	struct i802_bss *bss = priv;
8691 	wpa_driver_nl80211_deinit(bss);
8692 }
8693 
8694 
8695 static enum nl80211_iftype wpa_driver_nl80211_if_type(
8696 	enum wpa_driver_if_type type)
8697 {
8698 	switch (type) {
8699 	case WPA_IF_STATION:
8700 		return NL80211_IFTYPE_STATION;
8701 	case WPA_IF_P2P_CLIENT:
8702 	case WPA_IF_P2P_GROUP:
8703 		return NL80211_IFTYPE_P2P_CLIENT;
8704 	case WPA_IF_AP_VLAN:
8705 		return NL80211_IFTYPE_AP_VLAN;
8706 	case WPA_IF_AP_BSS:
8707 		return NL80211_IFTYPE_AP;
8708 	case WPA_IF_P2P_GO:
8709 		return NL80211_IFTYPE_P2P_GO;
8710 	case WPA_IF_P2P_DEVICE:
8711 		return NL80211_IFTYPE_P2P_DEVICE;
8712 	case WPA_IF_MESH:
8713 		return NL80211_IFTYPE_MESH_POINT;
8714 	default:
8715 		return -1;
8716 	}
8717 }
8718 
8719 
8720 static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
8721 {
8722 	struct wpa_driver_nl80211_data *drv;
8723 	dl_list_for_each(drv, &global->interfaces,
8724 			 struct wpa_driver_nl80211_data, list) {
8725 		if (ether_addr_equal(addr, drv->first_bss->addr))
8726 			return 1;
8727 	}
8728 	return 0;
8729 }
8730 
8731 
8732 static int nl80211_vif_addr(struct wpa_driver_nl80211_data *drv, u8 *new_addr)
8733 {
8734 	unsigned int idx;
8735 
8736 	if (!drv->global)
8737 		return -1;
8738 
8739 	os_memcpy(new_addr, drv->first_bss->addr, ETH_ALEN);
8740 	for (idx = 0; idx < 64; idx++) {
8741 		new_addr[0] = drv->first_bss->addr[0] | 0x02;
8742 		new_addr[0] ^= idx << 2;
8743 		if (!nl80211_addr_in_use(drv->global, new_addr))
8744 			break;
8745 	}
8746 	if (idx == 64)
8747 		return -1;
8748 
8749 	wpa_printf(MSG_DEBUG, "nl80211: Assigned new virtual interface address "
8750 		   MACSTR, MAC2STR(new_addr));
8751 
8752 	return 0;
8753 }
8754 
8755 
8756 struct wdev_info {
8757 	u64 wdev_id;
8758 	int wdev_id_set;
8759 	u8 macaddr[ETH_ALEN];
8760 };
8761 
8762 static int nl80211_wdev_handler(struct nl_msg *msg, void *arg)
8763 {
8764 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
8765 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
8766 	struct wdev_info *wi = arg;
8767 
8768 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
8769 		  genlmsg_attrlen(gnlh, 0), NULL);
8770 	if (tb[NL80211_ATTR_WDEV]) {
8771 		wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
8772 		wi->wdev_id_set = 1;
8773 	}
8774 
8775 	if (tb[NL80211_ATTR_MAC])
8776 		os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
8777 			  ETH_ALEN);
8778 
8779 	return NL_SKIP;
8780 }
8781 
8782 
8783 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
8784 				     const char *ifname, const u8 *addr,
8785 				     void *bss_ctx, void **drv_priv,
8786 				     char *force_ifname, u8 *if_addr,
8787 				     const char *bridge, int use_existing,
8788 				     int setup_ap)
8789 {
8790 	enum nl80211_iftype nlmode;
8791 	struct i802_bss *bss = priv;
8792 	struct wpa_driver_nl80211_data *drv = bss->drv;
8793 	int ifidx;
8794 	int added = 1;
8795 
8796 	if (addr)
8797 		os_memcpy(if_addr, addr, ETH_ALEN);
8798 	nlmode = wpa_driver_nl80211_if_type(type);
8799 	if (nlmode == NL80211_IFTYPE_P2P_DEVICE) {
8800 		struct wdev_info p2pdev_info;
8801 
8802 		os_memset(&p2pdev_info, 0, sizeof(p2pdev_info));
8803 		ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
8804 					     0, nl80211_wdev_handler,
8805 					     &p2pdev_info, use_existing);
8806 		if (!p2pdev_info.wdev_id_set || ifidx != 0) {
8807 			wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s",
8808 				   ifname);
8809 			return -1;
8810 		}
8811 
8812 		drv->global->if_add_wdevid = p2pdev_info.wdev_id;
8813 		drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set;
8814 		if (!is_zero_ether_addr(p2pdev_info.macaddr))
8815 			os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN);
8816 		wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created",
8817 			   ifname,
8818 			   (long long unsigned int) p2pdev_info.wdev_id);
8819 	} else {
8820 		ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
8821 					     0, NULL, NULL, use_existing);
8822 		if (use_existing && ifidx == -ENFILE) {
8823 			added = 0;
8824 			ifidx = if_nametoindex(ifname);
8825 		} else if (ifidx < 0) {
8826 			return -1;
8827 		}
8828 	}
8829 
8830 	if (!addr) {
8831 		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
8832 			os_memcpy(if_addr, bss->addr, ETH_ALEN);
8833 		else if (linux_get_ifhwaddr(drv->global->ioctl_sock,
8834 					    ifname, if_addr) < 0) {
8835 			if (added)
8836 				nl80211_remove_iface(drv, ifidx);
8837 			return -1;
8838 		}
8839 	}
8840 
8841 	if (!addr &&
8842 	    (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
8843 	     type == WPA_IF_P2P_GO || type == WPA_IF_MESH ||
8844 	     type == WPA_IF_STATION || type == WPA_IF_AP_BSS)) {
8845 		/* Enforce unique address */
8846 		u8 new_addr[ETH_ALEN];
8847 
8848 		if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname,
8849 				       new_addr) < 0) {
8850 			if (added)
8851 				nl80211_remove_iface(drv, ifidx);
8852 			return -1;
8853 		}
8854 		if (nl80211_addr_in_use(drv->global, new_addr)) {
8855 			wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
8856 				   "for interface %s type %d", ifname, type);
8857 			if (nl80211_vif_addr(drv, new_addr) < 0) {
8858 				if (added)
8859 					nl80211_remove_iface(drv, ifidx);
8860 				return -1;
8861 			}
8862 			if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
8863 					       new_addr) < 0) {
8864 				if (added)
8865 					nl80211_remove_iface(drv, ifidx);
8866 				return -1;
8867 			}
8868 		}
8869 		os_memcpy(if_addr, new_addr, ETH_ALEN);
8870 	}
8871 
8872 	if (type == WPA_IF_AP_BSS && setup_ap) {
8873 		struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss));
8874 
8875 		if (new_bss == NULL) {
8876 			if (added)
8877 				nl80211_remove_iface(drv, ifidx);
8878 			return -1;
8879 		}
8880 
8881 		if (bridge &&
8882 		    i802_check_bridge(drv, new_bss, bridge, ifname) < 0) {
8883 			wpa_printf(MSG_ERROR, "nl80211: Failed to add the new "
8884 				   "interface %s to a bridge %s",
8885 				   ifname, bridge);
8886 			if (added)
8887 				nl80211_remove_iface(drv, ifidx);
8888 			os_free(new_bss);
8889 			return -1;
8890 		}
8891 
8892 		if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1))
8893 		{
8894 			if (added)
8895 				nl80211_remove_iface(drv, ifidx);
8896 			os_free(new_bss);
8897 			return -1;
8898 		}
8899 		os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
8900 		os_memcpy(new_bss->addr, if_addr, ETH_ALEN);
8901 		new_bss->ifindex = ifidx;
8902 		new_bss->drv = drv;
8903 		new_bss->next = drv->first_bss->next;
8904 		new_bss->flink = &new_bss->links[0];
8905 		new_bss->valid_links = 0;
8906 		os_memcpy(new_bss->flink->addr, new_bss->addr, ETH_ALEN);
8907 
8908 		new_bss->flink->freq = drv->first_bss->flink->freq;
8909 		new_bss->ctx = bss_ctx;
8910 		new_bss->added_if = added;
8911 		drv->first_bss->next = new_bss;
8912 		if (drv_priv)
8913 			*drv_priv = new_bss;
8914 		nl80211_init_bss(new_bss);
8915 
8916 		/* Subscribe management frames for this WPA_IF_AP_BSS */
8917 		if (nl80211_setup_ap(new_bss))
8918 			return -1;
8919 	}
8920 
8921 	if (drv->global)
8922 		drv->global->if_add_ifindex = ifidx;
8923 
8924 	/*
8925 	 * Some virtual interfaces need to process EAPOL packets and events on
8926 	 * the parent interface. This is used mainly with hostapd.
8927 	 */
8928 	if (ifidx > 0 &&
8929 	    (drv->hostapd ||
8930 	     nlmode == NL80211_IFTYPE_AP_VLAN ||
8931 	     nlmode == NL80211_IFTYPE_WDS ||
8932 	     nlmode == NL80211_IFTYPE_MONITOR))
8933 		add_ifidx(drv, ifidx, IFIDX_ANY);
8934 
8935 	return 0;
8936 }
8937 
8938 
8939 static int wpa_driver_nl80211_if_remove(struct i802_bss *bss,
8940 					enum wpa_driver_if_type type,
8941 					const char *ifname)
8942 {
8943 	struct wpa_driver_nl80211_data *drv = bss->drv;
8944 	int ifindex = if_nametoindex(ifname);
8945 
8946 	wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d added_if=%d",
8947 		   __func__, type, ifname, ifindex, bss->added_if);
8948 	if (ifindex > 0 && (bss->added_if || bss->ifindex != ifindex))
8949 		nl80211_remove_iface(drv, ifindex);
8950 	else if (ifindex > 0 && !bss->added_if) {
8951 		struct wpa_driver_nl80211_data *drv2;
8952 		dl_list_for_each(drv2, &drv->global->interfaces,
8953 				 struct wpa_driver_nl80211_data, list) {
8954 			del_ifidx(drv2, ifindex, IFIDX_ANY);
8955 			del_ifidx(drv2, IFIDX_ANY, ifindex);
8956 		}
8957 	}
8958 
8959 	if (type != WPA_IF_AP_BSS)
8960 		return 0;
8961 
8962 	if (bss->added_if_into_bridge) {
8963 		if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
8964 				    bss->ifname) < 0)
8965 			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
8966 				   "interface %s from bridge %s: %s",
8967 				   bss->ifname, bss->brname, strerror(errno));
8968 	}
8969 	if (bss->added_bridge) {
8970 		if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
8971 			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
8972 				   "bridge %s: %s",
8973 				   bss->brname, strerror(errno));
8974 	}
8975 
8976 	if (bss != drv->first_bss) {
8977 		struct i802_bss *tbss;
8978 
8979 		wpa_printf(MSG_DEBUG, "nl80211: Not the first BSS - remove it");
8980 		for (tbss = drv->first_bss; tbss; tbss = tbss->next) {
8981 			if (tbss->next == bss) {
8982 				tbss->next = bss->next;
8983 				/* Unsubscribe management frames */
8984 				nl80211_teardown_ap(bss);
8985 				nl80211_remove_links(bss);
8986 				nl80211_destroy_bss(bss);
8987 				if (!bss->added_if)
8988 					i802_set_iface_flags(bss, 0);
8989 				os_free(bss);
8990 				bss = NULL;
8991 				break;
8992 			}
8993 		}
8994 		if (bss)
8995 			wpa_printf(MSG_INFO, "nl80211: %s - could not find "
8996 				   "BSS %p in the list", __func__, bss);
8997 	} else {
8998 		wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
8999 		nl80211_teardown_ap(bss);
9000 		nl80211_remove_links(bss);
9001 		if (!bss->added_if && !drv->first_bss->next)
9002 			wpa_driver_nl80211_del_beacon_all(bss);
9003 		nl80211_destroy_bss(bss);
9004 		if (!bss->added_if)
9005 			i802_set_iface_flags(bss, 0);
9006 		if (drv->first_bss->next) {
9007 			drv->first_bss = drv->first_bss->next;
9008 			drv->ctx = drv->first_bss->ctx;
9009 			drv->ifindex = drv->first_bss->ifindex;
9010 			os_free(bss);
9011 		} else {
9012 			wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to");
9013 		}
9014 	}
9015 
9016 	return 0;
9017 }
9018 
9019 
9020 static int cookie_handler(struct nl_msg *msg, void *arg)
9021 {
9022 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
9023 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9024 	u64 *cookie = arg;
9025 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
9026 		  genlmsg_attrlen(gnlh, 0), NULL);
9027 	if (tb[NL80211_ATTR_COOKIE])
9028 		*cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
9029 	return NL_SKIP;
9030 }
9031 
9032 
9033 static int nl80211_send_frame_cmd(struct i802_bss *bss,
9034 				  unsigned int freq, unsigned int wait,
9035 				  const u8 *buf, size_t buf_len,
9036 				  int save_cookie, int no_cck, int no_ack,
9037 				  int offchanok, const u16 *csa_offs,
9038 				  size_t csa_offs_len, int link_id)
9039 {
9040 	struct wpa_driver_nl80211_data *drv = bss->drv;
9041 	struct nl_msg *msg;
9042 	u64 cookie;
9043 	int ret = -1;
9044 
9045 	wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d "
9046 		   "no_ack=%d offchanok=%d",
9047 		   freq, wait, no_cck, no_ack, offchanok);
9048 	wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len);
9049 
9050 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_FRAME)) ||
9051 	    ((link_id != NL80211_DRV_LINK_ID_NA) &&
9052 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) ||
9053 	    (freq && nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
9054 	    (wait && nla_put_u32(msg, NL80211_ATTR_DURATION, wait)) ||
9055 	    (offchanok && ((drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
9056 			   drv->test_use_roc_tx) &&
9057 	     nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) ||
9058 	    (no_cck && nla_put_flag(msg, NL80211_ATTR_TX_NO_CCK_RATE)) ||
9059 	    (no_ack && nla_put_flag(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK)) ||
9060 	    (csa_offs && nla_put(msg, NL80211_ATTR_CSA_C_OFFSETS_TX,
9061 				 csa_offs_len * sizeof(u16), csa_offs)) ||
9062 	    nla_put(msg, NL80211_ATTR_FRAME, buf_len, buf))
9063 		goto fail;
9064 
9065 	cookie = 0;
9066 	ret = send_and_recv_resp(drv, msg, cookie_handler, &cookie);
9067 	msg = NULL;
9068 	if (ret) {
9069 		wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d "
9070 			   "(%s) (freq=%u wait=%u)", ret, strerror(-ret),
9071 			   freq, wait);
9072 	} else {
9073 		wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; "
9074 			   "cookie 0x%llx", no_ack ? " (no ACK)" : "",
9075 			   (long long unsigned int) cookie);
9076 
9077 		if (save_cookie)
9078 			drv->send_frame_cookie = no_ack ? (u64) -1 : cookie;
9079 
9080 		if (!wait) {
9081 			 /* There is no need to store this cookie since there
9082 			  * is no wait that could be canceled later.  */
9083 			goto fail;
9084 		}
9085 		if (drv->num_send_frame_cookies == MAX_SEND_FRAME_COOKIES) {
9086 			wpa_printf(MSG_DEBUG,
9087 				   "nl80211: Drop oldest pending send frame cookie 0x%llx",
9088 				   (long long unsigned int)
9089 				   drv->send_frame_cookies[0]);
9090 			os_memmove(&drv->send_frame_cookies[0],
9091 				   &drv->send_frame_cookies[1],
9092 				   (MAX_SEND_FRAME_COOKIES - 1) *
9093 				   sizeof(u64));
9094 			drv->num_send_frame_cookies--;
9095 		}
9096 		drv->send_frame_cookies[drv->num_send_frame_cookies] = cookie;
9097 		drv->num_send_frame_cookies++;
9098 	}
9099 
9100 fail:
9101 	nlmsg_free(msg);
9102 	return ret;
9103 }
9104 
9105 
9106 static int wpa_driver_nl80211_send_action(struct i802_bss *bss,
9107 					  unsigned int freq,
9108 					  unsigned int wait_time,
9109 					  const u8 *dst, const u8 *src,
9110 					  const u8 *bssid,
9111 					  const u8 *data, size_t data_len,
9112 					  int no_cck)
9113 {
9114 	struct wpa_driver_nl80211_data *drv = bss->drv;
9115 	int ret = -1;
9116 	u8 *buf;
9117 	struct ieee80211_hdr *hdr;
9118 	int offchanok = 1;
9119 
9120 	if (is_ap_interface(drv->nlmode) && (int) freq == bss->flink->freq &&
9121 	    bss->flink->beacon_set)
9122 		offchanok = 0;
9123 
9124 	if (!freq && is_sta_interface(drv->nlmode))
9125 		offchanok = 0;
9126 
9127 	wpa_printf(MSG_DEBUG,
9128 		   "nl80211: Send Action frame (ifindex=%d, freq=%u MHz wait=%d ms no_cck=%d offchanok=%d dst="
9129 		   MACSTR " src=" MACSTR " bssid=" MACSTR ")",
9130 		   drv->ifindex, freq, wait_time, no_cck, offchanok,
9131 		   MAC2STR(dst), MAC2STR(src), MAC2STR(bssid));
9132 
9133 	buf = os_zalloc(24 + data_len);
9134 	if (buf == NULL)
9135 		return ret;
9136 	os_memcpy(buf + 24, data, data_len);
9137 	hdr = (struct ieee80211_hdr *) buf;
9138 	hdr->frame_control =
9139 		IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
9140 	os_memcpy(hdr->addr1, dst, ETH_ALEN);
9141 	os_memcpy(hdr->addr2, src, ETH_ALEN);
9142 	os_memcpy(hdr->addr3, bssid, ETH_ALEN);
9143 
9144 	if (!ether_addr_equal(bss->addr, src)) {
9145 		wpa_printf(MSG_DEBUG, "nl80211: Use random TA " MACSTR,
9146 			   MAC2STR(src));
9147 		os_memcpy(bss->rand_addr, src, ETH_ALEN);
9148 	} else {
9149 		os_memset(bss->rand_addr, 0, ETH_ALEN);
9150 	}
9151 
9152 #ifdef CONFIG_MESH
9153 	if (is_mesh_interface(drv->nlmode)) {
9154 		struct hostapd_hw_modes *modes;
9155 		u16 num_modes, flags;
9156 		u8 dfs_domain;
9157 		int i;
9158 
9159 		modes = nl80211_get_hw_feature_data(bss, &num_modes,
9160 						    &flags, &dfs_domain);
9161 		if (dfs_domain != HOSTAPD_DFS_REGION_ETSI &&
9162 		    ieee80211_is_dfs(bss->flink->freq, modes, num_modes))
9163 			offchanok = 0;
9164 		if (modes) {
9165 			for (i = 0; i < num_modes; i++) {
9166 				os_free(modes[i].channels);
9167 				os_free(modes[i].rates);
9168 			}
9169 			os_free(modes);
9170 		}
9171 	}
9172 #endif /* CONFIG_MESH */
9173 
9174 	if (is_ap_interface(drv->nlmode) &&
9175 	    (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
9176 	     (int) freq == bss->flink->freq || drv->device_ap_sme ||
9177 	     !drv->use_monitor))
9178 		ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len,
9179 						   0, freq, no_cck, offchanok,
9180 						   wait_time, NULL, 0, 0, -1);
9181 	else
9182 		ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
9183 					     24 + data_len, 1, no_cck, 0,
9184 					     offchanok, NULL, 0,
9185 					     NL80211_DRV_LINK_ID_NA);
9186 
9187 	os_free(buf);
9188 	return ret;
9189 }
9190 
9191 
9192 static void nl80211_frame_wait_cancel(struct i802_bss *bss, u64 cookie)
9193 {
9194 	struct wpa_driver_nl80211_data *drv = bss->drv;
9195 	struct nl_msg *msg;
9196 	int ret;
9197 
9198 	wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx",
9199 		   (long long unsigned int) cookie);
9200 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_FRAME_WAIT_CANCEL)) ||
9201 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) {
9202 		nlmsg_free(msg);
9203 		return;
9204 	}
9205 
9206 	ret = send_and_recv_cmd(drv, msg);
9207 	if (ret)
9208 		wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d "
9209 			   "(%s)", ret, strerror(-ret));
9210 }
9211 
9212 
9213 static void wpa_driver_nl80211_send_action_cancel_wait(void *priv)
9214 {
9215 	struct i802_bss *bss = priv;
9216 	struct wpa_driver_nl80211_data *drv = bss->drv;
9217 	unsigned int i;
9218 	u64 cookie;
9219 
9220 	/* Cancel the last pending TX cookie */
9221 	if (drv->send_frame_cookie != (u64) -1)
9222 		nl80211_frame_wait_cancel(bss, drv->send_frame_cookie);
9223 
9224 	/*
9225 	 * Cancel the other pending TX cookies, if any. This is needed since
9226 	 * the driver may keep a list of all pending offchannel TX operations
9227 	 * and free up the radio only once they have expired or cancelled.
9228 	 */
9229 	for (i = drv->num_send_frame_cookies; i > 0; i--) {
9230 		cookie = drv->send_frame_cookies[i - 1];
9231 		if (cookie != drv->send_frame_cookie)
9232 			nl80211_frame_wait_cancel(bss, cookie);
9233 	}
9234 	drv->num_send_frame_cookies = 0;
9235 }
9236 
9237 
9238 static int nl80211_put_any_link_id(struct nl_msg *msg,
9239 			       struct driver_sta_mlo_info *mlo,
9240 			       int freq)
9241 {
9242 	int i;
9243 	int link_id = -1;
9244 	int any_valid_link_id = -1;
9245 
9246 	if (!mlo->valid_links)
9247 		return 0;
9248 
9249 	/* First try to pick a link that uses the same band */
9250 	for_each_link(mlo->valid_links, i) {
9251 		if (any_valid_link_id == -1)
9252 			any_valid_link_id = i;
9253 
9254 		if (is_same_band(freq, mlo->links[i].freq)) {
9255 			link_id = i;
9256 			break;
9257 		}
9258 	}
9259 
9260 	/* Use any valid link ID if no band match was found */
9261 	if (link_id == -1)
9262 		link_id = any_valid_link_id;
9263 
9264 	if (link_id == -1) {
9265 		wpa_printf(MSG_INFO,
9266 			   "nl80211: No valid Link ID found for freq %u", freq);
9267 		return 0;
9268 	}
9269 
9270 	wpa_printf(MSG_DEBUG, "nl80211: Add Link ID %d", link_id);
9271 	return nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id);
9272 }
9273 
9274 
9275 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
9276 						unsigned int duration)
9277 {
9278 	struct i802_bss *bss = priv;
9279 	struct wpa_driver_nl80211_data *drv = bss->drv;
9280 	struct nl_msg *msg;
9281 	int ret;
9282 	u64 cookie;
9283 
9284 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_REMAIN_ON_CHANNEL)) ||
9285 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
9286 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration) ||
9287 	    nl80211_put_any_link_id(msg, &drv->sta_mlo_info, freq)) {
9288 		nlmsg_free(msg);
9289 		return -1;
9290 	}
9291 
9292 	cookie = 0;
9293 	ret = send_and_recv_resp(drv, msg, cookie_handler, &cookie);
9294 	if (ret == 0) {
9295 		wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
9296 			   "0x%llx for freq=%u MHz duration=%u",
9297 			   (long long unsigned int) cookie, freq, duration);
9298 		drv->remain_on_chan_cookie = cookie;
9299 		drv->pending_remain_on_chan = 1;
9300 		return 0;
9301 	}
9302 	wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
9303 		   "(freq=%d duration=%u): %d (%s)",
9304 		   freq, duration, ret, strerror(-ret));
9305 	return -1;
9306 }
9307 
9308 
9309 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
9310 {
9311 	struct i802_bss *bss = priv;
9312 	struct wpa_driver_nl80211_data *drv = bss->drv;
9313 	struct nl_msg *msg;
9314 	int ret;
9315 
9316 	if (!drv->pending_remain_on_chan) {
9317 		wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
9318 			   "to cancel");
9319 		return -1;
9320 	}
9321 
9322 	wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
9323 		   "0x%llx",
9324 		   (long long unsigned int) drv->remain_on_chan_cookie);
9325 
9326 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL);
9327 	if (!msg ||
9328 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie)) {
9329 		nlmsg_free(msg);
9330 		return -1;
9331 	}
9332 
9333 	ret = send_and_recv_cmd(drv, msg);
9334 	if (ret == 0)
9335 		return 0;
9336 	wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
9337 		   "%d (%s)", ret, strerror(-ret));
9338 	return -1;
9339 }
9340 
9341 
9342 static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report)
9343 {
9344 	struct wpa_driver_nl80211_data *drv = bss->drv;
9345 
9346 	if (!report) {
9347 		if (bss->nl_preq && drv->device_ap_sme &&
9348 		    is_ap_interface(drv->nlmode) && !bss->in_deinit &&
9349 		    !bss->static_ap) {
9350 			/*
9351 			 * Do not disable Probe Request reporting that was
9352 			 * enabled in nl80211_setup_ap().
9353 			 */
9354 			wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of "
9355 				   "Probe Request reporting nl_preq=%p while "
9356 				   "in AP mode", bss->nl_preq);
9357 		} else if (bss->nl_preq) {
9358 			wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request "
9359 				   "reporting nl_preq=%p", bss->nl_preq);
9360 			nl80211_destroy_eloop_handle(&bss->nl_preq, 0);
9361 		}
9362 		return 0;
9363 	}
9364 
9365 	if (bss->nl_preq) {
9366 		wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting "
9367 			   "already on! nl_preq=%p", bss->nl_preq);
9368 		return 0;
9369 	}
9370 
9371 	bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq");
9372 	if (bss->nl_preq == NULL)
9373 		return -1;
9374 	wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request "
9375 		   "reporting nl_preq=%p", bss->nl_preq);
9376 
9377 	if (nl80211_register_frame(bss, bss->nl_preq,
9378 				   (WLAN_FC_TYPE_MGMT << 2) |
9379 				   (WLAN_FC_STYPE_PROBE_REQ << 4),
9380 				   NULL, 0, false) < 0)
9381 		goto out_err;
9382 
9383 	nl80211_register_eloop_read(&bss->nl_preq,
9384 				    wpa_driver_nl80211_event_receive,
9385 				    bss->nl_cb, 0);
9386 
9387 	return 0;
9388 
9389  out_err:
9390 	nl_destroy_handles(&bss->nl_preq);
9391 	return -1;
9392 }
9393 
9394 
9395 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
9396 				     int ifindex, int disabled)
9397 {
9398 	struct nl_msg *msg;
9399 	struct nlattr *bands, *band;
9400 	int ret;
9401 
9402 	wpa_printf(MSG_DEBUG,
9403 		   "nl80211: NL80211_CMD_SET_TX_BITRATE_MASK (ifindex=%d %s)",
9404 		   ifindex, disabled ? "NL80211_TXRATE_LEGACY=OFDM-only" :
9405 		   "no NL80211_TXRATE_LEGACY constraint");
9406 
9407 	msg = nl80211_ifindex_msg(drv, ifindex, 0,
9408 				  NL80211_CMD_SET_TX_BITRATE_MASK);
9409 	if (!msg)
9410 		return -1;
9411 
9412 	bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
9413 	if (!bands)
9414 		goto fail;
9415 
9416 	/*
9417 	 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
9418 	 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
9419 	 * rates. All 5 GHz rates are left enabled.
