xref: /freebsd/contrib/wpa/src/drivers/driver_nl80211.c (revision af23369a6deaaeb612ab266eb88b8bb8d560c322) 
1 /*
2  * Driver interaction with Linux nl80211/cfg80211
3  * Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
4  * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5  * Copyright (c) 2005-2006, Devicescape Software, Inc.
6  * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7  * Copyright (c) 2009-2010, Atheros Communications
8  *
9  * This software may be distributed under the terms of the BSD license.
10  * See README for more details.
11  */
12 
13 #include "includes.h"
14 #include <sys/types.h>
15 #include <fcntl.h>
16 #include <net/if.h>
17 #include <netlink/genl/genl.h>
18 #include <netlink/genl/ctrl.h>
19 #ifdef CONFIG_LIBNL3_ROUTE
20 #include <netlink/route/neighbour.h>
21 #endif /* CONFIG_LIBNL3_ROUTE */
22 #include <linux/rtnetlink.h>
23 #include <netpacket/packet.h>
24 #include <linux/errqueue.h>
25 
26 #include "common.h"
27 #include "eloop.h"
28 #include "common/qca-vendor.h"
29 #include "common/qca-vendor-attr.h"
30 #include "common/brcm_vendor.h"
31 #include "common/ieee802_11_defs.h"
32 #include "common/ieee802_11_common.h"
33 #include "common/wpa_common.h"
34 #include "netlink.h"
35 #include "linux_defines.h"
36 #include "linux_ioctl.h"
37 #include "radiotap.h"
38 #include "radiotap_iter.h"
39 #include "rfkill.h"
40 #include "driver_nl80211.h"
41 
42 
43 #ifndef NETLINK_CAP_ACK
44 #define NETLINK_CAP_ACK 10
45 #endif /* NETLINK_CAP_ACK */
46 /* support for extack if compilation headers are too old */
47 #ifndef NETLINK_EXT_ACK
48 #define NETLINK_EXT_ACK 11
49 enum nlmsgerr_attrs {
50 	NLMSGERR_ATTR_UNUSED,
51 	NLMSGERR_ATTR_MSG,
52 	NLMSGERR_ATTR_OFFS,
53 	NLMSGERR_ATTR_COOKIE,
54 
55 	__NLMSGERR_ATTR_MAX,
56 	NLMSGERR_ATTR_MAX = __NLMSGERR_ATTR_MAX - 1
57 };
58 #endif
59 #ifndef NLM_F_CAPPED
60 #define NLM_F_CAPPED 0x100
61 #endif
62 #ifndef NLM_F_ACK_TLVS
63 #define NLM_F_ACK_TLVS 0x200
64 #endif
65 #ifndef SOL_NETLINK
66 #define SOL_NETLINK 270
67 #endif
68 
69 
70 #ifdef ANDROID
71 /* system/core/libnl_2 does not include nl_socket_set_nonblocking() */
72 #undef nl_socket_set_nonblocking
73 #define nl_socket_set_nonblocking(h) android_nl_socket_set_nonblocking(h)
74 
75 #endif /* ANDROID */
76 
77 
78 static struct nl_sock * nl_create_handle(struct nl_cb *cb, const char *dbg)
79 {
80 	struct nl_sock *handle;
81 
82 	handle = nl_socket_alloc_cb(cb);
83 	if (handle == NULL) {
84 		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
85 			   "callbacks (%s)", dbg);
86 		return NULL;
87 	}
88 
89 	if (genl_connect(handle)) {
90 		wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
91 			   "netlink (%s)", dbg);
92 		nl_socket_free(handle);
93 		return NULL;
94 	}
95 
96 	return handle;
97 }
98 
99 
100 static void nl_destroy_handles(struct nl_sock **handle)
101 {
102 	if (*handle == NULL)
103 		return;
104 	nl_socket_free(*handle);
105 	*handle = NULL;
106 }
107 
108 
109 #if __WORDSIZE == 64
110 #define ELOOP_SOCKET_INVALID	(intptr_t) 0x8888888888888889ULL
111 #else
112 #define ELOOP_SOCKET_INVALID	(intptr_t) 0x88888889ULL
113 #endif
114 
115 static void nl80211_register_eloop_read(struct nl_sock **handle,
116 					eloop_sock_handler handler,
117 					void *eloop_data, int persist)
118 {
119 	/*
120 	 * libnl uses a pretty small buffer (32 kB that gets converted to 64 kB)
121 	 * by default. It is possible to hit that limit in some cases where
122 	 * operations are blocked, e.g., with a burst of Deauthentication frames
123 	 * to hostapd and STA entry deletion. Try to increase the buffer to make
124 	 * this less likely to occur.
125 	 */
126 	int err;
127 
128 	err = nl_socket_set_buffer_size(*handle, 262144, 0);
129 	if (err < 0) {
130 		wpa_printf(MSG_DEBUG,
131 			   "nl80211: Could not set nl_socket RX buffer size: %s",
132 			   nl_geterror(err));
133 		/* continue anyway with the default (smaller) buffer */
134 	}
135 
136 	nl_socket_set_nonblocking(*handle);
137 	eloop_register_read_sock(nl_socket_get_fd(*handle), handler,
138 				 eloop_data, *handle);
139 	if (!persist)
140 		*handle = (void *) (((intptr_t) *handle) ^
141 				    ELOOP_SOCKET_INVALID);
142 }
143 
144 
145 static void nl80211_destroy_eloop_handle(struct nl_sock **handle, int persist)
146 {
147 	if (!persist)
148 		*handle = (void *) (((intptr_t) *handle) ^
149 				    ELOOP_SOCKET_INVALID);
150 	eloop_unregister_read_sock(nl_socket_get_fd(*handle));
151 	nl_destroy_handles(handle);
152 }
153 
154 
155 static void nl80211_global_deinit(void *priv);
156 static void nl80211_check_global(struct nl80211_global *global);
157 
158 static void wpa_driver_nl80211_deinit(struct i802_bss *bss);
159 static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss,
160 					    struct hostapd_freq_params *freq);
161 
162 static int
163 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
164 				   const u8 *set_addr, int first,
165 				   const char *driver_params);
166 static int nl80211_send_frame_cmd(struct i802_bss *bss,
167 				  unsigned int freq, unsigned int wait,
168 				  const u8 *buf, size_t buf_len,
169 				  int save_cookie,
170 				  int no_cck, int no_ack, int offchanok,
171 				  const u16 *csa_offs, size_t csa_offs_len);
172 static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss,
173 					       int report);
174 
175 #define IFIDX_ANY -1
176 
177 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
178 		      int ifidx_reason);
179 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
180 		      int ifidx_reason);
181 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
182 		      int ifidx_reason);
183 
184 static int nl80211_set_channel(struct i802_bss *bss,
185 			       struct hostapd_freq_params *freq, int set_chan);
186 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
187 				     int ifindex, int disabled);
188 
189 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv,
190 			      int reset_mode);
191 
192 static int i802_set_iface_flags(struct i802_bss *bss, int up);
193 static int nl80211_set_param(void *priv, const char *param);
194 #ifdef CONFIG_MESH
195 static int nl80211_put_mesh_config(struct nl_msg *msg,
196 				   struct wpa_driver_mesh_bss_params *params);
197 #endif /* CONFIG_MESH */
198 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
199 			     u16 reason);
200 
201 
202 /* Converts