9420 	 */
9421 	band = nla_nest_start(msg, NL80211_BAND_2GHZ);
9422 	if (!band ||
9423 	    (disabled && nla_put(msg, NL80211_TXRATE_LEGACY, 8,
9424 				 "\x0c\x12\x18\x24\x30\x48\x60\x6c")))
9425 		goto fail;
9426 	nla_nest_end(msg, band);
9427 
9428 	nla_nest_end(msg, bands);
9429 
9430 	ret = send_and_recv_cmd(drv, msg);
9431 	if (ret) {
9432 		wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
9433 			   "(%s)", ret, strerror(-ret));
9434 	} else
9435 		drv->disabled_11b_rates = disabled;
9436 
9437 	return ret;
9438 
9439 fail:
9440 	nlmsg_free(msg);
9441 	return -1;
9442 }
9443 
9444 
9445 static int nl80211_remove_link(struct i802_bss *bss, int link_id)
9446 {
9447 	struct wpa_driver_nl80211_data *drv = bss->drv;
9448 	struct i802_link *link;
9449 	struct nl_msg *msg;
9450 	size_t i;
9451 	int ret;
9452 
9453 	wpa_printf(MSG_DEBUG, "nl80211: Remove link (ifindex=%d link_id=%u)",
9454 		   bss->ifindex, link_id);
9455 
9456 	if (!(bss->valid_links & BIT(link_id))) {
9457 		wpa_printf(MSG_DEBUG,
9458 			   "nl80211: MLD: remove link: Link not found");
9459 		return -1;
9460 	}
9461 
9462 	link = &bss->links[link_id];
9463 
9464 	wpa_driver_nl80211_del_beacon(bss, link_id);
9465 
9466 	/* First remove the link locally */
9467 	bss->valid_links &= ~BIT(link_id);
9468 	os_memset(link->addr, 0, ETH_ALEN);
9469 
9470 	/* Choose new deflink if we are removing that link */
9471 	if (bss->flink == link) {
9472 		for_each_link_default(bss->valid_links, i, 0) {
9473 			bss->flink = &bss->links[i];
9474 			break;
9475 		}
9476 	}
9477 
9478 	/* If this was the last link, reset default link */
9479 	if (!bss->valid_links) {
9480 		/* TODO: Does keeping freq/bandwidth make sense? */
9481 		if (bss->flink != link)
9482 			os_memcpy(bss->flink, link, sizeof(*link));
9483 
9484 		os_memcpy(bss->flink->addr, bss->addr, ETH_ALEN);
9485 	}
9486 
9487 	/* Remove the link from the kernel */
9488 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_REMOVE_LINK);
9489 	if (!msg ||
9490 	    nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) {
9491 		nlmsg_free(msg);
9492 		wpa_printf(MSG_ERROR,
9493 			   "nl80211: remove link (%d) failed", link_id);
9494 		return -1;
9495 	}
9496 
9497 	ret = send_and_recv_cmd(drv, msg);
9498 	if (ret)
9499 		wpa_printf(MSG_ERROR,
9500 			   "nl80211: remove link (%d) failed. ret=%d (%s)",
9501 			   link_id, ret, strerror(-ret));
9502 
9503 	return ret;
9504 }
9505 
9506 
9507 static void nl80211_remove_links(struct i802_bss *bss)
9508 {
9509 	int ret;
9510 	u8 link_id;
9511 
9512 	for_each_link(bss->valid_links, link_id) {
9513 		ret = nl80211_remove_link(bss, link_id);
9514 		if (ret)
9515 			break;
9516 	}
9517 
9518 	if (bss->flink)
9519 		os_memcpy(bss->flink->addr, bss->addr, ETH_ALEN);
9520 }
9521 
9522 
9523 static int wpa_driver_nl80211_deinit_ap(void *priv)
9524 {
9525 	struct i802_bss *bss = priv;
9526 	struct wpa_driver_nl80211_data *drv = bss->drv;
9527 
9528 	if (!is_ap_interface(drv->nlmode))
9529 		return -1;
9530 
9531 	/* Stop beaconing */
9532 	wpa_driver_nl80211_del_beacon(bss, NL80211_DRV_LINK_ID_NA);
9533 
9534 	nl80211_remove_links(bss);
9535 
9536 	/*
9537 	 * If the P2P GO interface was dynamically added, then it is
9538 	 * possible that the interface change to station is not possible.
9539 	 */
9540 	if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic)
9541 		return 0;
9542 
9543 	return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
9544 }
9545 
9546 
9547 static int wpa_driver_nl80211_stop_ap(void *priv, int link_id)
9548 {
9549 	struct i802_bss *bss = priv;
9550 	struct wpa_driver_nl80211_data *drv = bss->drv;
9551 
9552 	if (!is_ap_interface(drv->nlmode))
9553 		return -1;
9554 
9555 	if (link_id == -1) {
9556 		wpa_driver_nl80211_del_beacon_all(bss);
9557 		return 0;
9558 	}
9559 
9560 	if (nl80211_link_valid(bss->valid_links, link_id)) {
9561 		wpa_driver_nl80211_del_beacon(bss, link_id);
9562 		return 0;
9563 	}
9564 
9565 	return -1;
9566 }
9567 
9568 
9569 static int wpa_driver_nl80211_deinit_p2p_cli(void *priv)
9570 {
9571 	struct i802_bss *bss = priv;
9572 	struct wpa_driver_nl80211_data *drv = bss->drv;
9573 	if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT)
9574 		return -1;
9575 
9576 	/*
9577 	 * If the P2P Client interface was dynamically added, then it is
9578 	 * possible that the interface change to station is not possible.
9579 	 */
9580 	if (bss->if_dynamic)
9581 		return 0;
9582 
9583 	return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
9584 }
9585 
9586 
9587 static void wpa_driver_nl80211_resume(void *priv)
9588 {
9589 	struct i802_bss *bss = priv;
9590 	enum nl80211_iftype nlmode = nl80211_get_ifmode(bss);
9591 
9592 	if (i802_set_iface_flags(bss, 1))
9593 		wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event");
9594 
9595 	if (is_p2p_net_interface(nlmode))
9596 		nl80211_disable_11b_rates(bss->drv, bss->drv->ifindex, 1);
9597 }
9598 
9599 
9600 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
9601 {
9602 	struct i802_bss *bss = priv;
9603 	struct wpa_driver_nl80211_data *drv = bss->drv;
9604 	struct nl_msg *msg;
9605 	struct nlattr *cqm;
9606 
9607 	wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
9608 		   "hysteresis=%d", threshold, hysteresis);
9609 
9610 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_CQM)) ||
9611 	    !(cqm = nla_nest_start(msg, NL80211_ATTR_CQM)) ||
9612 	    nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold) ||
9613 	    nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis)) {
9614 		nlmsg_free(msg);
9615 		return -1;
9616 	}
9617 	nla_nest_end(msg, cqm);
9618 
9619 	return send_and_recv_cmd(drv, msg);
9620 }
9621 
9622 
9623 static int get_channel_width(struct nl_msg *msg, void *arg)
9624 {
9625 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
9626 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9627 	struct wpa_signal_info *sig_change = arg;
9628 
9629 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
9630 		  genlmsg_attrlen(gnlh, 0), NULL);
9631 
9632 	sig_change->center_frq1 = -1;
9633 	sig_change->center_frq2 = -1;
9634 	sig_change->chanwidth = CHAN_WIDTH_UNKNOWN;
9635 
9636 	if (tb[NL80211_ATTR_CHANNEL_WIDTH]) {
9637 		sig_change->chanwidth = convert2width(
9638 			nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH]));
9639 		if (tb[NL80211_ATTR_CENTER_FREQ1])
9640 			sig_change->center_frq1 =
9641 				nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
9642 		if (tb[NL80211_ATTR_CENTER_FREQ2])
9643 			sig_change->center_frq2 =
9644 				nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
9645 	}
9646 
9647 	return NL_SKIP;
9648 }
9649 
9650 
9651 static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv,
9652 				     struct wpa_signal_info *sig)
9653 {
9654 	struct nl_msg *msg;
9655 
9656 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_INTERFACE);
9657 	return send_and_recv_resp(drv, msg, get_channel_width, sig);
9658 }
9659 
9660 
9661 static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si)
9662 {
9663 	struct i802_bss *bss = priv;
9664 	struct wpa_driver_nl80211_data *drv = bss->drv;
9665 	int res;
9666 
9667 	os_memset(si, 0, sizeof(*si));
9668 	res = nl80211_get_link_signal(drv, drv->bssid, &si->data);
9669 	if (res) {
9670 		if (drv->nlmode != NL80211_IFTYPE_ADHOC &&
9671 		    drv->nlmode != NL80211_IFTYPE_MESH_POINT)
9672 			return res;
9673 		si->data.signal = 0;
9674 	}
9675 
9676 	res = nl80211_get_channel_width(drv, si);
9677 	if (res != 0)
9678 		return res;
9679 
9680 	return nl80211_get_link_noise(drv, si);
9681 }
9682 
9683 
9684 static int get_links_noise(struct nl_msg *msg, void *arg)
9685 {
9686 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
9687 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9688 	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
9689 	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
9690 		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
9691 		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
9692 	};
9693 	struct wpa_mlo_signal_info *mlo_sig = arg;
9694 	int i;
9695 
9696 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
9697 		  genlmsg_attrlen(gnlh, 0), NULL);
9698 
9699 	if (!tb[NL80211_ATTR_SURVEY_INFO]) {
9700 		wpa_printf(MSG_DEBUG, "nl80211: Survey data missing");
9701 		return NL_SKIP;
9702 	}
9703 
9704 	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
9705 			     tb[NL80211_ATTR_SURVEY_INFO],
9706 			     survey_policy)) {
9707 		wpa_printf(MSG_DEBUG,
9708 			   "nl80211: Failed to parse nested attributes");
9709 		return NL_SKIP;
9710 	}
9711 
9712 	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
9713 		return NL_SKIP;
9714 
9715 	if (!sinfo[NL80211_SURVEY_INFO_NOISE])
9716 		return NL_SKIP;
9717 
9718 	for_each_link(mlo_sig->valid_links, i) {
9719 		if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
9720 		    mlo_sig->links[i].frequency)
9721 			continue;
9722 
9723 		mlo_sig->links[i].current_noise =
9724 			(s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
9725 		break;
9726 	}
9727 
9728 	return NL_SKIP;
9729 }
9730 
9731 
9732 static int nl80211_get_links_noise(struct wpa_driver_nl80211_data *drv,
9733 				   struct wpa_mlo_signal_info *mlo_sig)
9734 {
9735 	struct nl_msg *msg;
9736 
9737 	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
9738 	return send_and_recv_resp(drv, msg, get_links_noise, mlo_sig);
9739 }
9740 
9741 
9742 static int get_links_channel_width(struct nl_msg *msg, void *arg)
9743 {
9744 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
9745 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9746 	struct wpa_mlo_signal_info *mlo_sig = arg;
9747 	struct nlattr *link;
9748 	int rem_links;
9749 
9750 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
9751 		  genlmsg_attrlen(gnlh, 0), NULL);
9752 
9753 	if (!tb[NL80211_ATTR_MLO_LINKS])
9754 		return NL_SKIP;
9755 
9756 	nla_for_each_nested(link, tb[NL80211_ATTR_MLO_LINKS], rem_links) {
9757 		struct nlattr *tb2[NL80211_ATTR_MAX + 1];
9758 		int link_id;
9759 
9760 		nla_parse(tb2, NL80211_ATTR_MAX, nla_data(link), nla_len(link),
9761 			  NULL);
9762 
9763 		if (!tb2[NL80211_ATTR_MLO_LINK_ID])
9764 			continue;
9765 
9766 		link_id = nla_get_u8(tb2[NL80211_ATTR_MLO_LINK_ID]);
9767 		if (link_id >= MAX_NUM_MLD_LINKS)
9768 			continue;
9769 
9770 		if (!tb2[NL80211_ATTR_CHANNEL_WIDTH])
9771 			continue;
9772 		mlo_sig->links[link_id].chanwidth = convert2width(
9773 			nla_get_u32(tb2[NL80211_ATTR_CHANNEL_WIDTH]));
9774 		if (tb2[NL80211_ATTR_CENTER_FREQ1])
9775 			mlo_sig->links[link_id].center_frq1 =
9776 				nla_get_u32(tb2[NL80211_ATTR_CENTER_FREQ1]);
9777 		if (tb2[NL80211_ATTR_CENTER_FREQ2])
9778 			mlo_sig->links[link_id].center_frq2 =
9779 				nla_get_u32(tb2[NL80211_ATTR_CENTER_FREQ2]);
9780 	}
9781 
9782 	return NL_SKIP;
9783 }
9784 
9785 
9786 static int nl80211_get_links_channel_width(struct wpa_driver_nl80211_data *drv,
9787 					   struct wpa_mlo_signal_info *mlo_sig)
9788 {
9789 	struct nl_msg *msg;
9790 
9791 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_INTERFACE);
9792 	return send_and_recv_resp(drv, msg, get_links_channel_width, mlo_sig);
9793 }
9794 
9795 
9796 static int nl80211_mlo_signal_poll(void *priv,
9797 				   struct wpa_mlo_signal_info *mlo_si)
9798 {
9799 	struct i802_bss *bss = priv;
9800 	struct wpa_driver_nl80211_data *drv = bss->drv;
9801 	int res;
9802 	int i;
9803 
9804 	if (drv->nlmode != NL80211_IFTYPE_STATION ||
9805 	    !drv->sta_mlo_info.valid_links)
9806 		return -1;
9807 
9808 	os_memset(mlo_si, 0, sizeof(*mlo_si));
9809 	mlo_si->valid_links = drv->sta_mlo_info.valid_links;
9810 
9811 	for_each_link(mlo_si->valid_links, i) {
9812 		res = nl80211_get_link_signal(drv,
9813 					      drv->sta_mlo_info.links[i].bssid,
9814 					      &mlo_si->links[i].data);
9815 		if (res != 0)
9816 			return res;
9817 
9818 		mlo_si->links[i].center_frq1 = -1;
9819 		mlo_si->links[i].center_frq2 = -1;
9820 		mlo_si->links[i].chanwidth = CHAN_WIDTH_UNKNOWN;
9821 		mlo_si->links[i].current_noise = WPA_INVALID_NOISE;
9822 		mlo_si->links[i].frequency = drv->sta_mlo_info.links[i].freq;
9823 	}
9824 
9825 	res = nl80211_get_links_channel_width(drv, mlo_si);
9826 	if (res != 0)
9827 		return res;
9828 
9829 	return nl80211_get_links_noise(drv, mlo_si);
9830 }
9831 
9832 
9833 static int nl80211_set_param(void *priv, const char *param)
9834 {
9835 	struct i802_bss *bss = priv;
9836 	struct wpa_driver_nl80211_data *drv = bss->drv;
9837 
9838 	if (param == NULL)
9839 		return 0;
9840 	wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param);
9841 
9842 #ifdef CONFIG_P2P
9843 	if (os_strstr(param, "use_p2p_group_interface=1")) {
9844 		wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
9845 			   "interface");
9846 		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
9847 		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
9848 	}
9849 #endif /* CONFIG_P2P */
9850 
9851 	if (os_strstr(param, "use_monitor=1"))
9852 		drv->use_monitor = 1;
9853 
9854 	if (os_strstr(param, "force_connect_cmd=1")) {
9855 		drv->capa.flags &= ~WPA_DRIVER_FLAGS_SME;
9856 		drv->force_connect_cmd = 1;
9857 	}
9858 
9859 	if (os_strstr(param, "force_bss_selection=1"))
9860 		drv->capa.flags |= WPA_DRIVER_FLAGS_BSS_SELECTION;
9861 
9862 	if (os_strstr(param, "no_offchannel_tx=1")) {
9863 		drv->capa.flags &= ~WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
9864 		drv->test_use_roc_tx = 1;
9865 	}
9866 
9867 	if (os_strstr(param, "control_port=0")) {
9868 		drv->capa.flags &= ~WPA_DRIVER_FLAGS_CONTROL_PORT;
9869 		drv->capa.flags2 &= ~(WPA_DRIVER_FLAGS2_CONTROL_PORT_RX |
9870 				      WPA_DRIVER_FLAGS2_CONTROL_PORT_TX_STATUS);
9871 		drv->control_port_ap = 0;
9872 	}
9873 
9874 	if (os_strstr(param, "control_port_ap=1"))
9875 		drv->control_port_ap = 1;
9876 
9877 	if (os_strstr(param, "control_port_ap=0")) {
9878 		drv->capa.flags2 &= ~WPA_DRIVER_FLAGS2_CONTROL_PORT_TX_STATUS;
9879 		drv->control_port_ap = 0;
9880 	}
9881 
9882 	if (os_strstr(param, "full_ap_client_state=0"))
9883 		drv->capa.flags &= ~WPA_DRIVER_FLAGS_FULL_AP_CLIENT_STATE;
9884 
9885 	if (os_strstr(param, "no_rrm=1")) {
9886 		drv->no_rrm = 1;
9887 
9888 		if (!bss->in_deinit && !is_ap_interface(drv->nlmode) &&
9889 		    !is_mesh_interface(drv->nlmode)) {
9890 			nl80211_mgmt_unsubscribe(bss, "no_rrm=1");
9891 			if (nl80211_mgmt_subscribe_non_ap(bss) < 0)
9892 				wpa_printf(MSG_DEBUG,
9893 					   "nl80211: Failed to re-register Action frame processing - ignore for now");
9894 		}
9895 	}
9896 
9897 	if (os_strstr(param, "secure_ltf=1")) {
9898 		drv->capa.flags2 |= WPA_DRIVER_FLAGS2_SEC_LTF_STA |
9899 			WPA_DRIVER_FLAGS2_SEC_LTF_AP;
9900 	}
9901 
9902 	return 0;
9903 }
9904 
9905 
9906 static void * nl80211_global_init(void *ctx)
9907 {
9908 	struct nl80211_global *global;
9909 	struct netlink_config *cfg;
9910 	struct utsname name;
9911 
9912 	if (uname(&name) == 0) {
9913 		wpa_printf(MSG_DEBUG, "nl80211: Kernel version: %s %s (%s; %s)",
9914 			   name.sysname, name.release,
9915 			   name.version, name.machine);
9916 	}
9917 
9918 	global = os_zalloc(sizeof(*global));
9919 	if (global == NULL)
9920 		return NULL;
9921 	global->ctx = ctx;
9922 	global->ioctl_sock = -1;
9923 	dl_list_init(&global->interfaces);
9924 	global->if_add_ifindex = -1;
9925 
9926 	cfg = os_zalloc(sizeof(*cfg));
9927 	if (cfg == NULL)
9928 		goto err;
9929 
9930 	cfg->ctx = global;
9931 	cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
9932 	cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
9933 	global->netlink = netlink_init(cfg);
9934 	if (global->netlink == NULL) {
9935 		os_free(cfg);
9936 		goto err;
9937 	}
9938 
9939 	if (wpa_driver_nl80211_init_nl_global(global) < 0)
9940 		goto err;
9941 
9942 	global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
9943 	if (global->ioctl_sock < 0) {
9944 		wpa_printf(MSG_ERROR, "nl80211: socket(PF_INET,SOCK_DGRAM) failed: %s",
9945 			   strerror(errno));
9946 		goto err;
9947 	}
9948 
9949 	return global;
9950 
9951 err:
9952 	nl80211_global_deinit(global);
9953 	return NULL;
9954 }
9955 
9956 
9957 static void nl80211_global_deinit(void *priv)
9958 {
9959 	struct nl80211_global *global = priv;
9960 	if (global == NULL)
9961 		return;
9962 	if (!dl_list_empty(&global->interfaces)) {
9963 		wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at "
9964 			   "nl80211_global_deinit",
9965 			   dl_list_len(&global->interfaces));
9966 	}
9967 
9968 	if (global->netlink)
9969 		netlink_deinit(global->netlink);
9970 
9971 	nl_destroy_handles(&global->nl);
9972 
9973 	if (global->nl_event)
9974 		nl80211_destroy_eloop_handle(&global->nl_event, 0);
9975 
9976 	nl_cb_put(global->nl_cb);
9977 
9978 	if (global->ioctl_sock >= 0)
9979 		close(global->ioctl_sock);
9980 
9981 	os_free(global);
9982 }
9983 
9984 
9985 static const char * nl80211_get_radio_name(void *priv)
9986 {
9987 	struct i802_bss *bss = priv;
9988 	struct wpa_driver_nl80211_data *drv = bss->drv;
9989 	return drv->phyname;
9990 }
9991 
9992 
9993 static int nl80211_pmkid(struct i802_bss *bss, int cmd,
9994 			 struct wpa_pmkid_params *params, bool skip_pmk)
9995 {
9996 	struct nl_msg *msg;
9997 
9998 	if (cmd == NL80211_CMD_SET_PMKSA)
9999 		wpa_printf(MSG_DEBUG,
10000 			   "nl80211: NL80211_CMD_SET_PMKSA with skip_pmk=%s pmk_len=%zu",
10001 			   skip_pmk ? "true" : "false", params->pmk_len);
10002 
10003 	if (!(msg = nl80211_bss_msg(bss, 0, cmd)) ||
10004 	    (params->pmkid &&
10005 	     nla_put(msg, NL80211_ATTR_PMKID, 16, params->pmkid)) ||
10006 	    (params->bssid &&
10007 	     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid)) ||
10008 	    (params->ssid_len &&
10009 	     nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid)) ||
10010 	    (params->fils_cache_id &&
10011 	     nla_put(msg, NL80211_ATTR_FILS_CACHE_ID, 2,
10012 		     params->fils_cache_id)) ||
10013 	    (params->pmk_lifetime &&
10014 	     nla_put_u32(msg, NL80211_ATTR_PMK_LIFETIME,
10015 			 params->pmk_lifetime)) ||
10016 	    (params->pmk_reauth_threshold &&
10017 	     nla_put_u8(msg, NL80211_ATTR_PMK_REAUTH_THRESHOLD,
10018 			params->pmk_reauth_threshold)) ||
10019 	    (cmd != NL80211_CMD_DEL_PMKSA &&
10020 	     params->pmk_len && !skip_pmk &&
10021 	     nla_put(msg, NL80211_ATTR_PMK, params->pmk_len, params->pmk))) {
10022 		nl80211_nlmsg_clear(msg);
10023 		nlmsg_free(msg);
10024 		return -ENOBUFS;
10025 	}
10026 
10027 	return send_and_recv_cmd(bss->drv, msg);
10028 }
10029 
10030 
10031 static int nl80211_add_pmkid(void *priv, struct wpa_pmkid_params *params)
10032 {
10033 	struct i802_bss *bss = priv;
10034 	const size_t PMK_MAX_LEN = 64; /* current cfg80211 limit */
10035 	const size_t LEGACY_PMK_MAX_LEN = 48; /* old cfg80211 limit */
10036 	bool skip_pmk = params->pmk_len > PMK_MAX_LEN;
10037 	int ret;
10038 
10039 	if (params->bssid)
10040 		wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR,
10041 			   MAC2STR(params->bssid));
10042 	else if (params->fils_cache_id && params->ssid_len) {
10043 		wpa_printf(MSG_DEBUG,
10044 			   "nl80211: Add PMKSA for cache id %02x%02x SSID %s",
10045 			   params->fils_cache_id[0], params->fils_cache_id[1],
10046 			   wpa_ssid_txt(params->ssid, params->ssid_len));
10047 	}
10048 
10049 	ret = nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, params, skip_pmk);
10050 	/*
10051 	 * Try again by skipping PMK if the first attempt failed with ERANGE
10052 	 * error, PMK was not skipped, and PMK length is greater than the
10053 	 * legacy kernel maximum allowed limit.
10054 	 */
10055 	if (ret == -ERANGE && !skip_pmk &&
10056 	    params->pmk_len > LEGACY_PMK_MAX_LEN)
10057 		ret = nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, params, true);
10058 	if (ret < 0) {
10059 		wpa_printf(MSG_DEBUG,
10060 			   "nl80211: NL80211_CMD_SET_PMKSA failed: %d (%s)",
10061 			   ret, strerror(-ret));
10062 	}
10063 
10064 	return ret;
10065 }
10066 
10067 
10068 static int nl80211_remove_pmkid(void *priv, struct wpa_pmkid_params *params)
10069 {
10070 	struct i802_bss *bss = priv;
10071 	int ret;
10072 
10073 	if (params->bssid)
10074 		wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR,
10075 			   MAC2STR(params->bssid));
10076 	else if (params->fils_cache_id && params->ssid_len) {
10077 		wpa_printf(MSG_DEBUG,
10078 			   "nl80211: Delete PMKSA for cache id %02x%02x SSID %s",
10079 			   params->fils_cache_id[0], params->fils_cache_id[1],
10080 			   wpa_ssid_txt(params->ssid, params->ssid_len));
10081 	}
10082 
10083 	ret = nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, params, true);
10084 	if (ret < 0) {
10085 		wpa_printf(MSG_DEBUG,
10086 			   "nl80211: NL80211_CMD_DEL_PMKSA failed: %d (%s)",
10087 			   ret, strerror(-ret));
10088 	}
10089 
10090 	return ret;
10091 }
10092 
10093 
10094 static int nl80211_flush_pmkid(void *priv)
10095 {
10096 	struct i802_bss *bss = priv;
10097 	struct nl_msg *msg;
10098 
10099 	wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs");
10100 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_FLUSH_PMKSA);
10101 	if (!msg)
10102 		return -ENOBUFS;
10103 	return send_and_recv_cmd(bss->drv, msg);
10104 }
10105 
10106 
10107 static void clean_survey_results(struct survey_results *survey_results)
10108 {
10109 	struct freq_survey *survey, *tmp;
10110 
10111 	if (dl_list_empty(&survey_results->survey_list))
10112 		return;
10113 
10114 	dl_list_for_each_safe(survey, tmp, &survey_results->survey_list,
10115 			      struct freq_survey, list) {
10116 		dl_list_del(&survey->list);
10117 		os_free(survey);
10118 	}
10119 }
10120 
10121 
10122 static void add_survey(struct nlattr **sinfo, u32 ifidx,
10123 		       struct dl_list *survey_list)
10124 {
10125 	struct freq_survey *survey;
10126 
10127 	survey = os_zalloc(sizeof(struct freq_survey));
10128 	if  (!survey)
10129 		return;
10130 
10131 	survey->ifidx = ifidx;
10132 	survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
10133 	survey->filled = 0;
10134 
10135 	if (sinfo[NL80211_SURVEY_INFO_NOISE]) {
10136 		survey->nf = (int8_t)
10137 			nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
10138 		survey->filled |= SURVEY_HAS_NF;
10139 	}
10140 
10141 	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) {
10142 		survey->channel_time =
10143 			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]);
10144 		survey->filled |= SURVEY_HAS_CHAN_TIME;
10145 	}
10146 
10147 	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) {
10148 		survey->channel_time_busy =
10149 			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]);
10150 		survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY;
10151 	}
10152 
10153 	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) {
10154 		survey->channel_time_rx =
10155 			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]);
10156 		survey->filled |= SURVEY_HAS_CHAN_TIME_RX;
10157 	}
10158 
10159 	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) {
10160 		survey->channel_time_tx =
10161 			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]);
10162 		survey->filled |= SURVEY_HAS_CHAN_TIME_TX;
10163 	}
10164 
10165 	wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)",
10166 		   survey->freq,
10167 		   survey->nf,
10168 		   (unsigned long int) survey->channel_time,
10169 		   (unsigned long int) survey->channel_time_busy,
10170 		   (unsigned long int) survey->channel_time_tx,
10171 		   (unsigned long int) survey->channel_time_rx,
10172 		   survey->filled);
10173 
10174 	dl_list_add_tail(survey_list, &survey->list);
10175 }
10176 
10177 
10178 static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq,
10179 			   unsigned int freq_filter)
10180 {
10181 	if (!freq_filter)
10182 		return 1;
10183 
10184 	return freq_filter == surveyed_freq;
10185 }
10186 
10187 
10188 static int survey_handler(struct nl_msg *msg, void *arg)
10189 {
10190 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
10191 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
10192 	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
10193 	struct survey_results *survey_results;
10194 	u32 surveyed_freq = 0;
10195 	u32 ifidx;
10196 
10197 	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
10198 		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
10199 		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
10200 	};
10201 
10202 	survey_results = (struct survey_results *) arg;
10203 
10204 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
10205 		  genlmsg_attrlen(gnlh, 0), NULL);
10206 
10207 	if (!tb[NL80211_ATTR_IFINDEX])
10208 		return NL_SKIP;
10209 
10210 	ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
10211 
10212 	if (!tb[NL80211_ATTR_SURVEY_INFO])
10213 		return NL_SKIP;
10214 
10215 	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
10216 			     tb[NL80211_ATTR_SURVEY_INFO],
10217 			     survey_policy))
10218 		return NL_SKIP;
10219 
10220 	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) {
10221 		wpa_printf(MSG_ERROR, "nl80211: Invalid survey data");
10222 		return NL_SKIP;
10223 	}
10224 
10225 	surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
10226 
10227 	if (!check_survey_ok(sinfo, surveyed_freq,
10228 			     survey_results->freq_filter))
10229 		return NL_SKIP;
10230 
10231 	if (survey_results->freq_filter &&
10232 	    survey_results->freq_filter != surveyed_freq) {
10233 		wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz",
10234 			   surveyed_freq);
10235 		return NL_SKIP;
10236 	}
10237 
10238 	add_survey(sinfo, ifidx, &survey_results->survey_list);
10239 
10240 	return NL_SKIP;
10241 }
10242 
10243 
10244 static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq)
10245 {
10246 	struct i802_bss *bss = priv;
10247 	struct wpa_driver_nl80211_data *drv = bss->drv;
10248 	struct nl_msg *msg;
10249 	int err;
10250 	union wpa_event_data data;
10251 	struct survey_results *survey_results;
10252 
10253 	os_memset(&data, 0, sizeof(data));
10254 	survey_results = &data.survey_results;
10255 
10256 	dl_list_init(&survey_results->survey_list);
10257 
10258 	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
10259 	if (!msg)
10260 		return -ENOBUFS;
10261 
10262 	if (freq)
10263 		data.survey_results.freq_filter = freq;
10264 
10265 	do {
10266 		wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data");
10267 		err = send_and_recv_resp(drv, msg, survey_handler,
10268 					 survey_results);
10269 	} while (err > 0);
10270 
10271 	if (err)
10272 		wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data");
10273 	else
10274 		wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data);
10275 
10276 	clean_survey_results(survey_results);
10277 	return err;
10278 }
10279 
10280 
10281 static void nl80211_set_rekey_info(void *priv, const u8 *kek, size_t kek_len,
10282 				   const u8 *kck, size_t kck_len,
10283 				   const u8 *replay_ctr)
10284 {
10285 	struct i802_bss *bss = priv;
10286 	struct wpa_driver_nl80211_data *drv = bss->drv;
10287 	struct nlattr *replay_nested;
10288 	struct nl_msg *msg;
10289 	int ret;
10290 
10291 	if (!drv->set_rekey_offload)
10292 		return;
10293 
10294 	wpa_printf(MSG_DEBUG, "nl80211: Set rekey offload");
10295 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_REKEY_OFFLOAD)) ||
10296 	    !(replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA)) ||
10297 	    nla_put(msg, NL80211_REKEY_DATA_KEK, kek_len, kek) ||
10298 	    (kck_len && nla_put(msg, NL80211_REKEY_DATA_KCK, kck_len, kck)) ||
10299 	    nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN,
10300 		    replay_ctr)) {
10301 		nl80211_nlmsg_clear(msg);
10302 		nlmsg_free(msg);
10303 		return;
10304 	}
10305 
10306 	nla_nest_end(msg, replay_nested);
10307 
10308 	ret = send_and_recv_cmd(drv, msg);
10309 	if (ret == -EOPNOTSUPP) {
10310 		wpa_printf(MSG_DEBUG,
10311 			   "nl80211: Driver does not support rekey offload");
10312 		drv->set_rekey_offload = 0;
10313 	}
10314 }
10315 
10316 
10317 static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr,
10318 				    const u8 *addr, int qos)
10319 {
10320 	/* send data frame to poll STA and check whether
10321 	 * this frame is ACKed */
10322 	struct {
10323 		struct ieee80211_hdr hdr;
10324 		u16 qos_ctl;
10325 	} STRUCT_PACKED nulldata;
10326 	size_t size;
10327 
10328 	/* Send data frame to poll STA and check whether this frame is ACKed */
10329 
10330 	os_memset(&nulldata, 0, sizeof(nulldata));
10331 
10332 	if (qos) {
10333 		nulldata.hdr.frame_control =
10334 			IEEE80211_FC(WLAN_FC_TYPE_DATA,
10335 				     WLAN_FC_STYPE_QOS_NULL);
10336 		size = sizeof(nulldata);
10337 	} else {
10338 		nulldata.hdr.frame_control =
10339 			IEEE80211_FC(WLAN_FC_TYPE_DATA,
10340 				     WLAN_FC_STYPE_NULLFUNC);
10341 		size = sizeof(struct ieee80211_hdr);
10342 	}
10343 
10344 	nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS);
10345 	os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN);
10346 	os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
10347 	os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
10348 
10349 	if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0,
10350 					 0, 0, NULL, 0, 0, -1) < 0)
10351 		wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to "
10352 			   "send poll frame");
10353 }
10354 
10355 static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr,
10356 				int qos)
10357 {
10358 	struct i802_bss *bss = priv;
10359 	struct wpa_driver_nl80211_data *drv = bss->drv;
10360 	struct nl_msg *msg;
10361 	u64 cookie;
10362 	int ret;
10363 
10364 	if (!drv->poll_command_supported) {
10365 		nl80211_send_null_frame(bss, own_addr, addr, qos);
10366 		return;
10367 	}
10368 
10369 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_PROBE_CLIENT)) ||
10370 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
10371 		nlmsg_free(msg);
10372 		return;
10373 	}
10374 
10375 	ret = send_and_recv_resp(drv, msg, cookie_handler, &cookie);
10376 	if (ret < 0) {
10377 		wpa_printf(MSG_DEBUG, "nl80211: Client probe request for "
10378 			   MACSTR " failed: ret=%d (%s)",
10379 			   MAC2STR(addr), ret, strerror(-ret));
10380 	} else {
10381 		wpa_printf(MSG_DEBUG,
10382 			   "nl80211: Client probe request addr=" MACSTR
10383 			   " cookie=%llu", MAC2STR(addr),
10384 			   (long long unsigned int) cookie);
10385 	}
10386 }
10387 
10388 
10389 static int nl80211_set_power_save(struct i802_bss *bss, int enabled)
10390 {
10391 	struct nl_msg *msg;
10392 	int ret;
10393 
10394 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_POWER_SAVE)) ||
10395 	    nla_put_u32(msg, NL80211_ATTR_PS_STATE,
10396 			enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED)) {
10397 		nlmsg_free(msg);
10398 		return -ENOBUFS;
10399 	}
10400 
10401 	ret = send_and_recv_cmd(bss->drv, msg);
10402 	if (ret < 0) {
10403 		wpa_printf(MSG_DEBUG,
10404 			   "nl80211: Setting PS state %s failed: %d (%s)",
10405 			   enabled ? "enabled" : "disabled",
10406 			   ret, strerror(-ret));
10407 	}
10408 	return ret;
10409 }
10410 
10411 
10412 static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps,
10413 				     int ctwindow)
10414 {
10415 	struct i802_bss *bss = priv;
10416 
10417 	wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d "
10418 		   "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow);
10419 
10420 	if (opp_ps != -1 || ctwindow != -1) {
10421 #ifdef ANDROID_P2P
10422 		wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow);
10423 #else /* ANDROID_P2P */
10424 		return -1; /* Not yet supported */
10425 #endif /* ANDROID_P2P */
10426 	}
10427 
10428 	if (legacy_ps == -1)
10429 		return 0;
10430 	if (legacy_ps != 0 && legacy_ps != 1)
10431 		return -1; /* Not yet supported */
10432 
10433 	return nl80211_set_power_save(bss, legacy_ps);
10434 }
10435 
10436 
10437 static int nl80211_start_radar_detection(void *priv,
10438 					 struct hostapd_freq_params *freq)
10439 {
10440 	struct i802_bss *bss = priv;
10441 	struct wpa_driver_nl80211_data *drv = bss->drv;
10442 	struct nl_msg *msg;
10443 	int ret;
10444 
10445 	wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, he_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
10446 		   freq->freq, freq->ht_enabled, freq->vht_enabled, freq->he_enabled,
10447 		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
10448 
10449 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) {
10450 		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar "
10451 			   "detection");
10452 		return -1;
10453 	}
10454 
10455 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_RADAR_DETECT)) ||
10456 	    nl80211_put_freq_params(msg, freq) < 0) {
10457 		nlmsg_free(msg);
10458 		return -1;
10459 	}
10460 
10461 	ret = send_and_recv_cmd(drv, msg);
10462 	if (ret == 0)
10463 		return 0;
10464 	wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: "
10465 		   "%d (%s)", ret, strerror(-ret));
10466 	return -1;
10467 }
10468 
10469 #ifdef CONFIG_TDLS
10470 
10471 static int nl80211_add_peer_capab(struct nl_msg *msg,
10472 				  enum tdls_peer_capability capa)
10473 {
10474 	u32 peer_capab = 0;
10475 
10476 	if (!capa)
10477 		return 0;
10478 
10479 	if (capa & TDLS_PEER_HT)
10480 		peer_capab |= NL80211_TDLS_PEER_HT;
10481 	if (capa & TDLS_PEER_VHT)
10482 		peer_capab |= NL80211_TDLS_PEER_VHT;
10483 	if (capa & TDLS_PEER_WMM)
10484 		peer_capab |= NL80211_TDLS_PEER_WMM;
10485 	if (capa & TDLS_PEER_HE)
10486 		peer_capab |= NL80211_TDLS_PEER_HE;
10487 
10488 	return nla_put_u32(msg, NL80211_ATTR_TDLS_PEER_CAPABILITY,
10489 			   peer_capab);
10490 }
10491 
10492 
10493 static int
10494 nl80211_tdls_set_discovery_resp_link(struct wpa_driver_nl80211_data *drv,
10495 				     int link_id)
10496 {
10497 #ifdef CONFIG_DRIVER_NL80211_QCA
10498 	struct nl_msg *msg;
10499 	struct nlattr *params;
10500 
10501 	wpa_printf(MSG_DEBUG, "nl80211: TDLS Discovery Response Tx link ID %u",
10502 		   link_id);
10503 
10504 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
10505 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, drv->ifindex) ||
10506 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
10507 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
10508 			QCA_NL80211_VENDOR_SUBCMD_TDLS_DISC_RSP_EXT) ||
10509 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
10510 	    nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_TDLS_DISC_RSP_EXT_TX_LINK,
10511 		       link_id)) {
10512 		wpa_printf(MSG_ERROR,
10513 			   "%s: err in adding vendor_cmd and vendor_data",
10514 			   __func__);
10515 		nlmsg_free(msg);
10516 		return -1;
10517 	}
10518 	nla_nest_end(msg, params);
10519 
10520 	return send_and_recv_cmd(drv, msg);
10521 #else /* CONFIG_DRIVER_NL80211_QCA */
10522 	wpa_printf(MSG_ERROR,
10523 		   "nl80211: Setting TX link for TDLS Discovery Response not supported");
10524 	return -1;
10525 #endif /* CONFIG_DRIVER_NL80211_QCA */
10526 }
10527 
10528 
10529 static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code,
10530 				  u8 dialog_token, u16 status_code,
10531 				  u32 peer_capab, int initiator, const u8 *buf,
10532 				  size_t len, int link_id)
10533 {
10534 	struct i802_bss *bss = priv;
10535 	struct wpa_driver_nl80211_data *drv = bss->drv;
10536 	struct nl_msg *msg;
10537 
10538 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
10539 		return -EOPNOTSUPP;
10540 
10541 	if (!dst)
10542 		return -EINVAL;
10543 
10544 	if (link_id >= 0 &&
10545 	    nl80211_tdls_set_discovery_resp_link(drv, link_id) < 0)
10546 		return -EOPNOTSUPP;
10547 
10548 	if (link_id < 0 && drv->sta_mlo_info.valid_links)
10549 		link_id = drv->sta_mlo_info.assoc_link_id;
10550 
10551 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_TDLS_MGMT)) ||
10552 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
10553 	    nla_put_u8(msg, NL80211_ATTR_TDLS_ACTION, action_code) ||
10554 	    nla_put_u8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token) ||
10555 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status_code) ||
10556 	    (link_id >= 0 &&
10557 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) ||
10558 	    nl80211_add_peer_capab(msg, peer_capab) ||
10559 	    (initiator && nla_put_flag(msg, NL80211_ATTR_TDLS_INITIATOR)) ||
10560 	    nla_put(msg, NL80211_ATTR_IE, len, buf))
10561 		goto fail;
10562 
10563 	return send_and_recv_cmd(drv, msg);
10564 
10565 fail:
10566 	nlmsg_free(msg);
10567 	return -ENOBUFS;
10568 }
10569 
10570 
10571 static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer)
10572 {
10573 	struct i802_bss *bss = priv;
10574 	struct wpa_driver_nl80211_data *drv = bss->drv;
10575 	struct nl_msg *msg;
10576 	enum nl80211_tdls_operation nl80211_oper;
10577 	int res;
10578 
10579 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
10580 		return -EOPNOTSUPP;
10581 
10582 	switch (oper) {
10583 	case TDLS_DISCOVERY_REQ:
10584 		nl80211_oper = NL80211_TDLS_DISCOVERY_REQ;
10585 		break;
10586 	case TDLS_SETUP:
10587 		nl80211_oper = NL80211_TDLS_SETUP;
10588 		break;
10589 	case TDLS_TEARDOWN:
10590 		nl80211_oper = NL80211_TDLS_TEARDOWN;
10591 		break;
10592 	case TDLS_ENABLE_LINK:
10593 		nl80211_oper = NL80211_TDLS_ENABLE_LINK;
10594 		break;
10595 	case TDLS_DISABLE_LINK:
10596 		nl80211_oper = NL80211_TDLS_DISABLE_LINK;
10597 		break;
10598 	case TDLS_ENABLE:
10599 		return 0;
10600 	case TDLS_DISABLE:
10601 		return 0;
10602 	default:
10603 		return -EINVAL;
10604 	}
10605 
10606 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_TDLS_OPER)) ||
10607 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper) ||
10608 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) {
10609 		nlmsg_free(msg);
10610 		return -ENOBUFS;
10611 	}
10612 
10613 	res = send_and_recv_cmd(drv, msg);
10614 	wpa_printf(MSG_DEBUG, "nl80211: TDLS_OPER: oper=%d mac=" MACSTR
10615 		   " --> res=%d (%s)", nl80211_oper, MAC2STR(peer), res,
10616 		   strerror(-res));
10617 	return res;
10618 }
10619 
10620 
10621 static int
10622 nl80211_tdls_enable_channel_switch(void *priv, const u8 *addr, u8 oper_class,
10623 				   const struct hostapd_freq_params *params)
10624 {
10625 	struct i802_bss *bss = priv;
10626 	struct wpa_driver_nl80211_data *drv = bss->drv;
10627 	struct nl_msg *msg;
10628 	int ret = -ENOBUFS;
10629 
10630 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT) ||
10631 	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH))
10632 		return -EOPNOTSUPP;
10633 
10634 	wpa_printf(MSG_DEBUG, "nl80211: Enable TDLS channel switch " MACSTR
10635 		   " oper_class=%u freq=%u",
10636 		   MAC2STR(addr), oper_class, params->freq);
10637 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_TDLS_CHANNEL_SWITCH);
10638 	if (!msg ||
10639 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
10640 	    nla_put_u8(msg, NL80211_ATTR_OPER_CLASS, oper_class) ||
10641 	    (ret = nl80211_put_freq_params(msg, params))) {
10642 		nlmsg_free(msg);
10643 		wpa_printf(MSG_DEBUG, "nl80211: Could not build TDLS chan switch");
10644 		return ret;
10645 	}
10646 
10647 	return send_and_recv_cmd(drv, msg);
10648 }
10649 
10650 
10651 static int
10652 nl80211_tdls_disable_channel_switch(void *priv, const u8 *addr)
10653 {
10654 	struct i802_bss *bss = priv;
10655 	struct wpa_driver_nl80211_data *drv = bss->drv;
10656 	struct nl_msg *msg;
10657 
10658 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT) ||
10659 	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH))
10660 		return -EOPNOTSUPP;
10661 
10662 	wpa_printf(MSG_DEBUG, "nl80211: Disable TDLS channel switch " MACSTR,
10663 		   MAC2STR(addr));
10664 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH);
10665 	if (!msg ||
10666 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
10667 		nlmsg_free(msg);
10668 		wpa_printf(MSG_DEBUG,
10669 			   "nl80211: Could not build TDLS cancel chan switch");
10670 		return -ENOBUFS;
10671 	}
10672 
10673 	return send_and_recv_cmd(drv, msg);
10674 }
10675 
10676 #endif /* CONFIG TDLS */
10677 
10678 
10679 static int driver_nl80211_set_key(void *priv,
10680 				  struct wpa_driver_set_key_params *params)
10681 {
10682 	struct i802_bss *bss = priv;
10683 
10684 	return wpa_driver_nl80211_set_key(bss, params);
10685 }
10686 
10687 
10688 static int driver_nl80211_scan2(void *priv,
10689 				struct wpa_driver_scan_params *params)
10690 {
10691 	struct i802_bss *bss = priv;
10692 #ifdef CONFIG_DRIVER_NL80211_QCA
10693 	struct wpa_driver_nl80211_data *drv = bss->drv;
10694 
10695 	/*
10696 	 * Do a vendor specific scan if possible. If only_new_results is
10697 	 * set, do a normal scan since a kernel (cfg80211) BSS cache flush
10698 	 * cannot be achieved through a vendor scan. The below condition may
10699 	 * need to be modified if new scan flags are added in the future whose
10700 	 * functionality can only be achieved through a normal scan.
10701 	 */
10702 	if (drv->scan_vendor_cmd_avail && !params->only_new_results)
10703 		return wpa_driver_nl80211_vendor_scan(bss, params);
10704 #endif /* CONFIG_DRIVER_NL80211_QCA */
10705 	return wpa_driver_nl80211_scan(bss, params);
10706 }
10707 
10708 
10709 static int driver_nl80211_deauthenticate(void *priv, const u8 *addr,
10710 					 u16 reason_code)
10711 {
10712 	struct i802_bss *bss = priv;
10713 	return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code);
10714 }
10715 
10716 
10717 static int driver_nl80211_authenticate(void *priv,
10718 				       struct wpa_driver_auth_params *params)
10719 {
10720 	struct i802_bss *bss = priv;
10721 	return wpa_driver_nl80211_authenticate(bss, params);
10722 }
10723 
10724 
10725 static void driver_nl80211_deinit(void *priv)
10726 {
10727 	struct i802_bss *bss = priv;
10728 	wpa_driver_nl80211_deinit(bss);
10729 }
10730 
10731 
10732 static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type,
10733 				    const char *ifname)
10734 {
10735 	struct i802_bss *bss = priv;
10736 	return wpa_driver_nl80211_if_remove(bss, type, ifname);
10737 }
10738 
10739 
10740 #ifdef CONFIG_IEEE80211BE
10741 
10742 static int driver_nl80211_link_remove(void *priv, enum wpa_driver_if_type type,
10743 				      const char *ifname, u8 link_id)
10744 {
10745 	struct i802_bss *bss = priv;
10746 	struct wpa_driver_nl80211_data *drv = bss->drv;
10747 
10748 	if (type != WPA_IF_AP_BSS ||
10749 	    !nl80211_link_valid(bss->valid_links, link_id))
10750 		return -1;
10751 
10752 	wpa_printf(MSG_DEBUG,
10753 		   "nl80211: Teardown AP(%s) link %d (type=%d ifname=%s links=0x%x)",
10754 		   bss->ifname, link_id, type, ifname, bss->valid_links);
10755 
10756 	nl80211_remove_link(bss, link_id);
10757 
10758 	bss->ctx = bss->flink->ctx;
10759 
10760 	if (drv->first_bss == bss && bss->valid_links)
10761 		drv->ctx = bss->ctx;
10762 
10763 	if (!bss->valid_links) {
10764 		wpa_printf(MSG_DEBUG,
10765 			   "nl80211: No more links remaining, so remove interface");
10766 		return wpa_driver_nl80211_if_remove(bss, type, ifname);
10767 	}
10768 
10769 	return 0;
10770 }
10771 
10772 
10773 static bool nl80211_is_drv_shared(void *priv, void *bss_ctx)
10774 {
10775 	struct i802_bss *bss = priv;
10776 	struct wpa_driver_nl80211_data *drv = bss->drv;
10777 	unsigned int num_bss = 0;
10778 
10779 	/* If any other BSS exist, someone else is using this since at this
10780 	 * time, we would have removed all BSSs created by this driver and only
10781 	 * this BSS should be remaining if the driver is not shared by anyone.
10782 	 */
10783 	for (bss = drv->first_bss; bss; bss = bss->next) {
10784 		num_bss++;
10785 		if (num_bss > 1)
10786 			return true;
10787 	}
10788 
10789 	/* This is the only BSS present */
10790 	bss = priv;
10791 
10792 	/* If only one/no link is there no one is sharing */
10793 	if (bss->valid_links <= 1)
10794 		return false;
10795 
10796 	/* More than one link means someone is still using. To check if
10797 	 * only 1 bit is set, power of 2 condition can be checked. */
10798 	if (!(bss->valid_links & (bss->valid_links - 1)))
10799 		return false;
10800 
10801 	return true;
10802 }
10803 
10804 #endif /* CONFIG_IEEE80211BE */
10805 
10806 
10807 static int driver_nl80211_send_mlme(void *priv, const u8 *data,
10808 				    size_t data_len, int noack,
10809 				    unsigned int freq,
10810 				    const u16 *csa_offs, size_t csa_offs_len,
10811 				    int no_encrypt, unsigned int wait,
10812 				    int link_id)
10813 {
10814 	struct i802_bss *bss = priv;
10815 	return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack,
10816 					    freq, 0, 0, wait, csa_offs,
10817 					    csa_offs_len, no_encrypt, link_id);
10818 }
10819 
10820 
10821 static int driver_nl80211_sta_remove(void *priv, const u8 *addr)
10822 {
10823 	struct i802_bss *bss = priv;
10824 	return wpa_driver_nl80211_sta_remove(bss, addr, -1, 0);
10825 }
10826 
10827 
10828 static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr,
10829 				       const char *ifname, int vlan_id,
10830 				       int link_id)
10831 {
10832 	struct i802_bss *bss = priv;
10833 	return i802_set_sta_vlan(bss, addr, ifname, vlan_id, link_id);
10834 }
10835 
10836 
10837 static int driver_nl80211_read_sta_data(void *priv,
10838 					struct hostap_sta_driver_data *data,
10839 					const u8 *addr)
10840 {
10841 	struct i802_bss *bss = priv;
10842 
10843 	os_memset(data, 0, sizeof(*data));
10844 	return i802_read_sta_data(bss, data, addr);
10845 }
10846 
10847 
10848 static int driver_nl80211_send_action(void *priv, unsigned int freq,
10849 				      unsigned int wait_time,
10850 				      const u8 *dst, const u8 *src,
10851 				      const u8 *bssid,
10852 				      const u8 *data, size_t data_len,
10853 				      int no_cck)
10854 {
10855 	struct i802_bss *bss = priv;
10856 	return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src,
10857 					      bssid, data, data_len, no_cck);
10858 }
10859 
10860 
10861 static int driver_nl80211_probe_req_report(void *priv, int report)
10862 {
10863 	struct i802_bss *bss = priv;
10864 	return wpa_driver_nl80211_probe_req_report(bss, report);
10865 }
10866 
10867 
10868 static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md,
10869 					    const u8 *ies, size_t ies_len)
10870 {
10871 	int ret;
10872 	struct nl_msg *msg;
10873 	struct i802_bss *bss = priv;
10874 	struct wpa_driver_nl80211_data *drv = bss->drv;
10875 	u16 mdid = WPA_GET_LE16(md);
10876 
10877 	wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs");
10878 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_UPDATE_FT_IES)) ||
10879 	    nla_put(msg, NL80211_ATTR_IE, ies_len, ies) ||
10880 	    nla_put_u16(msg, NL80211_ATTR_MDID, mdid)) {
10881 		nlmsg_free(msg);
10882 		return -ENOBUFS;
10883 	}
10884 
10885 	ret = send_and_recv_cmd(drv, msg);
10886 	if (ret) {
10887 		wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed "
10888 			   "err=%d (%s)", ret, strerror(-ret));
10889 	}
10890 
10891 	return ret;
10892 }
10893 
10894 
10895 static int nl80211_update_dh_ie(void *priv, const u8 *peer_mac,
10896 				u16 reason_code, const u8 *ie, size_t ie_len)
10897 {
10898 	int ret;
10899 	struct nl_msg *msg;
10900 	struct i802_bss *bss = priv;
10901 	struct wpa_driver_nl80211_data *drv = bss->drv;
10902 
10903 	wpa_printf(MSG_DEBUG, "nl80211: Updating DH IE peer: " MACSTR
10904 		   " reason %u", MAC2STR(peer_mac), reason_code);
10905 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_UPDATE_OWE_INFO)) ||
10906 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_mac) ||
10907 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, reason_code) ||
10908 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) {
10909 		nlmsg_free(msg);
10910 		return -ENOBUFS;
10911 	}
10912 
10913 	ret = send_and_recv_cmd(drv, msg);
10914 	if (ret) {
10915 		wpa_printf(MSG_DEBUG,
10916 			   "nl80211: update_dh_ie failed err=%d (%s)",
10917 			   ret, strerror(-ret));
10918 	}
10919 
10920 	return ret;
10921 }
10922 
10923 
10924 static const u8 * wpa_driver_nl80211_get_macaddr(void *priv)
10925 {
10926 	struct i802_bss *bss = priv;
10927 	struct wpa_driver_nl80211_data *drv = bss->drv;
10928 
10929 	if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE)
10930 		return NULL;
10931 
10932 	return bss->addr;
10933 }
10934 
10935 
10936 static const char * scan_state_str(enum scan_states scan_state)
10937 {
10938 	switch (scan_state) {
10939 	case NO_SCAN:
10940 		return "NO_SCAN";
10941 	case SCAN_REQUESTED:
10942 		return "SCAN_REQUESTED";
10943 	case SCAN_STARTED:
10944 		return "SCAN_STARTED";
10945 	case SCAN_COMPLETED:
10946 		return "SCAN_COMPLETED";
10947 	case SCAN_ABORTED:
10948 		return "SCAN_ABORTED";
10949 	case SCHED_SCAN_STARTED:
10950 		return "SCHED_SCAN_STARTED";
10951 	case SCHED_SCAN_STOPPED:
10952 		return "SCHED_SCAN_STOPPED";
10953 	case SCHED_SCAN_RESULTS:
10954 		return "SCHED_SCAN_RESULTS";
10955 	}
10956 
10957 	return "??";
10958 }
10959 
10960 
10961 static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen)
10962 {
10963 	struct i802_bss *bss = priv;
10964 	struct wpa_driver_nl80211_data *drv = bss->drv;
10965 	int res;
10966 	char *pos, *end;
10967 	struct nl_msg *msg;
10968 	char alpha2[3] = { 0, 0, 0 };
10969 
10970 	pos = buf;
10971 	end = buf + buflen;
10972 
10973 	res = os_snprintf(pos, end - pos,
10974 			  "ifindex=%d\n"
10975 			  "ifname=%s\n"
10976 			  "brname=%s\n"
10977 			  "addr=" MACSTR "\n"
10978 			  "freq=%d\n"
10979 			  "%s%s%s%s%s%s",
10980 			  bss->ifindex,
10981 			  bss->ifname,
10982 			  bss->brname,
10983 			  MAC2STR(bss->addr),
10984 			  bss->flink->freq,
10985 			  bss->flink->beacon_set ? "beacon_set=1\n" : "",
10986 			  bss->added_if_into_bridge ?
10987 			  "added_if_into_bridge=1\n" : "",
10988 			  bss->already_in_bridge ? "already_in_bridge=1\n" : "",
10989 			  bss->added_bridge ? "added_bridge=1\n" : "",
10990 			  bss->in_deinit ? "in_deinit=1\n" : "",
10991 			  bss->if_dynamic ? "if_dynamic=1\n" : "");
10992 	if (os_snprintf_error(end - pos, res))
10993 		return pos - buf;
10994 	pos += res;
10995 
10996 	if (bss->wdev_id_set) {
10997 		res = os_snprintf(pos, end - pos, "wdev_id=%llu\n",
10998 				  (unsigned long long) bss->wdev_id);
10999 		if (os_snprintf_error(end - pos, res))
11000 			return pos - buf;
11001 		pos += res;
11002 	}
11003 
11004 	res = os_snprintf(pos, end - pos,
11005 			  "phyname=%s\n"
11006 			  "perm_addr=" MACSTR "\n"
11007 			  "drv_ifindex=%d\n"
11008 			  "operstate=%d\n"
11009 			  "scan_state=%s\n"
11010 			  "auth_bssid=" MACSTR "\n"
11011 			  "auth_attempt_bssid=" MACSTR "\n"
11012 			  "bssid=" MACSTR "\n"
11013 			  "prev_bssid=" MACSTR "\n"
11014 			  "associated=%d\n"
11015 			  "assoc_freq=%u\n"
11016 			  "monitor_sock=%d\n"
11017 			  "monitor_ifidx=%d\n"
11018 			  "monitor_refcount=%d\n"
11019 			  "last_mgmt_freq=%u\n"
11020 			  "eapol_tx_sock=%d\n"
11021 			  "%s%s%s%s%s%s%s%s%s%s%s%s%s",
11022 			  drv->phyname,
11023 			  MAC2STR(drv->perm_addr),
11024 			  drv->ifindex,
11025 			  drv->operstate,
11026 			  scan_state_str(drv->scan_state),
11027 			  MAC2STR(drv->auth_bssid),
11028 			  MAC2STR(drv->auth_attempt_bssid),
11029 			  MAC2STR(drv->bssid),
11030 			  MAC2STR(drv->prev_bssid),
11031 			  drv->associated,
11032 			  drv->assoc_freq,
11033 			  drv->monitor_sock,
11034 			  drv->monitor_ifidx,
11035 			  drv->monitor_refcount,
11036 			  drv->last_mgmt_freq,
11037 			  drv->eapol_tx_sock,
11038 			  drv->ignore_if_down_event ?
11039 			  "ignore_if_down_event=1\n" : "",
11040 			  drv->scan_complete_events ?
11041 			  "scan_complete_events=1\n" : "",
11042 			  drv->disabled_11b_rates ?
11043 			  "disabled_11b_rates=1\n" : "",
11044 			  drv->pending_remain_on_chan ?
11045 			  "pending_remain_on_chan=1\n" : "",
11046 			  drv->in_interface_list ? "in_interface_list=1\n" : "",
11047 			  drv->device_ap_sme ? "device_ap_sme=1\n" : "",
11048 			  drv->poll_command_supported ?
11049 			  "poll_command_supported=1\n" : "",
11050 			  drv->data_tx_status ? "data_tx_status=1\n" : "",
11051 			  drv->scan_for_auth ? "scan_for_auth=1\n" : "",
11052 			  drv->retry_auth ? "retry_auth=1\n" : "",
11053 			  drv->use_monitor ? "use_monitor=1\n" : "",
11054 			  drv->ignore_next_local_disconnect ?
11055 			  "ignore_next_local_disconnect\n" : "",
11056 			  drv->ignore_next_local_deauth ?
11057 			  "ignore_next_local_deauth\n" : "");
11058 	if (os_snprintf_error(end - pos, res))
11059 		return pos - buf;
11060 	pos += res;
11061 
11062 	if (drv->sta_mlo_info.valid_links) {
11063 		int i;
11064 		struct driver_sta_mlo_info *mlo = &drv->sta_mlo_info;
11065 
11066 		res = os_snprintf(pos, end - pos,
11067 				  "ap_mld_addr=" MACSTR "\n"
11068 				  "default_map=%d\n",
11069 				   MAC2STR(mlo->ap_mld_addr),
11070 				   mlo->default_map);
11071 		if (os_snprintf_error(end - pos, res))
11072 			return pos - buf;
11073 		pos += res;
11074 
11075 		for_each_link(mlo->valid_links, i) {
11076 			res = os_snprintf(pos, end - pos,
11077 					  "link_addr[%u]=" MACSTR "\n"
11078 					  "link_bssid[%u]=" MACSTR "\n"
11079 					  "link_freq[%u]=%u\n",
11080 					  i, MAC2STR(mlo->links[i].addr),
11081 					  i, MAC2STR(mlo->links[i].bssid),
11082 					  i, mlo->links[i].freq);
11083 			if (os_snprintf_error(end - pos, res))
11084 				return pos - buf;
11085 			pos += res;
11086 
11087 			if (!mlo->default_map) {
11088 				res = os_snprintf(
11089 					pos, end - pos,
11090 					"uplink_map[%u]=%x\n"
11091 					"downlink_map[%u]=%x\n",
11092 					i, mlo->links[i].t2lmap.uplink,
11093 					i, mlo->links[i].t2lmap.downlink);
11094 				if (os_snprintf_error(end - pos, res))
11095 					return pos - buf;
11096 				pos += res;
11097 			}
11098 		}
11099 	}
11100 
11101 	if (drv->has_capability) {
11102 		res = os_snprintf(pos, end - pos,
11103 				  "capa.key_mgmt=0x%x\n"
11104 				  "capa.enc=0x%x\n"
11105 				  "capa.auth=0x%x\n"
11106 				  "capa.flags=0x%llx\n"
11107 				  "capa.flags2=0x%llx\n"
11108 				  "capa.rrm_flags=0x%x\n"
11109 				  "capa.max_scan_ssids=%d\n"
11110 				  "capa.max_sched_scan_ssids=%d\n"
11111 				  "capa.sched_scan_supported=%d\n"
11112 				  "capa.max_match_sets=%d\n"
11113 				  "capa.max_remain_on_chan=%u\n"
11114 				  "capa.max_stations=%u\n"
11115 				  "capa.probe_resp_offloads=0x%x\n"
11116 				  "capa.max_acl_mac_addrs=%u\n"
11117 				  "capa.num_multichan_concurrent=%u\n"
11118 				  "capa.mac_addr_rand_sched_scan_supported=%d\n"
11119 				  "capa.mac_addr_rand_scan_supported=%d\n"
11120 				  "capa.conc_capab=%u\n"
11121 				  "capa.max_conc_chan_2_4=%u\n"
11122 				  "capa.max_conc_chan_5_0=%u\n"
11123 				  "capa.max_sched_scan_plans=%u\n"
11124 				  "capa.max_sched_scan_plan_interval=%u\n"
11125 				  "capa.max_sched_scan_plan_iterations=%u\n"
11126 				  "capa.mbssid_max_interfaces=%u\n"
11127 				  "capa.ema_max_periodicity=%u\n",
11128 				  drv->capa.key_mgmt,
11129 				  drv->capa.enc,
11130 				  drv->capa.auth,
11131 				  (unsigned long long) drv->capa.flags,
11132 				  (unsigned long long) drv->capa.flags2,
11133 				  drv->capa.rrm_flags,
11134 				  drv->capa.max_scan_ssids,
11135 				  drv->capa.max_sched_scan_ssids,
11136 				  drv->capa.sched_scan_supported,
11137 				  drv->capa.max_match_sets,
11138 				  drv->capa.max_remain_on_chan,
11139 				  drv->capa.max_stations,
11140 				  drv->capa.probe_resp_offloads,
11141 				  drv->capa.max_acl_mac_addrs,
11142 				  drv->capa.num_multichan_concurrent,
11143 				  drv->capa.mac_addr_rand_sched_scan_supported,
11144 				  drv->capa.mac_addr_rand_scan_supported,
11145 				  drv->capa.conc_capab,
11146 				  drv->capa.max_conc_chan_2_4,
11147 				  drv->capa.max_conc_chan_5_0,
11148 				  drv->capa.max_sched_scan_plans,
11149 				  drv->capa.max_sched_scan_plan_interval,
11150 				  drv->capa.max_sched_scan_plan_iterations,
11151 				  drv->capa.mbssid_max_interfaces,
11152 				  drv->capa.ema_max_periodicity);
11153 		if (os_snprintf_error(end - pos, res))
11154 			return pos - buf;
11155 		pos += res;
11156 	}
11157 
11158 	msg = nlmsg_alloc();
11159 	if (msg &&
11160 	    nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG) &&
11161 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, drv->wiphy_idx) == 0) {
11162 		if (send_and_recv_resp(drv, msg, nl80211_get_country,
11163 				       alpha2) == 0 &&
11164 		    alpha2[0]) {
11165 			res = os_snprintf(pos, end - pos, "country=%s\n",
11166 					  alpha2);
11167 			if (os_snprintf_error(end - pos, res))
11168 				return pos - buf;
11169 			pos += res;
11170 		}
11171 	} else {
11172 		nlmsg_free(msg);
11173 	}
11174 
11175 	return pos - buf;
11176 }
11177 
11178 
11179 static int set_beacon_data(struct nl_msg *msg, struct beacon_data *settings)
11180 {
11181 	if ((settings->head &&
11182 	     nla_put(msg, NL80211_ATTR_BEACON_HEAD,
11183 		     settings->head_len, settings->head)) ||
11184 	    (settings->tail &&
11185 	     nla_put(msg, NL80211_ATTR_BEACON_TAIL,
11186 		     settings->tail_len, settings->tail)) ||
11187 	    (settings->beacon_ies &&
11188 	     nla_put(msg, NL80211_ATTR_IE,
11189 		     settings->beacon_ies_len, settings->beacon_ies)) ||
11190 	    (settings->proberesp_ies &&
11191 	     nla_put(msg, NL80211_ATTR_IE_PROBE_RESP,
11192 		     settings->proberesp_ies_len, settings->proberesp_ies)) ||
11193 	    (settings->assocresp_ies &&
11194 	     nla_put(msg, NL80211_ATTR_IE_ASSOC_RESP,
11195 		     settings->assocresp_ies_len, settings->assocresp_ies)) ||
11196 	    (settings->probe_resp &&
11197 	     nla_put(msg, NL80211_ATTR_PROBE_RESP,
11198 		     settings->probe_resp_len, settings->probe_resp)))
11199 		return -ENOBUFS;
11200 
11201 	return 0;
11202 }
11203 
11204 
11205 static int nl80211_switch_channel(void *priv, struct csa_settings *settings)
11206 {
11207 	struct nl_msg *msg;
11208 	struct i802_bss *bss = priv;
11209 	struct wpa_driver_nl80211_data *drv = bss->drv;
11210 	struct nlattr *beacon_csa;
11211 	int ret = -ENOBUFS;
11212 	int csa_off_len = 0;
11213 	int i;
11214 
11215 	wpa_printf(MSG_DEBUG,
11216 		   "nl80211: Channel switch request (cs_count=%u block_tx=%u freq=%d channel=%d sec_channel_offset=%d width=%d cf1=%d cf2=%d puncturing_bitmap=0x%04x link_id=%d%s%s%s)",
11217 		   settings->cs_count, settings->block_tx,
11218 		   settings->freq_params.freq,
11219 		   settings->freq_params.channel,
11220 		   settings->freq_params.sec_channel_offset,
11221 		   settings->freq_params.bandwidth,
11222 		   settings->freq_params.center_freq1,
11223 		   settings->freq_params.center_freq2,
11224 		   settings->punct_bitmap,
11225 		   settings->link_id,
11226 		   settings->freq_params.ht_enabled ? " ht" : "",
11227 		   settings->freq_params.vht_enabled ? " vht" : "",
11228 		   settings->freq_params.he_enabled ? " he" : "");
11229 
11230 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_AP_CSA)) {
11231 		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support channel switch command");
11232 		return -EOPNOTSUPP;
11233 	}
11234 
11235 	if (drv->nlmode != NL80211_IFTYPE_AP &&
11236 	    drv->nlmode != NL80211_IFTYPE_P2P_GO &&
11237 	    drv->nlmode != NL80211_IFTYPE_MESH_POINT)
11238 		return -EOPNOTSUPP;
11239 
11240 	/*
11241 	 * Remove empty counters, assuming Probe Response and Beacon frame
11242 	 * counters match. This implementation assumes that there are only two
11243 	 * counters.
11244 	 */
11245 	if (settings->counter_offset_beacon[0] &&
11246 	    !settings->counter_offset_beacon[1]) {
11247 		csa_off_len = 1;
11248 	} else if (settings->counter_offset_beacon[1] &&
11249 		   !settings->counter_offset_beacon[0]) {
11250 		csa_off_len = 1;
11251 		settings->counter_offset_beacon[0] =
11252 			settings->counter_offset_beacon[1];
11253 		settings->counter_offset_presp[0] =
11254 			settings->counter_offset_presp[1];
11255 	} else if (settings->counter_offset_beacon[1] &&
11256 		   settings->counter_offset_beacon[0]) {
11257 		csa_off_len = 2;
11258 	} else {
11259 		wpa_printf(MSG_ERROR, "nl80211: No CSA counters provided");
11260 		return -EINVAL;
11261 	}
11262 
11263 	/* Check CSA counters validity */
11264 	if (drv->capa.max_csa_counters &&
11265 	    csa_off_len > drv->capa.max_csa_counters) {
11266 		wpa_printf(MSG_ERROR,
11267 			   "nl80211: Too many CSA counters provided");
11268 		return -EINVAL;
11269 	}
11270 
11271 	if (!settings->beacon_csa.tail)
11272 		return -EINVAL;
11273 
11274 	for (i = 0; i < csa_off_len; i++) {
11275 		u16 csa_c_off_bcn = settings->counter_offset_beacon[i];
11276 		u16 csa_c_off_presp = settings->counter_offset_presp[i];
11277 
11278 		if ((settings->beacon_csa.tail_len <= csa_c_off_bcn) ||
11279 		    (settings->beacon_csa.tail[csa_c_off_bcn] !=
11280 		     settings->cs_count))
11281 			return -EINVAL;
11282 
11283 		if (settings->beacon_csa.probe_resp &&
11284 		    ((settings->beacon_csa.probe_resp_len <=
11285 		      csa_c_off_presp) ||
11286 		     (settings->beacon_csa.probe_resp[csa_c_off_presp] !=
11287 		      settings->cs_count)))
11288 			return -EINVAL;
11289 	}
11290 
11291 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_CHANNEL_SWITCH)) ||
11292 	    nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT,
11293 			settings->cs_count) ||
11294 	    (ret = nl80211_put_freq_params(msg, &settings->freq_params)) ||
11295 	    (settings->block_tx &&
11296 	     nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX)) ||
11297 	    (settings->punct_bitmap &&
11298 	     nla_put_u32(msg, NL80211_ATTR_PUNCT_BITMAP,
11299 			 settings->punct_bitmap)) ||
11300 	    (settings->link_id != NL80211_DRV_LINK_ID_NA &&
11301 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, settings->link_id)))
11302 		goto error;
11303 
11304 	/* beacon_after params */
11305 	ret = set_beacon_data(msg, &settings->beacon_after);
11306 	if (ret)
11307 		goto error;
11308 
11309 	/* beacon_csa params */
11310 	beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES);
11311 	if (!beacon_csa)
11312 		goto fail;
11313 
11314 	ret = set_beacon_data(msg, &settings->beacon_csa);
11315 	if (ret)
11316 		goto error;
11317 
11318 	if (nla_put(msg, NL80211_ATTR_CSA_C_OFF_BEACON,
11319 		    csa_off_len * sizeof(u16),
11320 		    settings->counter_offset_beacon) ||
11321 	    (settings->beacon_csa.probe_resp &&
11322 	     nla_put(msg, NL80211_ATTR_CSA_C_OFF_PRESP,
11323 		     csa_off_len * sizeof(u16),
11324 		     settings->counter_offset_presp)))
11325 		goto fail;
11326 
11327 	nla_nest_end(msg, beacon_csa);
11328 
11329 #ifdef CONFIG_IEEE80211AX
11330 	if (settings->ubpr.unsol_bcast_probe_resp_interval &&
11331 	    nl80211_unsol_bcast_probe_resp(bss, msg, &settings->ubpr) < 0)
11332 		goto fail;
11333 #endif /* CONFIG_IEEE80211AX */
11334 
11335 	ret = send_and_recv_cmd(drv, msg);
11336 	if (ret) {
11337 		wpa_printf(MSG_DEBUG, "nl80211: switch_channel failed err=%d (%s)",
11338 			   ret, strerror(-ret));
11339 	}
11340 	return ret;
11341 
11342 fail:
11343 	ret = -ENOBUFS;
11344 error:
11345 	nlmsg_free(msg);
11346 	wpa_printf(MSG_DEBUG, "nl80211: Could not build channel switch request");
11347 	return ret;
11348 }
11349 
11350 
11351 #ifdef CONFIG_IEEE80211AX
11352 static int nl80211_switch_color(void *priv, struct cca_settings *settings)
11353 {
11354 	struct i802_bss *bss = priv;
11355 	struct wpa_driver_nl80211_data *drv = bss->drv;
11356 	struct nlattr *beacon_cca;
11357 	struct nl_msg *msg;
11358 	int ret = -ENOBUFS;
11359 
11360 	wpa_printf(MSG_DEBUG,
11361 		   "nl80211: Color change request (cca_count=%u color=%d)",
11362 		   settings->cca_count, settings->cca_color);
11363 
11364 	if (drv->nlmode != NL80211_IFTYPE_AP)
11365 		return -EOPNOTSUPP;
11366 
11367 	if (!settings->beacon_cca.tail)
11368 		return -EINVAL;
11369 
11370 	if (settings->beacon_cca.tail_len <= settings->counter_offset_beacon ||
11371 	    settings->beacon_cca.tail[settings->counter_offset_beacon] !=
11372 	    settings->cca_count)
11373 		return -EINVAL;
11374 
11375 	if (settings->beacon_cca.probe_resp &&
11376 	    (settings->beacon_cca.probe_resp_len <=
11377 	     settings->counter_offset_presp ||
11378 	     settings->beacon_cca.probe_resp[settings->counter_offset_presp] !=
11379 	     settings->cca_count))
11380 		return -EINVAL;
11381 
11382 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_COLOR_CHANGE_REQUEST);
11383 	if (!msg ||
11384 	    nla_put_u8(msg, NL80211_ATTR_COLOR_CHANGE_COUNT,
11385 		       settings->cca_count) ||
11386 	    nla_put_u8(msg, NL80211_ATTR_COLOR_CHANGE_COLOR,
11387 		       settings->cca_color))
11388 		goto error;
11389 
11390 	/* beacon_after params */
11391 	ret = set_beacon_data(msg, &settings->beacon_after);
11392 	if (ret)
11393 		goto error;
11394 
11395 	/* beacon_csa params */
11396 	beacon_cca = nla_nest_start(msg, NL80211_ATTR_COLOR_CHANGE_ELEMS);
11397 	if (!beacon_cca) {
11398 		ret = -ENOBUFS;
11399 		goto error;
11400 	}
11401 
11402 	ret = set_beacon_data(msg, &settings->beacon_cca);
11403 	if (ret)
11404 		goto error;
11405 
11406 	if (nla_put_u16(msg, NL80211_ATTR_CNTDWN_OFFS_BEACON,
11407 			settings->counter_offset_beacon) ||
11408 	    (settings->beacon_cca.probe_resp &&
11409 	     nla_put_u16(msg, NL80211_ATTR_CNTDWN_OFFS_PRESP,
11410 			 settings->counter_offset_presp))) {
11411 		ret = -ENOBUFS;
11412 		goto error;
11413 	}
11414 
11415 	nla_nest_end(msg, beacon_cca);
11416 
11417 	if (settings->ubpr.unsol_bcast_probe_resp_interval &&
11418 	    nl80211_unsol_bcast_probe_resp(bss, msg, &settings->ubpr) < 0) {
11419 		ret = -ENOBUFS;
11420 		goto error;
11421 	}
11422 
11423 #ifdef CONFIG_IEEE80211BE
11424 	if (nl80211_link_valid(bss->valid_links, settings->link_id)) {
11425 		wpa_printf(MSG_DEBUG,
11426 			   "nl80211: Color change request on link_id=%d",
11427 			   settings->link_id);
11428 
11429 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
11430 			       settings->link_id)) {
11431 			nlmsg_free(msg);
11432 			return -1;
11433 		}
11434 	}
11435 #endif /* CONFIG_IEEE80211BE */
11436 
11437 	ret = send_and_recv_cmd(drv, msg);
11438 	if (ret) {
11439 		wpa_printf(MSG_DEBUG,
11440 			   "nl80211: switch_color failed err=%d (%s)",
11441 			   ret, strerror(-ret));
11442 	}
11443 	return ret;
11444 
11445 error:
11446 	nlmsg_free(msg);
11447 	wpa_printf(MSG_DEBUG, "nl80211: Could not build color switch request");
11448 	return ret;
11449 }
11450 #endif /* CONFIG_IEEE80211AX */
11451 
11452 
11453 static int nl80211_add_ts(void *priv, u8 tsid, const u8 *addr,
11454 			  u8 user_priority, u16 admitted_time)
11455 {
11456 	struct i802_bss *bss = priv;
11457 	struct wpa_driver_nl80211_data *drv = bss->drv;
11458 	struct nl_msg *msg;
11459 	int ret;
11460 
11461 	wpa_printf(MSG_DEBUG,
11462 		   "nl80211: add_ts request: tsid=%u admitted_time=%u up=%d",
11463 		   tsid, admitted_time, user_priority);
11464 
11465 	if (!is_sta_interface(drv->nlmode))
11466 		return -ENOTSUP;
11467 
11468 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_ADD_TX_TS);
11469 	if (!msg ||
11470 	    nla_put_u8(msg, NL80211_ATTR_TSID, tsid) ||
11471 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
11472 	    nla_put_u8(msg, NL80211_ATTR_USER_PRIO, user_priority) ||
11473 	    nla_put_u16(msg, NL80211_ATTR_ADMITTED_TIME, admitted_time)) {
11474 		nlmsg_free(msg);
11475 		return -ENOBUFS;
11476 	}
11477 
11478 	ret = send_and_recv_cmd(drv, msg);
11479 	if (ret)
11480 		wpa_printf(MSG_DEBUG, "nl80211: add_ts failed err=%d (%s)",
11481 			   ret, strerror(-ret));
11482 	return ret;
11483 }
11484 
11485 
11486 static int nl80211_del_ts(void *priv, u8 tsid, const u8 *addr)
11487 {
11488 	struct i802_bss *bss = priv;
11489 	struct wpa_driver_nl80211_data *drv = bss->drv;
11490 	struct nl_msg *msg;
11491 	int ret;
11492 
11493 	wpa_printf(MSG_DEBUG, "nl80211: del_ts request: tsid=%u", tsid);
11494 
11495 	if (!is_sta_interface(drv->nlmode))
11496 		return -ENOTSUP;
11497 
11498 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_DEL_TX_TS)) ||
11499 	    nla_put_u8(msg, NL80211_ATTR_TSID, tsid) ||
11500 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
11501 		nlmsg_free(msg);
11502 		return -ENOBUFS;
11503 	}
11504 
11505 	ret = send_and_recv_cmd(drv, msg);
11506 	if (ret)
11507 		wpa_printf(MSG_DEBUG, "nl80211: del_ts failed err=%d (%s)",
11508 			   ret, strerror(-ret));
11509 	return ret;
11510 }
11511 
11512 
11513 #ifdef CONFIG_TESTING_OPTIONS
11514 static int cmd_reply_handler(struct nl_msg *msg, void *arg)
11515 {
11516 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
11517 	struct wpabuf *buf = arg;
11518 
11519 	if (!buf)
11520 		return NL_SKIP;
11521 
11522 	if ((size_t) genlmsg_attrlen(gnlh, 0) > wpabuf_tailroom(buf)) {
11523 		wpa_printf(MSG_INFO, "nl80211: insufficient buffer space for reply");
11524 		return NL_SKIP;
11525 	}
11526 
11527 	wpabuf_put_data(buf, genlmsg_attrdata(gnlh, 0),
11528 			genlmsg_attrlen(gnlh, 0));
11529 
11530 	return NL_SKIP;
11531 }
11532 #endif /* CONFIG_TESTING_OPTIONS */
11533 
11534 
11535 static int vendor_reply_handler(struct nl_msg *msg, void *arg)
11536 {
11537 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
11538 	struct nlattr *nl_vendor_reply, *nl;
11539 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
11540 	struct wpabuf *buf = arg;
11541 	int rem;
11542 
11543 	if (!buf)
11544 		return NL_SKIP;
11545 
11546 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
11547 		  genlmsg_attrlen(gnlh, 0), NULL);
11548 	nl_vendor_reply = tb[NL80211_ATTR_VENDOR_DATA];
11549 
11550 	if (!nl_vendor_reply)
11551 		return NL_SKIP;
11552 
11553 	if ((size_t) nla_len(nl_vendor_reply) > wpabuf_tailroom(buf)) {
11554 		wpa_printf(MSG_INFO, "nl80211: Vendor command: insufficient buffer space for reply");
11555 		return NL_SKIP;
11556 	}
11557 
11558 	nla_for_each_nested(nl, nl_vendor_reply, rem) {
11559 		wpabuf_put_data(buf, nla_data(nl), nla_len(nl));
11560 	}
11561 
11562 	return NL_SKIP;
11563 }
11564 
11565 
11566 static bool is_cmd_with_nested_attrs(unsigned int vendor_id,
11567 				     unsigned int subcmd)
11568 {
11569 	if (vendor_id != OUI_QCA)
11570 		return true;
11571 
11572 	switch (subcmd) {
11573 	case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY:
11574 	case QCA_NL80211_VENDOR_SUBCMD_STATS_EXT:
11575 	case QCA_NL80211_VENDOR_SUBCMD_SCANNING_MAC_OUI:
11576 	case QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_SET_KEY:
11577 	case QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_STATUS:
11578 	case QCA_NL80211_VENDOR_SUBCMD_NAN:
11579 		return false;
11580 	default:
11581 		return true;
11582 	}
11583 }
11584 
11585 
11586 static int nl80211_vendor_cmd(void *priv, unsigned int vendor_id,
11587 			      unsigned int subcmd, const u8 *data,
11588 			      size_t data_len, enum nested_attr nested_attr,
11589 			      struct wpabuf *buf)
11590 {
11591 	struct i802_bss *bss = priv;
11592 	struct wpa_driver_nl80211_data *drv = bss->drv;
11593 	struct nl_msg *msg;
11594 	int ret, nla_flag;
11595 
11596 #ifdef CONFIG_TESTING_OPTIONS
11597 	if (vendor_id == 0xffffffff) {
11598 		msg = nlmsg_alloc();
11599 		if (!msg)
11600 			return -ENOMEM;
11601 
11602 		nl80211_cmd(drv, msg, 0, subcmd);
11603 		if (nlmsg_append(msg, (void *) data, data_len, NLMSG_ALIGNTO) <
11604 		    0)
11605 			goto fail;
11606 		/* This test vendor_cmd can be used with nl80211 commands that
11607 		 * need the connect nl_sock, so use the variant that takes in
11608 		 * bss->nl_connect as the handle. */
11609 		ret = send_and_recv(drv->global, bss->nl_connect, msg,
11610 				    cmd_reply_handler, buf, NULL, NULL, NULL);
11611 		if (ret)
11612 			wpa_printf(MSG_DEBUG, "nl80211: command failed err=%d",
11613 				   ret);
11614 		return ret;
11615 	}
11616 #endif /* CONFIG_TESTING_OPTIONS */
11617 
11618 	if (nested_attr == NESTED_ATTR_USED)
11619 		nla_flag = NLA_F_NESTED;
11620 	else if (nested_attr == NESTED_ATTR_UNSPECIFIED &&
11621 		 is_cmd_with_nested_attrs(vendor_id, subcmd))
11622 		nla_flag = NLA_F_NESTED;
11623 	else
11624 		nla_flag = 0;
11625 
11626 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_VENDOR)) ||
11627 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, vendor_id) ||
11628 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD, subcmd) ||
11629 	    (data &&
11630 	     nla_put(msg, nla_flag | NL80211_ATTR_VENDOR_DATA,
11631 		     data_len, data)))
11632 		goto fail;
11633 
11634 	ret = send_and_recv_resp(drv, msg, vendor_reply_handler, buf);
11635 	if (ret)
11636 		wpa_printf(MSG_DEBUG, "nl80211: vendor command failed err=%d",
11637 			   ret);
11638 	return ret;
11639 
11640 fail:
11641 	nlmsg_free(msg);
11642 	return -ENOBUFS;
11643 }
11644 
11645 
11646 static int nl80211_set_qos_map(void *priv, const u8 *qos_map_set,
11647 			       u8 qos_map_set_len)
11648 {
11649 	struct i802_bss *bss = priv;
11650 	struct wpa_driver_nl80211_data *drv = bss->drv;
11651 	struct nl_msg *msg;
11652 	int ret;
11653 
11654 	wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map",
11655 		    qos_map_set, qos_map_set_len);
11656 
11657 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_SET_QOS_MAP)) ||
11658 	    nla_put(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set)) {
11659 		nlmsg_free(msg);
11660 		return -ENOBUFS;
11661 	}
11662 
11663 	ret = send_and_recv_cmd(drv, msg);
11664 	if (ret)
11665 		wpa_printf(MSG_DEBUG, "nl80211: Setting QoS Map failed");
11666 
11667 	return ret;
11668 }
11669 
11670 
11671 static int get_wowlan_handler(struct nl_msg *msg, void *arg)
11672 {
11673 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
11674 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
11675 	int *wowlan_enabled = arg;
11676 
11677 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
11678 		  genlmsg_attrlen(gnlh, 0), NULL);
11679 
11680 	*wowlan_enabled = !!tb[NL80211_ATTR_WOWLAN_TRIGGERS];
11681 
11682 	return NL_SKIP;
11683 }
11684 
11685 
11686 static int nl80211_get_wowlan(void *priv)
11687 {
11688 	struct i802_bss *bss = priv;
11689 	struct wpa_driver_nl80211_data *drv = bss->drv;
11690 	struct nl_msg *msg;
11691 	int wowlan_enabled;
11692 	int ret;
11693 
11694 	wpa_printf(MSG_DEBUG, "nl80211: Getting wowlan status");
11695 
11696 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_WOWLAN);
11697 
11698 	ret = send_and_recv_resp(drv, msg, get_wowlan_handler, &wowlan_enabled);
11699 	if (ret) {
11700 		wpa_printf(MSG_DEBUG, "nl80211: Getting wowlan status failed");
11701 		return 0;
11702 	}
11703 
11704 	wpa_printf(MSG_DEBUG, "nl80211: wowlan is %s",
11705 		   wowlan_enabled ? "enabled" : "disabled");
11706 
11707 	return wowlan_enabled;
11708 }
11709 
11710 
11711 static int nl80211_set_wowlan(void *priv,
11712 			      const struct wowlan_triggers *triggers)
11713 {
11714 	struct i802_bss *bss = priv;
11715 	struct wpa_driver_nl80211_data *drv = bss->drv;
11716 	struct nl_msg *msg;
11717 	struct nlattr *wowlan_triggers;
11718 	int ret;
11719 
11720 	wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan");
11721 
11722 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_SET_WOWLAN)) ||
11723 	    !(wowlan_triggers = nla_nest_start(msg,
11724 					       NL80211_ATTR_WOWLAN_TRIGGERS)) ||
11725 	    (triggers->any &&
11726 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
11727 	    (triggers->disconnect &&
11728 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
11729 	    (triggers->magic_pkt &&
11730 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
11731 	    (triggers->gtk_rekey_failure &&
11732 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
11733 	    (triggers->eap_identity_req &&
11734 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
11735 	    (triggers->four_way_handshake &&
11736 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
11737 	    (triggers->rfkill_release &&
11738 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) {
11739 		nlmsg_free(msg);
11740 		return -ENOBUFS;
11741 	}
11742 
11743 	nla_nest_end(msg, wowlan_triggers);
11744 
11745 	ret = send_and_recv_cmd(drv, msg);
11746 	if (ret)
11747 		wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan failed");
11748 
11749 	return ret;
11750 }
11751 
11752 
11753 #ifdef CONFIG_DRIVER_NL80211_QCA
11754 static int nl80211_roaming(void *priv, int allowed, const u8 *bssid)
11755 {
11756 	struct i802_bss *bss = priv;
11757 	struct wpa_driver_nl80211_data *drv = bss->drv;
11758 	struct nl_msg *msg;
11759 	struct nlattr *params;
11760 
11761 	wpa_printf(MSG_DEBUG, "nl80211: Roaming policy: allowed=%d", allowed);
11762 
11763 	if (!drv->roaming_vendor_cmd_avail) {
11764 		wpa_printf(MSG_DEBUG,
11765 			   "nl80211: Ignore roaming policy change since driver does not provide command for setting it");
11766 		return -1;
11767 	}
11768 
11769 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11770 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11771 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11772 			QCA_NL80211_VENDOR_SUBCMD_ROAMING) ||
11773 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11774 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_ROAMING_POLICY,
11775 			allowed ? QCA_ROAMING_ALLOWED_WITHIN_ESS :
11776 			QCA_ROAMING_NOT_ALLOWED) ||
11777 	    (bssid &&
11778 	     nla_put(msg, QCA_WLAN_VENDOR_ATTR_MAC_ADDR, ETH_ALEN, bssid))) {
11779 		nlmsg_free(msg);
11780 		return -1;
11781 	}
11782 	nla_nest_end(msg, params);
11783 
11784 	return send_and_recv_cmd(drv, msg);
11785 }
11786 
11787 
11788 static int nl80211_disable_fils(void *priv, int disable)
11789 {
11790 	struct i802_bss *bss = priv;
11791 	struct wpa_driver_nl80211_data *drv = bss->drv;
11792 	struct nl_msg *msg;
11793 	struct nlattr *params;
11794 
11795 	wpa_printf(MSG_DEBUG, "nl80211: Disable FILS=%d", disable);
11796 
11797 	if (!drv->set_wifi_conf_vendor_cmd_avail)
11798 		return -1;
11799 
11800 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11801 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11802 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11803 			QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION) ||
11804 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11805 	    nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_CONFIG_DISABLE_FILS,
11806 		       disable)) {
11807 		nlmsg_free(msg);
11808 		return -1;
11809 	}
11810 	nla_nest_end(msg, params);
11811 
11812 	return send_and_recv_cmd(drv, msg);
11813 }
11814 
11815 
11816 /* Reserved QCA_WLAN_VENDOR_ATTR_ROAMING_REQ_ID value for wpa_supplicant */
11817 #define WPA_SUPPLICANT_CLIENT_ID 1
11818 
11819 static int nl80211_set_bssid_tmp_disallow(void *priv, unsigned int num_bssid,
11820 					  const u8 *bssid)
11821 {
11822 	struct i802_bss *bss = priv;
11823 	struct wpa_driver_nl80211_data *drv = bss->drv;
11824 	struct nl_msg *msg;
11825 	struct nlattr *params, *nlbssids, *attr;
11826 	unsigned int i;
11827 
11828 	wpa_printf(MSG_DEBUG,
11829 		   "nl80211: Set temporarily disallowed BSSIDs (num=%u)",
11830 		   num_bssid);
11831 
11832 	if (!drv->roam_vendor_cmd_avail)
11833 		return -1;
11834 
11835 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11836 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11837 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11838 			QCA_NL80211_VENDOR_SUBCMD_ROAM) ||
11839 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11840 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_ROAMING_SUBCMD,
11841 			QCA_WLAN_VENDOR_ROAMING_SUBCMD_SET_BLACKLIST_BSSID) ||
11842 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_ROAMING_REQ_ID,
11843 			WPA_SUPPLICANT_CLIENT_ID) ||
11844 	    nla_put_u32(msg,
11845 			QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS_NUM_BSSID,
11846 			num_bssid))
11847 		goto fail;
11848 
11849 	nlbssids = nla_nest_start(
11850 		msg, QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS);
11851 	if (!nlbssids)
11852 		goto fail;
11853 
11854 	for (i = 0; i < num_bssid; i++) {
11855 		attr = nla_nest_start(msg, i);
11856 		if (!attr)
11857 			goto fail;
11858 		if (nla_put(msg,
11859 			    QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS_BSSID,
11860 			    ETH_ALEN, &bssid[i * ETH_ALEN]))
11861 			goto fail;
11862 		wpa_printf(MSG_DEBUG, "nl80211:   BSSID[%u]: " MACSTR, i,
11863 			   MAC2STR(&bssid[i * ETH_ALEN]));
11864 		nla_nest_end(msg, attr);
11865 	}
11866 	nla_nest_end(msg, nlbssids);
11867 	nla_nest_end(msg, params);
11868 
11869 	return send_and_recv_cmd(drv, msg);
11870 
11871 fail:
11872 	nlmsg_free(msg);
11873 	return -1;
11874 }
11875 
11876 
11877 static int nl80211_add_sta_node(void *priv, const u8 *addr, u16 auth_alg)
11878 {
11879 	struct i802_bss *bss = priv;
11880 	struct wpa_driver_nl80211_data *drv = bss->drv;
11881 	struct nl_msg *msg;
11882 	struct nlattr *params;
11883 
11884 	if (!drv->add_sta_node_vendor_cmd_avail)
11885 		return -EOPNOTSUPP;
11886 
11887 	wpa_printf(MSG_DEBUG, "nl80211: Add STA node");
11888 
11889 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11890 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11891 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11892 			QCA_NL80211_VENDOR_SUBCMD_ADD_STA_NODE) ||
11893 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11894 	    (addr &&
11895 	     nla_put(msg, QCA_WLAN_VENDOR_ATTR_ADD_STA_NODE_MAC_ADDR, ETH_ALEN,
11896 		     addr)) ||
11897 	    nla_put_u16(msg, QCA_WLAN_VENDOR_ATTR_ADD_STA_NODE_AUTH_ALGO,
11898 			auth_alg)) {
11899 		nlmsg_free(msg);
11900 		wpa_printf(MSG_ERROR,
11901 			   "%s: err in adding vendor_cmd and vendor_data",
11902 			   __func__);
11903 		return -1;
11904 	}
11905 	nla_nest_end(msg, params);
11906 
11907 	return send_and_recv_cmd(drv, msg);
11908 }
11909 
11910 #endif /* CONFIG_DRIVER_NL80211_QCA */
11911 
11912 
11913 static int nl80211_set_mac_addr(void *priv, const u8 *addr)
11914 {
11915 	struct i802_bss *bss = priv;
11916 	struct wpa_driver_nl80211_data *drv = bss->drv;
11917 	int new_addr = addr != NULL;
11918 
11919 	if (TEST_FAIL())
11920 		return -1;
11921 
11922 	if (!addr)
11923 		addr = drv->perm_addr;
11924 
11925 	if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) < 0)
11926 		return -1;
11927 
11928 	if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname, addr) < 0)
11929 	{
11930 		wpa_printf(MSG_DEBUG,
11931 			   "nl80211: failed to set_mac_addr for %s to " MACSTR,
11932 			   bss->ifname, MAC2STR(addr));
11933 		if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname,
11934 					  1) < 0) {
11935 			wpa_printf(MSG_DEBUG,
11936 				   "nl80211: Could not restore interface UP after failed set_mac_addr");
11937 		}
11938 		return -1;
11939 	}
11940 
11941 	wpa_printf(MSG_DEBUG, "nl80211: set_mac_addr for %s to " MACSTR,
11942 		   bss->ifname, MAC2STR(addr));
11943 	drv->addr_changed = new_addr;
11944 	os_memcpy(bss->prev_addr, bss->addr, ETH_ALEN);
11945 	os_memcpy(bss->addr, addr, ETH_ALEN);
11946 
11947 	if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1) < 0)
11948 	{
11949 		wpa_printf(MSG_DEBUG,
11950 			   "nl80211: Could not restore interface UP after set_mac_addr");
11951 	}
11952 
11953 	return 0;
11954 }
11955 
11956 
11957 #ifdef CONFIG_MESH
11958 
11959 static int wpa_driver_nl80211_init_mesh(void *priv)
11960 {
11961 	if (wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_MESH_POINT)) {
11962 		wpa_printf(MSG_INFO,
11963 			   "nl80211: Failed to set interface into mesh mode");
11964 		return -1;
11965 	}
11966 	return 0;
11967 }
11968 
11969 
11970 static int nl80211_put_mesh_id(struct nl_msg *msg, const u8 *mesh_id,
11971 			       size_t mesh_id_len)
11972 {
11973 	if (mesh_id) {
11974 		wpa_printf(MSG_DEBUG, "  * Mesh ID (SSID)=%s",
11975 			   wpa_ssid_txt(mesh_id, mesh_id_len));
11976 		return nla_put(msg, NL80211_ATTR_MESH_ID, mesh_id_len, mesh_id);
11977 	}
11978 
11979 	return 0;
11980 }
11981 
11982 
11983 static int nl80211_put_mesh_config(struct nl_msg *msg,
11984 				   struct wpa_driver_mesh_bss_params *params)
11985 {
11986 	struct nlattr *container;
11987 
11988 	container = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
11989 	if (!container)
11990 		return -1;
11991 
11992 	if (((params->flags & WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS) &&
11993 	     nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
11994 			params->auto_plinks)) ||
11995 	    ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_FORWARDING) &&
11996 	     nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
11997 			params->forwarding)) ||
11998 	    ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_MAX_PEER_LINKS) &&
11999 	     nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
12000 			 params->max_peer_links)) ||
12001 	    ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_RSSI_THRESHOLD) &&
12002 	     nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
12003 			 params->rssi_threshold)))
12004 		return -1;
12005 
12006 	/*
12007 	 * Set NL80211_MESHCONF_PLINK_TIMEOUT even if user mpm is used because
12008 	 * the timer could disconnect stations even in that case.
12009 	 */
12010 	if ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_PEER_LINK_TIMEOUT) &&
12011 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
12012 			params->peer_link_timeout)) {
12013 		wpa_printf(MSG_ERROR, "nl80211: Failed to set PLINK_TIMEOUT");
12014 		return -1;
12015 	}
12016 
12017 	if ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE) &&
12018 	    nla_put_u16(msg, NL80211_MESHCONF_HT_OPMODE, params->ht_opmode)) {
12019 		wpa_printf(MSG_ERROR, "nl80211: Failed to set HT_OP_MODE");
12020 		return -1;
12021 	}
12022 
12023 	nla_nest_end(msg, container);
12024 
12025 	return 0;
12026 }
12027 
12028 
12029 static int nl80211_join_mesh(struct i802_bss *bss,
12030 			     struct wpa_driver_mesh_join_params *params)
12031 {
12032 	struct wpa_driver_nl80211_data *drv = bss->drv;
12033 	struct nl_msg *msg;
12034 	struct nlattr *container;
12035 	int ret = -1;
12036 
12037 	wpa_printf(MSG_DEBUG, "nl80211: mesh join (ifindex=%d)", drv->ifindex);
12038 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_JOIN_MESH);
12039 	if (!msg ||
12040 	    nl80211_put_freq_params(msg, &params->freq) ||
12041 	    nl80211_put_basic_rates(msg, params->basic_rates) ||
12042 	    nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
12043 	    nl80211_put_beacon_int(msg, params->beacon_int) ||
12044 	    nl80211_put_dtim_period(msg, params->dtim_period))
12045 		goto fail;
12046 
12047 	wpa_printf(MSG_DEBUG, "  * flags=%08X", params->flags);
12048 
12049 	if (params->handle_dfs && nla_put_flag(msg, NL80211_ATTR_HANDLE_DFS))
12050 		goto fail;
12051 
12052 	container = nla_nest_start(msg, NL80211_ATTR_MESH_SETUP);
12053 	if (!container)
12054 		goto fail;
12055 
12056 	if (params->ies) {
12057 		wpa_hexdump(MSG_DEBUG, "  * IEs", params->ies, params->ie_len);
12058 		if (nla_put(msg, NL80211_MESH_SETUP_IE, params->ie_len,
12059 			    params->ies))
12060 			goto fail;
12061 	}
12062 	/* WPA_DRIVER_MESH_FLAG_OPEN_AUTH is treated as default by nl80211 */
12063 	if (params->flags & WPA_DRIVER_MESH_FLAG_SAE_AUTH) {
12064 		if (nla_put_u8(msg, NL80211_MESH_SETUP_AUTH_PROTOCOL, 0x1) ||
12065 		    nla_put_flag(msg, NL80211_MESH_SETUP_USERSPACE_AUTH))
12066 			goto fail;
12067 	}
12068 	if ((params->flags & WPA_DRIVER_MESH_FLAG_AMPE) &&
12069 	    nla_put_flag(msg, NL80211_MESH_SETUP_USERSPACE_AMPE))
12070 		goto fail;
12071 	if ((params->flags & WPA_DRIVER_MESH_FLAG_USER_MPM) &&
12072 	    nla_put_flag(msg, NL80211_MESH_SETUP_USERSPACE_MPM))
12073 		goto fail;
12074 	nla_nest_end(msg, container);
12075 
12076 	params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS;
12077 	params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_PEER_LINK_TIMEOUT;
12078 	params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_MAX_PEER_LINKS;
12079 	if (nl80211_put_mesh_config(msg, &params->conf) < 0)
12080 		goto fail;
12081 
12082 	if (nla_put_flag(msg, NL80211_ATTR_SOCKET_OWNER))
12083 		return -1;
12084 	ret = send_and_recv(drv->global, bss->nl_connect, msg, NULL, NULL, NULL,
12085 			    NULL, NULL);
12086 	msg = NULL;
12087 	if (ret) {
12088 		wpa_printf(MSG_DEBUG, "nl80211: mesh join failed: ret=%d (%s)",
12089 			   ret, strerror(-ret));
12090 		goto fail;
12091 	}
12092 	ret = 0;
12093 	drv->assoc_freq = bss->flink->freq = params->freq.freq;
12094 	wpa_printf(MSG_DEBUG, "nl80211: mesh join request send successfully");
12095 
12096 fail:
12097 	nlmsg_free(msg);
12098 	return ret;
12099 }
12100 
12101 
12102 static int
12103 wpa_driver_nl80211_join_mesh(void *priv,
12104 			     struct wpa_driver_mesh_join_params *params)
12105 {
12106 	struct i802_bss *bss = priv;
12107 	int ret, timeout;
12108 
12109 	timeout = params->conf.peer_link_timeout;
12110 
12111 	/* Disable kernel inactivity timer */
12112 	if (params->flags & WPA_DRIVER_MESH_FLAG_USER_MPM)
12113 		params->conf.peer_link_timeout = 0;
12114 
12115 	ret = nl80211_join_mesh(bss, params);
12116 	if (ret == -EINVAL && params->conf.peer_link_timeout == 0) {
12117 		wpa_printf(MSG_DEBUG,
12118 			   "nl80211: Mesh join retry for peer_link_timeout");
12119 		/*
12120 		 * Old kernel does not support setting
12121 		 * NL80211_MESHCONF_PLINK_TIMEOUT to zero, so set 60 seconds
12122 		 * into future from peer_link_timeout.
12123 		 */
12124 		params->conf.peer_link_timeout = timeout + 60;
12125 		ret = nl80211_join_mesh(priv, params);
12126 	}
12127 
12128 	params->conf.peer_link_timeout = timeout;
12129 	return ret;
12130 }
12131 
12132 
12133 static int wpa_driver_nl80211_leave_mesh(void *priv)
12134 {
12135 	struct i802_bss *bss = priv;
12136 	struct wpa_driver_nl80211_data *drv = bss->drv;
12137 	struct nl_msg *msg;
12138 	int ret;
12139 
12140 	wpa_printf(MSG_DEBUG, "nl80211: mesh leave (ifindex=%d)", drv->ifindex);
12141 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_MESH);
12142 	ret = send_and_recv(drv->global, bss->nl_connect, msg, NULL, NULL, NULL,
12143 			    NULL, NULL);
12144 	if (ret) {
12145 		wpa_printf(MSG_DEBUG, "nl80211: mesh leave failed: ret=%d (%s)",
12146 			   ret, strerror(-ret));
12147 	} else {
12148 		wpa_printf(MSG_DEBUG,
12149 			   "nl80211: mesh leave request send successfully");
12150 		drv->first_bss->flink->freq = 0;
12151 	}
12152 
12153 	if (drv->start_mode_sta &&
12154 	    wpa_driver_nl80211_set_mode(drv->first_bss,
12155 					NL80211_IFTYPE_STATION)) {
12156 		wpa_printf(MSG_INFO,
12157 			   "nl80211: Failed to set interface into station mode");
12158 	}
12159 	return ret;
12160 }
12161 
12162 
12163 static int nl80211_probe_mesh_link(void *priv, const u8 *addr, const u8 *eth,
12164 				   size_t len)
12165 {
12166 	struct i802_bss *bss = priv;
12167 	struct wpa_driver_nl80211_data *drv = bss->drv;
12168 	struct nl_msg *msg;
12169 	int ret;
12170 
12171 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_PROBE_MESH_LINK);
12172 	if (!msg ||
12173 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
12174 	    nla_put(msg, NL80211_ATTR_FRAME, len, eth)) {
12175 		nlmsg_free(msg);
12176 		return -ENOBUFS;
12177 	}
12178 
12179 	ret = send_and_recv_cmd(drv, msg);
12180 	if (ret) {
12181 		wpa_printf(MSG_DEBUG, "nl80211: mesh link probe to " MACSTR
12182 			   " failed: ret=%d (%s)",
12183 			   MAC2STR(addr), ret, strerror(-ret));
12184 	} else {
12185 		wpa_printf(MSG_DEBUG, "nl80211: Mesh link to " MACSTR
12186 			   " probed successfully", MAC2STR(addr));
12187 	}
12188 
12189 	return ret;
12190 }
12191 
12192 #endif /* CONFIG_MESH */
12193 
12194 
12195 static int wpa_driver_br_add_ip_neigh(void *priv, u8 version,
12196 				      const u8 *ipaddr, int prefixlen,
12197 				      const u8 *addr)
12198 {
12199 	struct i802_bss *bss = priv;
12200 	struct wpa_driver_nl80211_data *drv = bss->drv;
12201 	struct ndmsg nhdr = {
12202 		.ndm_state = NUD_PERMANENT,
12203 		.ndm_ifindex = bss->br_ifindex,
12204 	};
12205 	struct nl_msg *msg;
12206 	int addrsize;
12207 	int res;
12208 
12209 	if (!ipaddr || prefixlen == 0 || !addr)
12210 		return -EINVAL;
12211 
12212 	if (bss->br_ifindex == 0) {
12213 		wpa_printf(MSG_DEBUG,
12214 			   "nl80211: bridge must be set before adding an ip neigh to it");
12215 		return -1;
12216 	}
12217 
12218 	if (!drv->rtnl_sk) {
12219 		wpa_printf(MSG_DEBUG,
12220 			   "nl80211: nl_sock for NETLINK_ROUTE is not initialized");
12221 		return -1;
12222 	}
12223 
12224 	if (version == 4) {
12225 		nhdr.ndm_family = AF_INET;
12226 		addrsize = 4;
12227 	} else if (version == 6) {
12228 		nhdr.ndm_family = AF_INET6;
12229 		addrsize = 16;
12230 	} else {
12231 		return -EINVAL;
12232 	}
12233 
12234 	msg = nlmsg_alloc_simple(RTM_NEWNEIGH, NLM_F_CREATE);
12235 	if (!msg)
12236 		return -ENOMEM;
12237 
12238 	res = -ENOMEM;
12239 	if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0 ||
12240 	    nla_put(msg, NDA_DST, addrsize, (void *) ipaddr) ||
12241 	    nla_put(msg, NDA_LLADDR, ETH_ALEN, (void *) addr))
12242 		goto errout;
12243 
12244 	res = nl_send_auto_complete(drv->rtnl_sk, msg);
12245 	if (res < 0)
12246 		goto errout;
12247 
12248 	res = nl_wait_for_ack(drv->rtnl_sk);
12249 	if (res) {
12250 		wpa_printf(MSG_DEBUG,
12251 			   "nl80211: Adding bridge ip neigh failed: %s",
12252 			   nl_geterror(res));
12253 	}
12254 errout:
12255 	nlmsg_free(msg);
12256 	return res;
12257 }
12258 
12259 
12260 static int wpa_driver_br_delete_ip_neigh(void *priv, u8 version,
12261 					 const u8 *ipaddr)
12262 {
12263 	struct i802_bss *bss = priv;
12264 	struct wpa_driver_nl80211_data *drv = bss->drv;
12265 	struct ndmsg nhdr = {
12266 		.ndm_state = NUD_PERMANENT,
12267 		.ndm_ifindex = bss->br_ifindex,
12268 	};
12269 	struct nl_msg *msg;
12270 	int addrsize;
12271 	int res;
12272 
12273 	if (!ipaddr)
12274 		return -EINVAL;
12275 
12276 	if (version == 4) {
12277 		nhdr.ndm_family = AF_INET;
12278 		addrsize = 4;
12279 	} else if (version == 6) {
12280 		nhdr.ndm_family = AF_INET6;
12281 		addrsize = 16;
12282 	} else {
12283 		return -EINVAL;
12284 	}
12285 
12286 	if (bss->br_ifindex == 0) {
12287 		wpa_printf(MSG_DEBUG,
12288 			   "nl80211: bridge must be set to delete an ip neigh");
12289 		return -1;
12290 	}
12291 
12292 	if (!drv->rtnl_sk) {
12293 		wpa_printf(MSG_DEBUG,
12294 			   "nl80211: nl_sock for NETLINK_ROUTE is not initialized");
12295 		return -1;
12296 	}
12297 
12298 	msg = nlmsg_alloc_simple(RTM_DELNEIGH, NLM_F_CREATE);
12299 	if (!msg)
12300 		return -ENOMEM;
12301 
12302 	res = -ENOMEM;
12303 	if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0 ||
12304 	    nla_put(msg, NDA_DST, addrsize, (void *) ipaddr))
12305 		goto errout;
12306 
12307 	res = nl_send_auto_complete(drv->rtnl_sk, msg);
12308 	if (res < 0)
12309 		goto errout;
12310 
12311 	res = nl_wait_for_ack(drv->rtnl_sk);
12312 	if (res) {
12313 		wpa_printf(MSG_DEBUG,
12314 			   "nl80211: Deleting bridge ip neigh failed: %s",
12315 			   nl_geterror(res));
12316 	}
12317 errout:
12318 	nlmsg_free(msg);
12319 	return res;
12320 }
12321 
12322 
12323 static int linux_write_system_file(const char *path, unsigned int val)
12324 {
12325 	char buf[50];
12326 	int fd, len;
12327 
12328 	len = os_snprintf(buf, sizeof(buf), "%u\n", val);
12329 	if (os_snprintf_error(sizeof(buf), len))
12330 		return -1;
12331 
12332 	fd = open(path, O_WRONLY);
12333 	if (fd < 0)
12334 		return -1;
12335 
12336 	if (write(fd, buf, len) < 0) {
12337 		wpa_printf(MSG_DEBUG,
12338 			   "nl80211: Failed to write Linux system file: %s with the value of %d",
12339 			   path, val);
12340 		close(fd);
12341 		return -1;
12342 	}
12343 	close(fd);
12344 
12345 	return 0;
12346 }
12347 
12348 
12349 static const char * drv_br_port_attr_str(enum drv_br_port_attr attr)
12350 {
12351 	switch (attr) {
12352 	case DRV_BR_PORT_ATTR_PROXYARP:
12353 		return "proxyarp_wifi";
12354 	case DRV_BR_PORT_ATTR_HAIRPIN_MODE:
12355 		return "hairpin_mode";
12356 	case DRV_BR_PORT_ATTR_MCAST2UCAST:
12357 		return "multicast_to_unicast";
12358 	}
12359 
12360 	return NULL;
12361 }
12362 
12363 
12364 static int wpa_driver_br_port_set_attr(void *priv, enum drv_br_port_attr attr,
12365 				       unsigned int val)
12366 {
12367 	struct i802_bss *bss = priv;
12368 	char path[128];
12369 	const char *attr_txt;
12370 
12371 	attr_txt = drv_br_port_attr_str(attr);
12372 	if (attr_txt == NULL)
12373 		return -EINVAL;
12374 
12375 	os_snprintf(path, sizeof(path), "/sys/class/net/%s/brport/%s",
12376 		    bss->ifname, attr_txt);
12377 
12378 	if (linux_write_system_file(path, val))
12379 		return -1;
12380 
12381 	return 0;
12382 }
12383 
12384 
12385 static const char * drv_br_net_param_str(enum drv_br_net_param param)
12386 {
12387 	switch (param) {
12388 	case DRV_BR_NET_PARAM_GARP_ACCEPT:
12389 		return "arp_accept";
12390 	default:
12391 		return NULL;
12392 	}
12393 }
12394 
12395 
12396 static int wpa_driver_br_set_net_param(void *priv, enum drv_br_net_param param,
12397 				       unsigned int val)
12398 {
12399 	struct i802_bss *bss = priv;
12400 	char path[128];
12401 	const char *param_txt;
12402 	int ip_version = 4;
12403 
12404 	if (param == DRV_BR_MULTICAST_SNOOPING) {
12405 		os_snprintf(path, sizeof(path),
12406 			    "/sys/devices/virtual/net/%s/bridge/multicast_snooping",
12407 			    bss->brname);
12408 		goto set_val;
12409 	}
12410 
12411 	param_txt = drv_br_net_param_str(param);
12412 	if (param_txt == NULL)
12413 		return -EINVAL;
12414 
12415 	switch (param) {
12416 		case DRV_BR_NET_PARAM_GARP_ACCEPT:
12417 			ip_version = 4;
12418 			break;
12419 		default:
12420 			return -EINVAL;
12421 	}
12422 
12423 	os_snprintf(path, sizeof(path), "/proc/sys/net/ipv%d/conf/%s/%s",
12424 		    ip_version, bss->brname, param_txt);
12425 
12426 set_val:
12427 	if (linux_write_system_file(path, val))
12428 		return -1;
12429 
12430 	return 0;
12431 }
12432 
12433 
12434 #ifdef CONFIG_DRIVER_NL80211_QCA
12435 
12436 static int hw_mode_to_qca_acs(enum hostapd_hw_mode hw_mode)
12437 {
12438 	switch (hw_mode) {
12439 	case HOSTAPD_MODE_IEEE80211B:
12440 		return QCA_ACS_MODE_IEEE80211B;
12441 	case HOSTAPD_MODE_IEEE80211G:
12442 		return QCA_ACS_MODE_IEEE80211G;
12443 	case HOSTAPD_MODE_IEEE80211A:
12444 		return QCA_ACS_MODE_IEEE80211A;
12445 	case HOSTAPD_MODE_IEEE80211AD:
12446 		return QCA_ACS_MODE_IEEE80211AD;
12447 	case HOSTAPD_MODE_IEEE80211ANY:
12448 		return QCA_ACS_MODE_IEEE80211ANY;
12449 	default:
12450 		return -1;
12451 	}
12452 }
12453 
12454 
12455 static int add_acs_ch_list(struct nl_msg *msg, const int *freq_list)
12456 {
12457 	int num_channels = 0, num_freqs;
12458 	u8 *ch_list;
12459 	enum hostapd_hw_mode hw_mode;
12460 	int ret = 0;
12461 	int i;
12462 
12463 	if (!freq_list)
12464 		return 0;
12465 
12466 	num_freqs = int_array_len(freq_list);
12467 	ch_list = os_malloc(sizeof(u8) * num_freqs);
12468 	if (!ch_list)
12469 		return -1;
12470 
12471 	for (i = 0; i < num_freqs; i++) {
12472 		const int freq = freq_list[i];
12473 
12474 		if (freq == 0)
12475 			break;
12476 		/* Send 2.4 GHz and 5 GHz channels with
12477 		 * QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST to maintain backwards
12478 		 * compatibility.
12479 		 */
12480 		if (!(freq >= 2412 && freq <= 2484) &&
12481 		    !(freq >= 5180 && freq <= 5900) &&
12482 		    !(freq >= 5945 && freq <= 7115))
12483 			continue;
12484 		hw_mode = ieee80211_freq_to_chan(freq, &ch_list[num_channels]);
12485 		if (hw_mode != NUM_HOSTAPD_MODES)
12486 			num_channels++;
12487 	}
12488 
12489 	if (num_channels)
12490 		ret = nla_put(msg, QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST,
12491 			      num_channels, ch_list);
12492 
12493 	os_free(ch_list);
12494 	return ret;
12495 }
12496 
12497 
12498 static int add_acs_freq_list(struct nl_msg *msg, const int *freq_list)
12499 {
12500 	int i, len, ret;
12501 	u32 *freqs;
12502 
12503 	if (!freq_list)
12504 		return 0;
12505 	len = int_array_len(freq_list);
12506 	freqs = os_malloc(sizeof(u32) * len);
12507 	if (!freqs)
12508 		return -1;
12509 	for (i = 0; i < len; i++)
12510 		freqs[i] = freq_list[i];
12511 	ret = nla_put(msg, QCA_WLAN_VENDOR_ATTR_ACS_FREQ_LIST,
12512 		      sizeof(u32) * len, freqs);
12513 	os_free(freqs);
12514 	return ret;
12515 }
12516 
12517 
12518 static int nl80211_qca_do_acs(struct wpa_driver_nl80211_data *drv,
12519 			      struct drv_acs_params *params)
12520 {
12521 	struct nl_msg *msg;
12522 	struct nlattr *data;
12523 	int ret;
12524 	int mode;
12525 
12526 	mode = hw_mode_to_qca_acs(params->hw_mode);
12527 	if (mode < 0)
12528 		return -1;
12529 
12530 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
12531 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
12532 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
12533 			QCA_NL80211_VENDOR_SUBCMD_DO_ACS) ||
12534 	    !(data = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
12535 	    nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_ACS_HW_MODE, mode) ||
12536 	    (params->ht_enabled &&
12537 	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_HT_ENABLED)) ||
12538 	    (params->ht40_enabled &&
12539 	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_HT40_ENABLED)) ||
12540 	    (params->vht_enabled &&
12541 	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_VHT_ENABLED)) ||
12542 	    (params->eht_enabled &&
12543 	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_EHT_ENABLED)) ||
12544 	    nla_put_u16(msg, QCA_WLAN_VENDOR_ATTR_ACS_CHWIDTH,
12545 			params->ch_width) ||
12546 	    add_acs_ch_list(msg, params->freq_list) ||
12547 	    add_acs_freq_list(msg, params->freq_list) ||
12548 	    (params->edmg_enabled &&
12549 	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED)) ||
12550 	    (params->link_id != NL80211_DRV_LINK_ID_NA &&
12551 	     nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_ACS_LINK_ID,
12552 			params->link_id))) {
12553 		nlmsg_free(msg);
12554 		return -ENOBUFS;
12555 	}
12556 	nla_nest_end(msg, data);
12557 
12558 	wpa_printf(MSG_DEBUG,
12559 		   "nl80211: ACS Params: HW_MODE: %d HT: %d HT40: %d VHT: %d EHT: %d BW: %d EDMG: %d, link_id: %d",
12560 		   params->hw_mode, params->ht_enabled, params->ht40_enabled,
12561 		   params->vht_enabled, params->eht_enabled, params->ch_width,
12562 		   params->edmg_enabled, params->link_id);
12563 
12564 	ret = send_and_recv_cmd(drv, msg);
12565 	if (ret) {
12566 		wpa_printf(MSG_DEBUG,
12567 			   "nl80211: Failed to invoke driver ACS function: %s",
12568 			   strerror(-ret));
12569 	}
12570 	return ret;
12571 }
12572 
12573 
12574 static int nl80211_set_band(void *priv, u32 band_mask)
12575 {
12576 	struct i802_bss *bss = priv;
12577 	struct wpa_driver_nl80211_data *drv = bss->drv;
12578 	struct nl_msg *msg;
12579 	struct nlattr *data;
12580 	int ret;
12581 	enum qca_set_band qca_band_value;
12582 	u32 qca_band_mask = QCA_SETBAND_AUTO;
12583 
12584 	if (!drv->setband_vendor_cmd_avail ||
12585 	    (band_mask > (WPA_SETBAND_2G | WPA_SETBAND_5G | WPA_SETBAND_6G)))
12586 		return -1;
12587 
12588 	if (band_mask & WPA_SETBAND_5G)
12589 		qca_band_mask |= QCA_SETBAND_5G;
12590 	if (band_mask & WPA_SETBAND_2G)
12591 		qca_band_mask |= QCA_SETBAND_2G;
12592 	if (band_mask & WPA_SETBAND_6G)
12593 		qca_band_mask |= QCA_SETBAND_6G;
12594 
12595 	/*
12596 	 * QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE is a legacy interface hence make
12597 	 * it suite to its values (AUTO/5G/2G) for backwards compatibility.
12598 	 */
12599 	qca_band_value = ((qca_band_mask & QCA_SETBAND_5G) &&
12600 			  (qca_band_mask & QCA_SETBAND_2G)) ?
12601 				QCA_SETBAND_AUTO :
12602 				qca_band_mask & ~QCA_SETBAND_6G;
12603 
12604 	wpa_printf(MSG_DEBUG,
12605 		   "nl80211: QCA_BAND_MASK = 0x%x, QCA_BAND_VALUE = %d",
12606 		   qca_band_mask, qca_band_value);
12607 
12608 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
12609 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
12610 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
12611 			QCA_NL80211_VENDOR_SUBCMD_SETBAND) ||
12612 	    !(data = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
12613 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE,
12614 			qca_band_value) ||
12615 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_SETBAND_MASK,
12616 			qca_band_mask)) {
12617 		nlmsg_free(msg);
12618 		return -ENOBUFS;
12619 	}
12620 	nla_nest_end(msg, data);
12621 
12622 	ret = send_and_recv_cmd(drv, msg);
12623 	if (ret) {
12624 		wpa_printf(MSG_DEBUG,
12625 			   "nl80211: Driver setband function failed: %s",
12626 			   strerror(-ret));
12627 	}
12628 	return ret;
12629 }
12630 
12631 
12632 struct nl80211_pcl {
12633 	unsigned int num;
12634 	struct weighted_pcl *freq_list;
12635 };
12636 
12637 static void get_pcl_attr_values(struct weighted_pcl *wpcl, struct nlattr *nl[])
12638 {
12639 	if (nl[QCA_WLAN_VENDOR_ATTR_PCL_FREQ])
12640 		wpcl->freq = nla_get_u32(nl[QCA_WLAN_VENDOR_ATTR_PCL_FREQ]);
12641 	if (nl[QCA_WLAN_VENDOR_ATTR_PCL_WEIGHT])
12642 		wpcl->weight = nla_get_u8(nl[QCA_WLAN_VENDOR_ATTR_PCL_WEIGHT]);
12643 	if (nl[QCA_WLAN_VENDOR_ATTR_PCL_FLAG]) {
12644 		u32 flags = nla_get_u32(nl[QCA_WLAN_VENDOR_ATTR_PCL_FLAG]);
12645 
12646 		wpcl->flag = 0;
12647 		if (flags & BIT(0))
12648 			wpcl->flag |= WEIGHTED_PCL_GO;
12649 		if (flags & BIT(1))
12650 			wpcl->flag |= WEIGHTED_PCL_CLI;
12651 		if (flags & BIT(2))
12652 			wpcl->flag |= WEIGHTED_PCL_MUST_CONSIDER;
12653 		if (flags & BIT(3))
12654 			wpcl->flag |= WEIGHTED_PCL_EXCLUDE;
12655 	} else {
12656 		wpcl->flag = WEIGHTED_PCL_GO | WEIGHTED_PCL_CLI;
12657 	}
12658 }
12659 
12660 
12661 static int preferred_freq_info_handler(struct nl_msg *msg, void *arg)
12662 {
12663 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
12664 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
12665 	struct nl80211_pcl *param = arg;
12666 	struct nlattr *nl_vend, *attr;
12667 	enum qca_iface_type iface_type;
12668 	struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1];
12669 	struct nlattr *nl_pcl[QCA_WLAN_VENDOR_ATTR_PCL_MAX + 1];
12670 	unsigned int num, max_num;
12671 	u32 *freqs;
12672 
12673 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
12674 		  genlmsg_attrlen(gnlh, 0), NULL);
12675 
12676 	nl_vend = tb[NL80211_ATTR_VENDOR_DATA];
12677 	if (!nl_vend)
12678 		return NL_SKIP;
12679 
12680 	nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX,
12681 		  nla_data(nl_vend), nla_len(nl_vend), NULL);
12682 
12683 	attr = tb_vendor[
12684 		QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST_IFACE_TYPE];
12685 	if (!attr) {
12686 		wpa_printf(MSG_ERROR, "nl80211: iface_type couldn't be found");
12687 		param->num = 0;
12688 		return NL_SKIP;
12689 	}
12690 
12691 	iface_type = (enum qca_iface_type) nla_get_u32(attr);
12692 	wpa_printf(MSG_DEBUG, "nl80211: Driver returned iface_type=%d",
12693 		   iface_type);
12694 
12695 	attr = tb_vendor[
12696 		QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST_WEIGHED_PCL];
12697 	if (attr) {
12698 		int rem;
12699 		struct nlattr *wpcl = attr;
12700 		unsigned int i;
12701 
12702 		num = 0;
12703 		nla_for_each_nested(attr, wpcl, rem) {
12704 			if (num == param->num)
12705 				break; /* not enough room for all entries */
12706 			if (nla_parse(nl_pcl, QCA_WLAN_VENDOR_ATTR_PCL_MAX,
12707 				      nla_data(attr), nla_len(attr), NULL)) {
12708 				wpa_printf(MSG_ERROR,
12709 					   "nl80211: Failed to parse PCL info");
12710 				param->num = 0;
12711 				return NL_SKIP;
12712 			}
12713 			get_pcl_attr_values(&param->freq_list[num], nl_pcl);
12714 			num++;
12715 		}
12716 		param->num = num;
12717 
12718 		/* Sort frequencies based on their weight */
12719 		for (i = 0; i < num; i++) {
12720 			unsigned int j;
12721 
12722 			for (j = i + 1; j < num; j++) {
12723 				if (param->freq_list[i].weight <
12724 				    param->freq_list[j].weight) {
12725 					struct weighted_pcl tmp;
12726 
12727 					tmp = param->freq_list[i];
12728 					param->freq_list[i] =
12729 						param->freq_list[j];
12730 					param->freq_list[j] = tmp;
12731 				}
12732 			}
12733 		}
12734 	} else if (tb_vendor[QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST]) {
12735 		wpa_printf(MSG_DEBUG,
12736 			   "nl80211: Driver does not provide weighted PCL; use the non-weighted variant");
12737 		attr = tb_vendor[QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST];
12738 		/*
12739 		 * param->num has the maximum number of entries for which there
12740 		 * is room in the freq_list provided by the caller.
12741 		 */
12742 		freqs = nla_data(attr);
12743 		max_num = nla_len(attr) / sizeof(u32);
12744 		if (max_num > param->num)
12745 			max_num = param->num;
12746 		for (num = 0; num < max_num; num++) {
12747 			param->freq_list[num].freq = freqs[num];
12748 			param->freq_list[num].flag =
12749 				WEIGHTED_PCL_GO | WEIGHTED_PCL_CLI;
12750 		}
12751 		param->num = num;
12752 	} else {
12753 		wpa_printf(MSG_ERROR,
12754 			   "nl80211: preferred_freq_list couldn't be found");
12755 		param->num = 0;
12756 		return NL_SKIP;
12757 	}
12758 	return NL_SKIP;
12759 }
12760 
12761 
12762 static int nl80211_get_pref_freq_list(void *priv,
12763 				      enum wpa_driver_if_type if_type,
12764 				      unsigned int *num,
12765 				      struct weighted_pcl *freq_list)
12766 {
12767 	struct i802_bss *bss = priv;
12768 	struct wpa_driver_nl80211_data *drv = bss->drv;
12769 	struct nl_msg *msg;
12770 	int ret;
12771 	unsigned int i;
12772 	struct nlattr *params;
12773 	struct nl80211_pcl param;
12774 	enum qca_iface_type iface_type;
12775 
12776 	if (!drv->get_pref_freq_list)
12777 		return -1;
12778 
12779 	switch (if_type) {
12780 	case WPA_IF_STATION:
12781 		iface_type = QCA_IFACE_TYPE_STA;
12782 		break;
12783 	case WPA_IF_AP_BSS:
12784 		iface_type = QCA_IFACE_TYPE_AP;
12785 		break;
12786 	case WPA_IF_P2P_GO:
12787 		iface_type = QCA_IFACE_TYPE_P2P_GO;
12788 		break;
12789 	case WPA_IF_P2P_CLIENT:
12790 		iface_type = QCA_IFACE_TYPE_P2P_CLIENT;
12791 		break;
12792 	case WPA_IF_IBSS:
12793 		iface_type = QCA_IFACE_TYPE_IBSS;
12794 		break;
12795 	case WPA_IF_TDLS:
12796 		iface_type = QCA_IFACE_TYPE_TDLS;
12797 		break;
12798 	default:
12799 		return -1;
12800 	}
12801 
12802 	param.num = *num;
12803 	param.freq_list = freq_list;
12804 
12805 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
12806 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, drv->ifindex) ||
12807 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
12808 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
12809 			QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST) ||
12810 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
12811 	    nla_put_u32(msg,
12812 			QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST_IFACE_TYPE,
12813 			iface_type)) {
12814 		wpa_printf(MSG_ERROR,
12815 			   "%s: err in adding vendor_cmd and vendor_data",
12816 			   __func__);
12817 		nlmsg_free(msg);
12818 		return -1;
12819 	}
12820 	nla_nest_end(msg, params);
12821 
12822 	if (freq_list)
12823 		os_memset(freq_list, 0, *num * sizeof(struct weighted_pcl));
12824 	ret = send_and_recv_resp(drv, msg, preferred_freq_info_handler, &param);
12825 	if (ret) {
12826 		wpa_printf(MSG_ERROR,
12827 			   "%s: err in send_and_recv_resp", __func__);
12828 		return ret;
12829 	}
12830 
12831 	*num = param.num;
12832 
12833 	for (i = 0; i < *num; i++) {
12834 		wpa_printf(MSG_DEBUG,
12835 			   "nl80211: preferred_channel_list[%d]=%d[%d]:0x%x",
12836 			   i, freq_list[i].freq, freq_list[i].weight,
12837 			   freq_list[i].flag);
12838 	}
12839 
12840 	return 0;
12841 }
12842 
12843 
12844 static int nl80211_set_prob_oper_freq(void *priv, unsigned int freq)
12845 {
12846 	struct i802_bss *bss = priv;
12847 	struct wpa_driver_nl80211_data *drv = bss->drv;
12848 	struct nl_msg *msg;
12849 	int ret;
12850 	struct nlattr *params;
12851 
12852 	if (!drv->set_prob_oper_freq)
12853 		return -1;
12854 
12855 	wpa_printf(MSG_DEBUG,
12856 		   "nl80211: Set P2P probable operating freq %u for ifindex %d",
12857 		   freq, bss->ifindex);
12858 
12859 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
12860 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
12861 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
12862 			QCA_NL80211_VENDOR_SUBCMD_SET_PROBABLE_OPER_CHANNEL) ||
12863 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
12864 	    nla_put_u32(msg,
12865 			QCA_WLAN_VENDOR_ATTR_PROBABLE_OPER_CHANNEL_IFACE_TYPE,
12866 			QCA_IFACE_TYPE_P2P_CLIENT) ||
12867 	    nla_put_u32(msg,
12868 			QCA_WLAN_VENDOR_ATTR_PROBABLE_OPER_CHANNEL_FREQ,
12869 			freq)) {
12870 		wpa_printf(MSG_ERROR,
12871 			   "%s: err in adding vendor_cmd and vendor_data",
12872 			   __func__);
12873 		nlmsg_free(msg);
12874 		return -1;
12875 	}
12876 	nla_nest_end(msg, params);
12877 
12878 	ret = send_and_recv_cmd(drv, msg);
12879 	msg = NULL;
12880 	if (ret) {
12881 		wpa_printf(MSG_ERROR, "%s: err in send_and_recv_cmd",
12882 			   __func__);
12883 		return ret;
12884 	}
12885 	nlmsg_free(msg);
12886 	return 0;
12887 }
12888 
12889 
12890 static int nl80211_p2p_lo_start(void *priv, unsigned int freq,
12891 				unsigned int period, unsigned int interval,
12892 				unsigned int count, const u8 *device_types,
12893 				size_t dev_types_len,
12894 				const u8 *ies, size_t ies_len)
12895 {
12896 	struct i802_bss *bss = priv;
12897 	struct wpa_driver_nl80211_data *drv = bss->drv;
12898 	struct nl_msg *msg;
12899 	struct nlattr *container;
12900 	int ret;
12901 
12902 	wpa_printf(MSG_DEBUG,
12903 		   "nl80211: Start P2P Listen offload: freq=%u, period=%u, interval=%u, count=%u",
12904 		   freq, period, interval, count);
12905 
12906 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_P2P_LISTEN_OFFLOAD))
12907 		return -1;
12908 
12909 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
12910 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
12911 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
12912 			QCA_NL80211_VENDOR_SUBCMD_P2P_LISTEN_OFFLOAD_START))
12913 		goto fail;
12914 
12915 	container = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
12916 	if (!container)
12917 		goto fail;
12918 
12919 	if (nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_CHANNEL,
12920 			freq) ||
12921 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_PERIOD,
12922 			period) ||
12923 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_INTERVAL,
12924 			interval) ||
12925 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_COUNT,
12926 			count) ||
12927 	    nla_put(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_DEVICE_TYPES,
12928 		    dev_types_len, device_types) ||
12929 	    nla_put(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_VENDOR_IE,
12930 		    ies_len, ies))
12931 		goto fail;
12932 
12933 	nla_nest_end(msg, container);
12934 	ret = send_and_recv_cmd(drv, msg);
12935 	msg = NULL;
12936 	if (ret) {
12937 		wpa_printf(MSG_DEBUG,
12938 			   "nl80211: Failed to send P2P Listen offload vendor command");
12939 		goto fail;
12940 	}
12941 
12942 	return 0;
12943 
12944 fail:
12945 	nlmsg_free(msg);
12946 	return -1;
12947 }
12948 
12949 
12950 static int nl80211_p2p_lo_stop(void *priv)
12951 {
12952 	struct i802_bss *bss = priv;
12953 	struct wpa_driver_nl80211_data *drv = bss->drv;
12954 	struct nl_msg *msg;
12955 
12956 	wpa_printf(MSG_DEBUG, "nl80211: Stop P2P Listen offload");
12957 
12958 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_P2P_LISTEN_OFFLOAD))
12959 		return -1;
12960 
12961 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
12962 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
12963 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
12964 			QCA_NL80211_VENDOR_SUBCMD_P2P_LISTEN_OFFLOAD_STOP)) {
12965 		nlmsg_free(msg);
12966 		return -1;
12967 	}
12968 
12969 	return send_and_recv_cmd(drv, msg);
12970 }
12971 
12972 
12973 static int nl80211_set_tdls_mode(void *priv, int tdls_external_control)
12974 {
12975 	struct i802_bss *bss = priv;
12976 	struct wpa_driver_nl80211_data *drv = bss->drv;
12977 	struct nl_msg *msg;
12978 	struct nlattr *params;
12979 	int ret;
12980 	u32 tdls_mode;
12981 
12982 	wpa_printf(MSG_DEBUG,
12983 		   "nl80211: Set TDKS mode: tdls_external_control=%d",
12984 		   tdls_external_control);
12985 
12986 	if (tdls_external_control == 1)
12987 		tdls_mode = QCA_WLAN_VENDOR_TDLS_TRIGGER_MODE_IMPLICIT |
12988 			QCA_WLAN_VENDOR_TDLS_TRIGGER_MODE_EXTERNAL;
12989 	else
12990 		tdls_mode = QCA_WLAN_VENDOR_TDLS_TRIGGER_MODE_EXPLICIT;
12991 
12992 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
12993 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
12994 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
12995 			QCA_NL80211_VENDOR_SUBCMD_CONFIGURE_TDLS))
12996 		goto fail;
12997 
12998 	params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
12999 	if (!params)
13000 		goto fail;
13001 
13002 	if (nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_TDLS_CONFIG_TRIGGER_MODE,
13003 			tdls_mode))
13004 		goto fail;
13005 
13006 	nla_nest_end(msg, params);
13007 
13008 	ret = send_and_recv_cmd(drv, msg);
13009 	msg = NULL;
13010 	if (ret) {
13011 		wpa_printf(MSG_ERROR,
13012 			   "nl80211: Set TDLS mode failed: ret=%d (%s)",
13013 			   ret, strerror(-ret));
13014 		goto fail;
13015 	}
13016 	return 0;
13017 fail:
13018 	nlmsg_free(msg);
13019 	return -1;
13020 }
13021 
13022 
13023 #ifdef CONFIG_MBO
13024 
13025 static enum mbo_transition_reject_reason
13026 nl80211_mbo_reject_reason_mapping(enum qca_wlan_btm_candidate_status status)
13027 {
13028 	switch (status) {
13029 	case QCA_STATUS_REJECT_EXCESSIVE_FRAME_LOSS_EXPECTED:
13030 		return MBO_TRANSITION_REJECT_REASON_FRAME_LOSS;
13031 	case QCA_STATUS_REJECT_EXCESSIVE_DELAY_EXPECTED:
13032 		return MBO_TRANSITION_REJECT_REASON_DELAY;
13033 	case QCA_STATUS_REJECT_INSUFFICIENT_QOS_CAPACITY:
13034 		return MBO_TRANSITION_REJECT_REASON_QOS_CAPACITY;
13035 	case QCA_STATUS_REJECT_LOW_RSSI:
13036 		return MBO_TRANSITION_REJECT_REASON_RSSI;
13037 	case QCA_STATUS_REJECT_HIGH_INTERFERENCE:
13038 		return MBO_TRANSITION_REJECT_REASON_INTERFERENCE;
13039 	case QCA_STATUS_REJECT_UNKNOWN:
13040 	default:
13041 		return MBO_TRANSITION_REJECT_REASON_UNSPECIFIED;
13042 	}
13043 }
13044 
13045 
13046 static void nl80211_parse_btm_candidate_info(struct candidate_list *candidate,
13047 					     struct nlattr *tb[], int num)
13048 {
13049 	enum qca_wlan_btm_candidate_status status;
13050 	char buf[50];
13051 
13052 	os_memcpy(candidate->bssid,
13053 		  nla_data(tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_BSSID]),
13054 		  ETH_ALEN);
13055 
13056 	status = nla_get_u32(
13057 		tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_STATUS]);
13058 	candidate->is_accept = status == QCA_STATUS_ACCEPT;
13059 	candidate->reject_reason = nl80211_mbo_reject_reason_mapping(status);
13060 
13061 	if (candidate->is_accept)
13062 		os_snprintf(buf, sizeof(buf), "Accepted");
13063 	else
13064 		os_snprintf(buf, sizeof(buf),
13065 			    "Rejected, Reject_reason: %d",
13066 			    candidate->reject_reason);
13067 	wpa_printf(MSG_DEBUG, "nl80211:   BSSID[%d]: " MACSTR " %s",
13068 		   num, MAC2STR(candidate->bssid), buf);
13069 }
13070 
13071 
13072 static int
13073 nl80211_get_bss_transition_status_handler(struct nl_msg *msg, void *arg)
13074 {
13075 	struct wpa_bss_candidate_info *info = arg;
13076 	struct candidate_list *candidate = info->candidates;
13077 	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
13078 	struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1];
13079 	struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_MAX + 1];
13080 	static struct nla_policy policy[
13081 		QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_MAX + 1] = {
13082 		[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_BSSID] = {
13083 			.minlen = ETH_ALEN
13084 		},
13085 		[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_STATUS] = {
13086 			.type = NLA_U32,
13087 		},
13088 	};
13089 	struct nlattr *attr;
13090 	int rem;
13091 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
13092 	u8 num;
13093 
13094 	num = info->num; /* number of candidates sent to driver */
13095 	info->num = 0;
13096 	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
13097 		  genlmsg_attrlen(gnlh, 0), NULL);
13098 
13099 	if (!tb_msg[NL80211_ATTR_VENDOR_DATA] ||
13100 	    nla_parse_nested(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX,
13101 			     tb_msg[NL80211_ATTR_VENDOR_DATA], NULL) ||
13102 	    !tb_vendor[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO])
13103 		return NL_SKIP;
13104 
13105 	wpa_printf(MSG_DEBUG,
13106 		   "nl80211: WNM Candidate list received from driver");
13107 	nla_for_each_nested(attr,
13108 			    tb_vendor[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO],
13109 			    rem) {
13110 		if (info->num >= num ||
13111 		    nla_parse_nested(
13112 			    tb, QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_MAX,
13113 			    attr, policy) ||
13114 		    !tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_BSSID] ||
13115 		    !tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_STATUS])
13116 			break;
13117 
13118 		nl80211_parse_btm_candidate_info(candidate, tb, info->num);
13119 
13120 		candidate++;
13121 		info->num++;
13122 	}
13123 
13124 	return NL_SKIP;
13125 }
13126 
13127 
13128 static struct wpa_bss_candidate_info *
13129 nl80211_get_bss_transition_status(void *priv, struct wpa_bss_trans_info *params)
13130 {
13131 	struct i802_bss *bss = priv;
13132 	struct wpa_driver_nl80211_data *drv = bss->drv;
13133 	struct nl_msg *msg;
13134 	struct nlattr *attr, *attr1, *attr2;
13135 	struct wpa_bss_candidate_info *info;
13136 	u8 i;
13137 	int ret;
13138 	u8 *pos;
13139 
13140 	if (!drv->fetch_bss_trans_status)
13141 		return NULL;
13142 
13143 	info = os_zalloc(sizeof(*info));
13144 	if (!info)
13145 		return NULL;
13146 	/* Allocate memory for number of candidates sent to driver */
13147 	info->candidates = os_calloc(params->n_candidates,
13148 				     sizeof(*info->candidates));
13149 	if (!info->candidates) {
13150 		os_free(info);
13151 		return NULL;
13152 	}
13153 
13154 	/* Copy the number of candidates being sent to driver. This is used in
13155 	 * nl80211_get_bss_transition_status_handler() to limit the number of
13156 	 * candidates that can be populated in info->candidates and will be
13157 	 * later overwritten with the actual number of candidates received from
13158 	 * the driver.
13159 	 */
13160 	info->num = params->n_candidates;
13161 
13162 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
13163 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
13164 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
13165 			QCA_NL80211_VENDOR_SUBCMD_FETCH_BSS_TRANSITION_STATUS))
13166 		goto fail;
13167 
13168 	attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
13169 	if (!attr)
13170 		goto fail;
13171 
13172 	if (nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_BTM_MBO_TRANSITION_REASON,
13173 		       params->mbo_transition_reason))
13174 		goto fail;
13175 
13176 	attr1 = nla_nest_start(msg, QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO);
13177 	if (!attr1)
13178 		goto fail;
13179 
13180 	wpa_printf(MSG_DEBUG,
13181 		   "nl80211: WNM Candidate list info sending to driver: mbo_transition_reason: %d n_candidates: %d",
13182 		   params->mbo_transition_reason, params->n_candidates);
13183 	pos = params->bssid;
13184 	for (i = 0; i < params->n_candidates; i++) {
13185 		wpa_printf(MSG_DEBUG, "nl80211:   BSSID[%d]: " MACSTR, i,
13186 			   MAC2STR(pos));
13187 		attr2 = nla_nest_start(msg, i);
13188 		if (!attr2 ||
13189 		    nla_put(msg, QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_BSSID,
13190 			    ETH_ALEN, pos))
13191 			goto fail;
13192 		pos += ETH_ALEN;
13193 		nla_nest_end(msg, attr2);
13194 	}
13195 
13196 	nla_nest_end(msg, attr1);
13197 	nla_nest_end(msg, attr);
13198 
13199 	ret = send_and_recv_resp(drv, msg,
13200 				 nl80211_get_bss_transition_status_handler,
13201 				 info);
13202 	msg = NULL;
13203 	if (ret) {
13204 		wpa_printf(MSG_ERROR,
13205 			   "nl80211: WNM Get BSS transition status failed: ret=%d (%s)",
13206 			   ret, strerror(-ret));
13207 		goto fail;
13208 	}
13209 	return info;
13210 
13211 fail:
13212 	nlmsg_free(msg);
13213 	os_free(info->candidates);
13214 	os_free(info);
13215 	return NULL;
13216 }
13217 
13218 
13219 /**
13220  * nl80211_ignore_assoc_disallow - Configure driver to ignore assoc_disallow
13221  * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
13222  * @ignore_assoc_disallow: 0 to not ignore, 1 to ignore
13223  * Returns: 0 on success, -1 on failure
13224  */
13225 static int nl80211_ignore_assoc_disallow(void *priv, int ignore_disallow)
13226 {
13227 	struct i802_bss *bss = priv;
13228 	struct wpa_driver_nl80211_data *drv = bss->drv;
13229 	struct nl_msg *msg;
13230 	struct nlattr *attr;
13231 	int ret = -1;
13232 
13233 	if (!drv->set_wifi_conf_vendor_cmd_avail)
13234 		return -1;
13235 
13236 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
13237 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
13238 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
13239 			QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION))
13240 		goto fail;
13241 
13242 	attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
13243 	if (!attr)
13244 		goto fail;
13245 
13246 	wpa_printf(MSG_DEBUG, "nl80211: Set ignore_assoc_disallow %d",
13247 		   ignore_disallow);
13248 	if (nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_CONFIG_IGNORE_ASSOC_DISALLOWED,
13249 		       ignore_disallow))
13250 		goto fail;
13251 
13252 	nla_nest_end(msg, attr);
13253 
13254 	ret = send_and_recv_cmd(drv, msg);
13255 	msg = NULL;
13256 	if (ret) {
13257 		wpa_printf(MSG_ERROR,
13258 			   "nl80211: Set ignore_assoc_disallow failed: ret=%d (%s)",
13259 			   ret, strerror(-ret));
13260 		goto fail;
13261 	}
13262 
13263 fail:
13264 	nlmsg_free(msg);
13265 	return ret;
13266 }
13267 
13268 #endif /* CONFIG_MBO */
13269 
13270 
13271 #ifdef CONFIG_PASN
13272 
13273 static int nl80211_send_pasn_resp(void *priv, struct pasn_auth *params)
13274 {
13275 	unsigned int i;
13276 	struct i802_bss *bss = priv;
13277 	struct nl_msg *msg = NULL;
13278 	struct nlattr *nlpeers, *attr, *attr1;
13279 	struct wpa_driver_nl80211_data *drv = bss->drv;
13280 
13281 	wpa_dbg(drv->ctx, MSG_DEBUG,
13282 		"nl80211: PASN authentication response for %d entries",
13283 		params->num_peers);
13284 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
13285 	if (!msg ||
13286 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
13287 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
13288 			QCA_NL80211_VENDOR_SUBCMD_PASN))
13289 		goto fail;
13290 
13291 	attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
13292 	if (!attr)
13293 		goto fail;
13294 
13295 	nlpeers = nla_nest_start(msg, QCA_WLAN_VENDOR_ATTR_PASN_PEERS);
13296 	if (!nlpeers)
13297 		goto fail;
13298 
13299 	for (i = 0; i < params->num_peers; i++) {
13300 		attr1 = nla_nest_start(msg, i);
13301 		if (!attr1 ||
13302 		    nla_put(msg, QCA_WLAN_VENDOR_ATTR_PASN_PEER_SRC_ADDR,
13303 			    ETH_ALEN, params->peer[i].own_addr) ||
13304 		    nla_put(msg, QCA_WLAN_VENDOR_ATTR_PASN_PEER_MAC_ADDR,
13305 			    ETH_ALEN, params->peer[i].peer_addr))
13306 			goto fail;
13307 
13308 		if (params->peer[i].status == 0 &&
13309 		    nla_put_flag(msg,
13310 				 QCA_WLAN_VENDOR_ATTR_PASN_PEER_STATUS_SUCCESS))
13311 			goto fail;
13312 
13313 		wpa_printf(MSG_DEBUG,
13314 			   "nl80211: Own address[%u]: " MACSTR
13315 			   " Peer address[%u]: " MACSTR " Status: %s",
13316 			   i, MAC2STR(params->peer[i].own_addr), i,
13317 			   MAC2STR(params->peer[i].peer_addr),
13318 			   params->peer[i].status ? "Fail" : "Success");
13319 		nla_nest_end(msg, attr1);
13320 	}
13321 
13322 	nla_nest_end(msg, nlpeers);
13323 	nla_nest_end(msg, attr);
13324 
13325 	return send_and_recv_cmd(drv, msg);
13326 
13327 fail:
13328 	nlmsg_free(msg);
13329 	return -1;
13330 }
13331 
13332 
13333 static u32 wpa_ltf_keyseed_len_to_sha_type(size_t len)
13334 {
13335 	if (len == SHA384_MAC_LEN)
13336 		return QCA_WLAN_VENDOR_SHA_384;
13337 	if (len == SHA256_MAC_LEN)
13338 		return QCA_WLAN_VENDOR_SHA_256;
13339 
13340 	wpa_printf(MSG_ERROR, "nl80211: Unexpected LTF keyseed len %zu", len);
13341 	return (u32) -1;
13342 }
13343 
13344 
13345 static int nl80211_set_secure_ranging_ctx(void *priv,
13346 					  struct secure_ranging_params *params)
13347 {
13348 	int ret;
13349 	u32 suite;
13350 	struct nlattr *attr;
13351 	struct nl_msg *msg = NULL;
13352 	struct i802_bss *bss = priv;
13353 	struct wpa_driver_nl80211_data *drv = bss->drv;
13354 
13355 	/* Configure secure ranging context only to the drivers that support it.
13356 	 */
13357 	if (!drv->secure_ranging_ctx_vendor_cmd_avail)
13358 		return 0;
13359 
13360 	if (!params->peer_addr || !params->own_addr)
13361 		return -1;
13362 
13363 	wpa_dbg(drv->ctx, MSG_DEBUG,
13364 		"nl80211: Secure ranging context for " MACSTR,
13365 		MAC2STR(params->peer_addr));
13366 
13367 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
13368 	if (!msg ||
13369 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
13370 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
13371 			QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT))
13372 		goto fail;
13373 
13374 	attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
13375 	if (!attr)
13376 		goto fail;
13377 
13378 	if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_PEER_MAC_ADDR,
13379 		    ETH_ALEN, params->peer_addr) ||
13380 	    nla_put(msg, QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SRC_ADDR,
13381 		    ETH_ALEN, params->own_addr) ||
13382 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_ACTION,
13383 			params->action))
13384 		goto fail;
13385 
13386 	if (params->cipher) {
13387 		suite = wpa_cipher_to_cipher_suite(params->cipher);
13388 		if (!suite ||
13389 		    nla_put_u32(msg,
13390 				QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_CIPHER,
13391 				suite))
13392 			goto fail;
13393 	}
13394 
13395 	if (params->tk_len && params->tk) {
13396 		if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_TK,
13397 			    params->tk_len, params->tk))
13398 			goto fail;
13399 		wpa_hexdump_key(MSG_DEBUG, "nl80211: TK",
13400 				params->tk, params->tk_len);
13401 	}
13402 
13403 	if (params->ltf_keyseed_len && params->ltf_keyseed) {
13404 		u32 sha_type = wpa_ltf_keyseed_len_to_sha_type(
13405 			params->ltf_keyseed_len);
13406 
13407 		if (sha_type == (u32) -1 ||
13408 		    nla_put_u32(
13409 			    msg,
13410 			    QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SHA_TYPE,
13411 			    sha_type) ||
13412 		    nla_put(msg,
13413 			    QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_LTF_KEYSEED,
13414 			    params->ltf_keyseed_len, params->ltf_keyseed))
13415 			goto fail;
13416 		wpa_hexdump_key(MSG_DEBUG, "nl80211: LTF keyseed",
13417 				params->ltf_keyseed, params->ltf_keyseed_len);
13418 	}
13419 	nla_nest_end(msg, attr);
13420 
13421 	ret = send_and_recv_cmd(drv, msg);
13422 	if (ret)
13423 		wpa_printf(MSG_DEBUG,
13424 			   "nl80211: Set secure ranging context failed: ret=%d (%s)",
13425 			   ret, strerror(-ret));
13426 	return ret;
13427 fail:
13428 	nlmsg_free(msg);
13429 	return -1;
13430 }
13431 
13432 #endif /* CONFIG_PASN */
13433 
13434 #endif /* CONFIG_DRIVER_NL80211_QCA */
13435 
13436 
13437 #ifdef CONFIG_DRIVER_NL80211_BRCM
13438 static int wpa_driver_do_broadcom_acs(struct wpa_driver_nl80211_data *drv,
13439 				      struct drv_acs_params *params)
13440 {
13441 	struct nl_msg *msg;
13442 	struct nlattr *data;
13443 	int freq_list_len;
13444 	int ret = -1;
13445 
13446 	freq_list_len = int_array_len(params->freq_list);
13447 	wpa_printf(MSG_DEBUG, "%s: freq_list_len=%d",
13448 		   __func__, freq_list_len);
13449 
13450 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
13451 	if (!msg ||
13452 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_BRCM) ||
13453 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
13454 			BRCM_VENDOR_SCMD_ACS) ||
13455 	    !(data = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
13456 	    nla_put_u8(msg, BRCM_VENDOR_ATTR_ACS_HW_MODE, params->hw_mode) ||
13457 	    nla_put_u8(msg, BRCM_VENDOR_ATTR_ACS_HT_ENABLED,
13458 		       params->ht_enabled) ||
13459 	    nla_put_u8(msg, BRCM_VENDOR_ATTR_ACS_HT40_ENABLED,
13460 		       params->ht40_enabled) ||
13461 	    nla_put_u8(msg, BRCM_VENDOR_ATTR_ACS_VHT_ENABLED,
13462 		       params->vht_enabled) ||
13463 	    nla_put_u16(msg, BRCM_VENDOR_ATTR_ACS_CHWIDTH, params->ch_width) ||
13464 	    (freq_list_len > 0 &&
13465 	     nla_put(msg, BRCM_VENDOR_ATTR_ACS_FREQ_LIST,
13466 		     sizeof(int) * freq_list_len, params->freq_list)))
13467 		goto fail;
13468 	nla_nest_end(msg, data);
13469 
13470 	wpa_printf(MSG_DEBUG,
13471 		   "nl80211: ACS Params: HW_MODE: %d HT: %d HT40: %d VHT: %d BW: %d",
13472 		   params->hw_mode, params->ht_enabled, params->ht40_enabled,
13473 		   params->vht_enabled, params->ch_width);
13474 
13475 	ret = send_and_recv_cmd(drv, msg);
13476 	if (ret) {
13477 		wpa_printf(MSG_ERROR,
13478 			   "nl80211: BRCM Failed to invoke driver ACS function: %s",
13479 			   strerror(errno));
13480 	}
13481 
13482 	msg = NULL;
13483 fail:
13484 	nlmsg_free(msg);
13485 	return ret;
13486 }
13487 #endif /* CONFIG_DRIVER_NL80211_BRCM */
13488 
13489 
13490 static int nl80211_do_acs(void *priv, struct drv_acs_params *params)
13491 {
13492 #if defined(CONFIG_DRIVER_NL80211_QCA) || defined(CONFIG_DRIVER_NL80211_BRCM)
13493 	struct i802_bss *bss = priv;
13494 	struct wpa_driver_nl80211_data *drv = bss->drv;
13495 #endif /* CONFIG_DRIVER_NL80211_QCA || CONFIG_DRIVER_NL80211_BRCM */
13496 
13497 #ifdef CONFIG_DRIVER_NL80211_QCA
13498 	if (drv->qca_do_acs)
13499 		return nl80211_qca_do_acs(drv, params);
13500 #endif /* CONFIG_DRIVER_NL80211_QCA */
13501 
13502 #ifdef CONFIG_DRIVER_NL80211_BRCM
13503 	if (drv->brcm_do_acs)
13504 		return wpa_driver_do_broadcom_acs(drv, params);
13505 #endif /* CONFIG_DRIVER_NL80211_BRCM */
13506 
13507 	return -1;
13508 }
13509 
13510 
13511 static int nl80211_write_to_file(const char *name, unsigned int val)
13512 {
13513 	int fd, len;
13514 	char tmp[128];
13515 	int ret = 0;
13516 
13517 	fd = open(name, O_RDWR);
13518 	if (fd < 0) {
13519 		int level;
13520 		/*
13521 		 * Flags may not exist on older kernels, or while we're tearing
13522 		 * down a disappearing device.
13523 		 */
13524 		if (errno == ENOENT) {
13525 			ret = 0;
13526 			level = MSG_DEBUG;
13527 		} else {
13528 			ret = -1;
13529 			level = MSG_ERROR;
13530 		}
13531 		wpa_printf(level, "nl80211: Failed to open %s: %s",
13532 			   name, strerror(errno));
13533 		return ret;
13534 	}
13535 
13536 	len = os_snprintf(tmp, sizeof(tmp), "%u\n", val);
13537 	len = write(fd, tmp, len);
13538 	if (len < 0) {
13539 		ret = -1;
13540 		wpa_printf(MSG_ERROR, "nl80211: Failed to write to %s: %s",
13541 			   name, strerror(errno));
13542 	}
13543 	close(fd);
13544 
13545 	return ret;
13546 }
13547 
13548 
13549 static int nl80211_configure_data_frame_filters(void *priv, u32 filter_flags)
13550 {
13551 	struct i802_bss *bss = priv;
13552 	char path[128];
13553 	int ret;
13554 
13555 	/* P2P-Device has no netdev that can (or should) be configured here */
13556 	if (nl80211_get_ifmode(bss) == NL80211_IFTYPE_P2P_DEVICE)
13557 		return 0;
13558 
13559 	wpa_printf(MSG_DEBUG, "nl80211: Data frame filter flags=0x%x",
13560 		   filter_flags);
13561 
13562 	/* Configure filtering of unicast frame encrypted using GTK */
13563 	ret = os_snprintf(path, sizeof(path),
13564 			  "/proc/sys/net/ipv4/conf/%s/drop_unicast_in_l2_multicast",
13565 			  bss->ifname);
13566 	if (os_snprintf_error(sizeof(path), ret))
13567 		return -1;
13568 
13569 	ret = nl80211_write_to_file(path,
13570 				    !!(filter_flags &
13571 				       WPA_DATA_FRAME_FILTER_FLAG_GTK));
13572 	if (ret) {
13573 		wpa_printf(MSG_ERROR,
13574 			   "nl80211: Failed to set IPv4 unicast in multicast filter");
13575 		return ret;
13576 	}
13577 
13578 	os_snprintf(path, sizeof(path),
13579 		    "/proc/sys/net/ipv6/conf/%s/drop_unicast_in_l2_multicast",
13580 		    bss->ifname);
13581 	ret = nl80211_write_to_file(path,
13582 				    !!(filter_flags &
13583 				       WPA_DATA_FRAME_FILTER_FLAG_GTK));
13584 
13585 	if (ret) {
13586 		wpa_printf(MSG_ERROR,
13587 			   "nl80211: Failed to set IPv6 unicast in multicast filter");
13588 		return ret;
13589 	}
13590 
13591 	/* Configure filtering of unicast frame encrypted using GTK */
13592 	os_snprintf(path, sizeof(path),
13593 		    "/proc/sys/net/ipv4/conf/%s/drop_gratuitous_arp",
13594 		    bss->ifname);
13595 	ret = nl80211_write_to_file(path,
13596 				    !!(filter_flags &
13597 				       WPA_DATA_FRAME_FILTER_FLAG_ARP));
13598 	if (ret) {
13599 		wpa_printf(MSG_ERROR,
13600 			   "nl80211: Failed set gratuitous ARP filter");
13601 		return ret;
13602 	}
13603 
13604 	/* Configure filtering of IPv6 NA frames */
13605 	os_snprintf(path, sizeof(path),
13606 		    "/proc/sys/net/ipv6/conf/%s/drop_unsolicited_na",
13607 		    bss->ifname);
13608 	ret = nl80211_write_to_file(path,
13609 				    !!(filter_flags &
13610 				       WPA_DATA_FRAME_FILTER_FLAG_NA));
13611 	if (ret) {
13612 		wpa_printf(MSG_ERROR,
13613 			   "nl80211: Failed to set unsolicited NA filter");
13614 		return ret;
13615 	}
13616 
13617 	return 0;
13618 }
13619 
13620 
13621 static int nl80211_get_ext_capab(void *priv, enum wpa_driver_if_type type,
13622 				 const u8 **ext_capa, const u8 **ext_capa_mask,
13623 				 unsigned int *ext_capa_len)
13624 {
13625 	struct i802_bss *bss = priv;
13626 	struct wpa_driver_nl80211_data *drv = bss->drv;
13627 	enum nl80211_iftype nlmode;
13628 	unsigned int i;
13629 
13630 	if (!ext_capa || !ext_capa_mask || !ext_capa_len)
13631 		return -1;
13632 
13633 	nlmode = wpa_driver_nl80211_if_type(type);
13634 
13635 	/* By default, use the per-radio values */
13636 	*ext_capa = drv->extended_capa;
13637 	*ext_capa_mask = drv->extended_capa_mask;
13638 	*ext_capa_len = drv->extended_capa_len;
13639 
13640 	/* Replace the default value if a per-interface type value exists */
13641 	for (i = 0; i < drv->num_iface_capa; i++) {
13642 		if (nlmode == drv->iface_capa[i].iftype) {
13643 			*ext_capa = drv->iface_capa[i].ext_capa;
13644 			*ext_capa_mask = drv->iface_capa[i].ext_capa_mask;
13645 			*ext_capa_len = drv->iface_capa[i].ext_capa_len;
13646 			break;
13647 		}
13648 	}
13649 
13650 	return 0;
13651 }
13652 
13653 
13654 static int nl80211_get_mld_capab(void *priv, enum wpa_driver_if_type type,
13655 				 u16 *eml_capa, u16 *mld_capa_and_ops)
13656 {
13657 	struct i802_bss *bss = priv;
13658 	struct wpa_driver_nl80211_data *drv = bss->drv;
13659 	enum nl80211_iftype nlmode;
13660 	unsigned int i;
13661 
13662 	if (!eml_capa || !mld_capa_and_ops)
13663 		return -1;
13664 
13665 	nlmode = wpa_driver_nl80211_if_type(type);
13666 
13667 	/* By default, set to zero */
13668 	*eml_capa = 0;
13669 	*mld_capa_and_ops = 0;
13670 
13671 	/* Replace the default value if a per-interface type value exists */
13672 	for (i = 0; i < drv->num_iface_capa; i++) {
13673 		if (nlmode == drv->iface_capa[i].iftype) {
13674 			*eml_capa = drv->iface_capa[i].eml_capa;
13675 			*mld_capa_and_ops =
13676 				drv->iface_capa[i].mld_capa_and_ops;
13677 			break;
13678 		}
13679 	}
13680 
13681 	return 0;
13682 }
13683 
13684 
13685 static int nl80211_update_connection_params(
13686 	void *priv, struct wpa_driver_associate_params *params,
13687 	enum wpa_drv_update_connect_params_mask mask)
13688 {
13689 	struct i802_bss *bss = priv;
13690 	struct wpa_driver_nl80211_data *drv = bss->drv;
13691 	struct nl_msg *msg;
13692 	int ret = -1;
13693 	enum nl80211_auth_type type;
13694 
13695 	/* Update Connection Params is intended for drivers that implement
13696 	 * internal SME and expect these updated connection params from
13697 	 * wpa_supplicant. Do not send this request for the drivers using
13698 	 * SME from wpa_supplicant.
13699 	 */
13700 	if (drv->capa.flags & WPA_DRIVER_FLAGS_SME)
13701 		return 0;
13702 
13703 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_UPDATE_CONNECT_PARAMS);
13704 	if (!msg)
13705 		goto fail;
13706 
13707 	wpa_printf(MSG_DEBUG, "nl80211: Update connection params (ifindex=%d)",
13708 		   drv->ifindex);
13709 
13710 	if ((mask & WPA_DRV_UPDATE_ASSOC_IES) && params->wpa_ie) {
13711 		if (nla_put(msg, NL80211_ATTR_IE, params->wpa_ie_len,
13712 			    params->wpa_ie))
13713 			goto fail;
13714 		wpa_hexdump(MSG_DEBUG, "  * IEs", params->wpa_ie,
13715 			    params->wpa_ie_len);
13716 	}
13717 
13718 	if (mask & WPA_DRV_UPDATE_AUTH_TYPE) {
13719 		type = get_nl_auth_type(params->auth_alg);
13720 		if (type == NL80211_AUTHTYPE_MAX ||
13721 		    nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE, type))
13722 			goto fail;
13723 		wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
13724 	}
13725 
13726 	if ((mask & WPA_DRV_UPDATE_FILS_ERP_INFO) &&
13727 	    nl80211_put_fils_connect_params(drv, params, msg))
13728 		goto fail;
13729 
13730 	ret = send_and_recv_cmd(drv, msg);
13731 	msg = NULL;
13732 	if (ret)
13733 		wpa_dbg(drv->ctx, MSG_DEBUG,
13734 			"nl80211: Update connect params command failed: ret=%d (%s)",
13735 			ret, strerror(-ret));
13736 
13737 fail:
13738 	nlmsg_free(msg);
13739 	return ret;
13740 }
13741 
13742 
13743 static int nl80211_send_external_auth_status(void *priv,
13744 					     struct external_auth *params)
13745 {
13746 	struct i802_bss *bss = priv;
13747 	struct wpa_driver_nl80211_data *drv = bss->drv;
13748 	struct nl_msg *msg = NULL;
13749 	int ret = -1;
13750 
13751 	/* External auth command/status is intended for drivers that implement
13752 	 * internal SME but want to offload authentication processing (e.g.,
13753 	 * SAE) to hostapd/wpa_supplicant. Do not send the status to drivers
13754 	 * which do not support AP SME or use wpa_supplicant/hostapd SME.
13755 	 */
13756 	if ((is_ap_interface(drv->nlmode) && !bss->drv->device_ap_sme) ||
13757 	    (drv->capa.flags & WPA_DRIVER_FLAGS_SME))
13758 		return -1;
13759 
13760 	wpa_dbg(drv->ctx, MSG_DEBUG,
13761 		"nl80211: External auth status: %u", params->status);
13762 
13763 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_EXTERNAL_AUTH);
13764 	if (!msg ||
13765 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, params->status) ||
13766 	    (params->ssid && params->ssid_len &&
13767 	     nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid)) ||
13768 	    (params->pmkid &&
13769 	     nla_put(msg, NL80211_ATTR_PMKID, PMKID_LEN, params->pmkid)) ||
13770 	    (params->bssid &&
13771 	     nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid)))
13772 		goto fail;
13773 	ret = send_and_recv_cmd(drv, msg);
13774 	msg = NULL;
13775 	if (ret) {
13776 		wpa_printf(MSG_DEBUG,
13777 			   "nl80211: External Auth status update failed: ret=%d (%s)",
13778 			   ret, strerror(-ret));
13779 		goto fail;
13780 	}
13781 fail:
13782 	nlmsg_free(msg);
13783 	return ret;
13784 }
13785 
13786 
13787 static int nl80211_set_4addr_mode(void *priv, const char *bridge_ifname,
13788 				  int val)
13789 {
13790 	struct i802_bss *bss = priv;
13791 	struct wpa_driver_nl80211_data *drv = bss->drv;
13792 	struct nl_msg *msg;
13793 	int ret = -ENOBUFS;
13794 
13795 	wpa_printf(MSG_DEBUG, "nl80211: %s 4addr mode (bridge_ifname: %s)",
13796 		   val ? "Enable" : "Disable", bridge_ifname);
13797 
13798 	msg = nl80211_cmd_msg(drv->first_bss, 0, NL80211_CMD_SET_INTERFACE);
13799 	if (!msg || nla_put_u8(msg, NL80211_ATTR_4ADDR, val))
13800 		goto fail;
13801 
13802 	if (bridge_ifname[0] && bss->added_if_into_bridge && !val) {
13803 		if (linux_br_del_if(drv->global->ioctl_sock,
13804 				    bridge_ifname, bss->ifname)) {
13805 			wpa_printf(MSG_ERROR,
13806 				   "nl80211: Failed to remove interface %s from bridge %s",
13807 				   bss->ifname, bridge_ifname);
13808 			return -1;
13809 		}
13810 		bss->added_if_into_bridge = 0;
13811 	}
13812 
13813 	ret = send_and_recv_cmd(drv, msg);
13814 	msg = NULL;
13815 	if (ret && val && nl80211_get_4addr(bss) == 1) {
13816 		wpa_printf(MSG_DEBUG,
13817 			   "nl80211: 4addr mode was already enabled");
13818 		ret = 0;
13819 	}
13820 	if (!ret) {
13821 		if (bridge_ifname[0] && val &&
13822 		    i802_check_bridge(drv, bss, bridge_ifname, bss->ifname) < 0)
13823 			return -1;
13824 		return 0;
13825 	}
13826 
13827 fail:
13828 	nlmsg_free(msg);
13829 	wpa_printf(MSG_ERROR, "nl80211: Failed to enable/disable 4addr");
13830 
13831 	return ret;
13832 }
13833 
13834 
13835 #ifdef CONFIG_DPP
13836 static int nl80211_dpp_listen(void *priv, bool enable)
13837 {
13838 	struct i802_bss *bss = priv;
13839 	struct wpa_driver_nl80211_data *drv = bss->drv;
13840 	u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
13841 	struct nl_sock *handle;
13842 
13843 	if (!drv->multicast_registrations || !bss->nl_mgmt)
13844 		return 0; /* cannot do more than hope broadcast RX works */
13845 
13846 	wpa_printf(MSG_DEBUG,
13847 		   "nl80211: Update DPP Public Action frame registration (%s multicast RX)",
13848 		   enable ? "enable" : "disable");
13849 	handle = (void *) (((intptr_t) bss->nl_mgmt) ^ ELOOP_SOCKET_INVALID);
13850 	return nl80211_register_frame(bss, handle, type,
13851 				      (u8 *) "\x04\x09\x50\x6f\x9a\x1a", 6,
13852 				      enable);
13853 }
13854 #endif /* CONFIG_DPP */
13855 
13856 
13857 static int nl80211_link_add(void *priv, u8 link_id, const u8 *addr,
13858 			    void *bss_ctx)
13859 {
13860 	struct i802_bss *bss = priv;
13861 	struct wpa_driver_nl80211_data *drv = bss->drv;
13862 	struct nl_msg *msg;
13863 	int ret;
13864 
13865 	wpa_printf(MSG_DEBUG, "nl80211: MLD: add link_id=%u, addr=" MACSTR,
13866 		   link_id, MAC2STR(addr));
13867 
13868 	if (drv->nlmode != NL80211_IFTYPE_AP) {
13869 		wpa_printf(MSG_DEBUG,
13870 			   "nl80211: MLD: cannot add link to iftype=%u",
13871 			   drv->nlmode);
13872 		return -EINVAL;
13873 	}
13874 
13875 	if (link_id >= MAX_NUM_MLD_LINKS) {
13876 		wpa_printf(MSG_DEBUG,
13877 			   "nl80211: invalid link_id=%u", link_id);
13878 		return -EINVAL;
13879 	}
13880 
13881 	if (bss->valid_links & BIT(link_id)) {
13882 		wpa_printf(MSG_DEBUG,
13883 			   "nl80211: MLD: Link %u already set", link_id);
13884 		return -EINVAL;
13885 	}
13886 
13887 	if (!bss->valid_links) {
13888 		/* Becoming MLD, verify we were not beaconing */
13889 		if (bss->flink->beacon_set) {
13890 			wpa_printf(MSG_DEBUG, "nl80211: BSS already beaconing");
13891 			return -EINVAL;
13892 		}
13893 	}
13894 
13895 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_ADD_LINK);
13896 	if (!msg ||
13897 	    nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id) ||
13898 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
13899 		nlmsg_free(msg);
13900 		return -ENOBUFS;
13901 	}
13902 
13903 	ret = send_and_recv_cmd(drv, msg);
13904 	if (ret) {
13905 		wpa_printf(MSG_DEBUG, "nl80211: add link failed. ret=%d (%s)",
13906 			   ret, strerror(-ret));
13907 		return ret;
13908 	}
13909 
13910 	os_memcpy(bss->links[link_id].addr, addr, ETH_ALEN);
13911 
13912 	/* The new link is the first one, make it the default */
13913 	if (!bss->valid_links)
13914 		bss->flink = &bss->links[link_id];
13915 
13916 	bss->valid_links |= BIT(link_id);
13917 	bss->links[link_id].ctx = bss_ctx;
13918 
13919 	wpa_printf(MSG_DEBUG, "nl80211: MLD: valid_links=0x%04x on %s",
13920 		   bss->valid_links, bss->ifname);
13921 	return 0;
13922 }
13923 
13924 
13925 #ifdef CONFIG_IEEE80211BE
13926 static int wpa_driver_nl80211_link_sta_remove(void *priv, u8 link_id,
13927 					      const u8 *addr)
13928 {
13929 	struct i802_bss *bss = priv;
13930 	struct wpa_driver_nl80211_data *drv = bss->drv;
13931 	struct nl_msg *msg;
13932 	int ret;
13933 
13934 	if (!(bss->valid_links & BIT(link_id)))
13935 		return -ENOLINK;
13936 
13937 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_REMOVE_LINK_STA)) ||
13938 	    nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, addr) ||
13939 	    nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) {
13940 		nlmsg_free(msg);
13941 		return -ENOBUFS;
13942 	}
13943 
13944 	ret = send_and_recv_cmd(drv, msg);
13945 	wpa_printf(MSG_DEBUG,
13946 		   "nl80211: link_sta_remove -> REMOVE_LINK_STA on link_id %u from MLD STA "
13947 		   MACSTR ", from %s --> %d (%s)",
13948 		   link_id, MAC2STR(addr), bss->ifname, ret, strerror(-ret));
13949 
13950 	return ret;
13951 }
13952 #endif /* CONFIG_IEEE80211BE */
13953 
13954 
13955 #ifdef CONFIG_TESTING_OPTIONS
13956 
13957 static int testing_nl80211_register_frame(void *priv, u16 type,
13958 					  const u8 *match, size_t match_len,
13959 					  bool multicast)
13960 {
13961 	struct i802_bss *bss = priv;
13962 	struct nl_sock *handle;
13963 
13964 	if (!bss->nl_mgmt)
13965 		return -1;
13966 	handle = (void *) (((intptr_t) bss->nl_mgmt) ^ ELOOP_SOCKET_INVALID);
13967 	return nl80211_register_frame(bss, handle, type, match, match_len,
13968 				      multicast);
13969 }
13970 
13971 
13972 static int testing_nl80211_radio_disable(void *priv, int disabled)
13973 {
13974 	struct i802_bss *bss = priv;
13975 	struct wpa_driver_nl80211_data *drv = bss->drv;
13976 
13977 	/* For now, this is supported only partially in station mode with
13978 	 * SME-in-wpa_supplicant case where the NL80211_ATTR_LOCAL_STATE_CHANGE
13979 	 * attribute can be used to avoid sending out the Deauthentication frame
13980 	 * to the currently associated AP. */
13981 
13982 	if (!disabled)
13983 		return 0;
13984 
13985 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
13986 		return -1;
13987 
13988 	if (!drv->associated)
13989 		return 0;
13990 
13991 	return wpa_driver_nl80211_mlme(drv, drv->bssid,
13992 				       NL80211_CMD_DEAUTHENTICATE,
13993 				       WLAN_REASON_PREV_AUTH_NOT_VALID, 1,
13994 				       drv->first_bss);
13995 }
13996 
13997 #endif /* CONFIG_TESTING_OPTIONS */
13998 
13999 
14000 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
14001 	.name = "nl80211",
14002 	.desc = "Linux nl80211/cfg80211",
14003 	.get_bssid = wpa_driver_nl80211_get_bssid,
14004 	.get_ssid = wpa_driver_nl80211_get_ssid,
14005 	.set_key = driver_nl80211_set_key,
14006 	.scan2 = driver_nl80211_scan2,
14007 	.sched_scan = wpa_driver_nl80211_sched_scan,
14008 	.stop_sched_scan = wpa_driver_nl80211_stop_sched_scan,
14009 	.get_scan_results = wpa_driver_nl80211_get_scan_results,
14010 	.abort_scan = wpa_driver_nl80211_abort_scan,
14011 	.deauthenticate = driver_nl80211_deauthenticate,
14012 	.authenticate = driver_nl80211_authenticate,
14013 	.associate = wpa_driver_nl80211_associate,
14014 	.global_init = nl80211_global_init,
14015 	.global_deinit = nl80211_global_deinit,
14016 	.init2 = wpa_driver_nl80211_init,
14017 	.deinit = driver_nl80211_deinit,
14018 	.get_capa = wpa_driver_nl80211_get_capa,
14019 	.set_operstate = wpa_driver_nl80211_set_operstate,
14020 	.set_supp_port = wpa_driver_nl80211_set_supp_port,
14021 	.set_country = wpa_driver_nl80211_set_country,
14022 	.get_country = wpa_driver_nl80211_get_country,
14023 	.set_ap = wpa_driver_nl80211_set_ap,
14024 	.set_acl = wpa_driver_nl80211_set_acl,
14025 	.if_add = wpa_driver_nl80211_if_add,
14026 	.if_remove = driver_nl80211_if_remove,
14027 	.send_mlme = driver_nl80211_send_mlme,
14028 	.get_hw_feature_data = nl80211_get_hw_feature_data,
14029 	.sta_add = wpa_driver_nl80211_sta_add,
14030 	.sta_remove = driver_nl80211_sta_remove,
14031 	.tx_control_port = nl80211_tx_control_port,
14032 	.hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
14033 	.sta_set_flags = wpa_driver_nl80211_sta_set_flags,
14034 	.sta_set_airtime_weight = driver_nl80211_sta_set_airtime_weight,
14035 	.hapd_init = i802_init,
14036 	.hapd_deinit = i802_deinit,
14037 	.set_wds_sta = i802_set_wds_sta,
14038 	.get_seqnum = i802_get_seqnum,
14039 	.flush = i802_flush,
14040 	.get_inact_sec = i802_get_inact_sec,
14041 	.sta_clear_stats = i802_sta_clear_stats,
14042 	.set_rts = i802_set_rts,
14043 	.set_frag = i802_set_frag,
14044 	.set_tx_queue_params = i802_set_tx_queue_params,
14045 	.set_sta_vlan = driver_nl80211_set_sta_vlan,
14046 	.sta_deauth = i802_sta_deauth,
14047 	.sta_disassoc = i802_sta_disassoc,
14048 	.read_sta_data = driver_nl80211_read_sta_data,
14049 	.set_freq = i802_set_freq,
14050 	.send_action = driver_nl80211_send_action,
14051 	.send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait,
14052 	.remain_on_channel = wpa_driver_nl80211_remain_on_channel,
14053 	.cancel_remain_on_channel =
14054 	wpa_driver_nl80211_cancel_remain_on_channel,
14055 	.probe_req_report = driver_nl80211_probe_req_report,
14056 	.deinit_ap = wpa_driver_nl80211_deinit_ap,
14057 	.deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli,
14058 	.resume = wpa_driver_nl80211_resume,
14059 	.signal_monitor = nl80211_signal_monitor,
14060 	.signal_poll = nl80211_signal_poll,
14061 	.mlo_signal_poll = nl80211_mlo_signal_poll,
14062 	.channel_info = nl80211_channel_info,
14063 	.set_param = nl80211_set_param,
14064 	.get_radio_name = nl80211_get_radio_name,
14065 	.add_pmkid = nl80211_add_pmkid,
14066 	.remove_pmkid = nl80211_remove_pmkid,
14067 	.flush_pmkid = nl80211_flush_pmkid,
14068 	.set_rekey_info = nl80211_set_rekey_info,
14069 	.poll_client = nl80211_poll_client,
14070 	.set_p2p_powersave = nl80211_set_p2p_powersave,
14071 	.start_dfs_cac = nl80211_start_radar_detection,
14072 	.stop_ap = wpa_driver_nl80211_stop_ap,
14073 #ifdef CONFIG_TDLS
14074 	.send_tdls_mgmt = nl80211_send_tdls_mgmt,
14075 	.tdls_oper = nl80211_tdls_oper,
14076 	.tdls_enable_channel_switch = nl80211_tdls_enable_channel_switch,
14077 	.tdls_disable_channel_switch = nl80211_tdls_disable_channel_switch,
14078 #endif /* CONFIG_TDLS */
14079 	.update_ft_ies = wpa_driver_nl80211_update_ft_ies,
14080 	.update_dh_ie = nl80211_update_dh_ie,
14081 	.get_mac_addr = wpa_driver_nl80211_get_macaddr,
14082 	.get_survey = wpa_driver_nl80211_get_survey,
14083 	.status = wpa_driver_nl80211_status,
14084 	.switch_channel = nl80211_switch_channel,
14085 #ifdef CONFIG_IEEE80211AX
14086 	.switch_color = nl80211_switch_color,
14087 #endif /* CONFIG_IEEE80211AX */
14088 #ifdef ANDROID_P2P
14089 	.set_noa = wpa_driver_set_p2p_noa,
14090 	.get_noa = wpa_driver_get_p2p_noa,
14091 	.set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie,
14092 #endif /* ANDROID_P2P */
14093 #ifdef ANDROID
14094 #ifndef ANDROID_LIB_STUB
14095 	.driver_cmd = wpa_driver_nl80211_driver_cmd,
14096 #endif /* !ANDROID_LIB_STUB */
14097 #endif /* ANDROID */
14098 	.vendor_cmd = nl80211_vendor_cmd,
14099 	.set_qos_map = nl80211_set_qos_map,
14100 	.get_wowlan = nl80211_get_wowlan,
14101 	.set_wowlan = nl80211_set_wowlan,
14102 	.set_mac_addr = nl80211_set_mac_addr,
14103 #ifdef CONFIG_MESH
14104 	.init_mesh = wpa_driver_nl80211_init_mesh,
14105 	.join_mesh = wpa_driver_nl80211_join_mesh,
14106 	.leave_mesh = wpa_driver_nl80211_leave_mesh,
14107 	.probe_mesh_link = nl80211_probe_mesh_link,
14108 #endif /* CONFIG_MESH */
14109 	.br_add_ip_neigh = wpa_driver_br_add_ip_neigh,
14110 	.br_delete_ip_neigh = wpa_driver_br_delete_ip_neigh,
14111 	.br_port_set_attr = wpa_driver_br_port_set_attr,
14112 	.br_set_net_param = wpa_driver_br_set_net_param,
14113 	.add_tx_ts = nl80211_add_ts,
14114 	.del_tx_ts = nl80211_del_ts,
14115 	.get_ifindex = nl80211_get_ifindex,
14116 #ifdef CONFIG_DRIVER_NL80211_QCA
14117 	.roaming = nl80211_roaming,
14118 	.disable_fils = nl80211_disable_fils,
14119 	.set_band = nl80211_set_band,
14120 	.get_pref_freq_list = nl80211_get_pref_freq_list,
14121 	.set_prob_oper_freq = nl80211_set_prob_oper_freq,
14122 	.p2p_lo_start = nl80211_p2p_lo_start,
14123 	.p2p_lo_stop = nl80211_p2p_lo_stop,
14124 	.set_default_scan_ies = nl80211_set_default_scan_ies,
14125 	.set_tdls_mode = nl80211_set_tdls_mode,
14126 #ifdef CONFIG_MBO
14127 	.get_bss_transition_status = nl80211_get_bss_transition_status,
14128 	.ignore_assoc_disallow = nl80211_ignore_assoc_disallow,
14129 #endif /* CONFIG_MBO */
14130 	.set_bssid_tmp_disallow = nl80211_set_bssid_tmp_disallow,
14131 	.add_sta_node = nl80211_add_sta_node,
14132 #ifdef CONFIG_PASN
14133 	.send_pasn_resp = nl80211_send_pasn_resp,
14134 	.set_secure_ranging_ctx = nl80211_set_secure_ranging_ctx,
14135 #endif /* CONFIG_PASN */
14136 #endif /* CONFIG_DRIVER_NL80211_QCA */
14137 	.do_acs = nl80211_do_acs,
14138 	.configure_data_frame_filters = nl80211_configure_data_frame_filters,
14139 	.get_ext_capab = nl80211_get_ext_capab,
14140 	.get_mld_capab = nl80211_get_mld_capab,
14141 	.update_connect_params = nl80211_update_connection_params,
14142 	.send_external_auth_status = nl80211_send_external_auth_status,
14143 	.set_4addr_mode = nl80211_set_4addr_mode,
14144 #ifdef CONFIG_DPP
14145 	.dpp_listen = nl80211_dpp_listen,
14146 #endif /* CONFIG_DPP */
14147 	.get_sta_mlo_info = nl80211_get_sta_mlo_info,
14148 	.link_add = nl80211_link_add,
14149 #ifdef CONFIG_IEEE80211BE
14150 	.link_remove = driver_nl80211_link_remove,
14151 	.is_drv_shared = nl80211_is_drv_shared,
14152 	.link_sta_remove = wpa_driver_nl80211_link_sta_remove,
14153 #endif /* CONFIG_IEEE80211BE */
14154 #ifdef CONFIG_TESTING_OPTIONS
14155 	.register_frame = testing_nl80211_register_frame,
14156 	.radio_disable = testing_nl80211_radio_disable,
14157 #endif /* CONFIG_TESTING_OPTIONS */
14158 };
14159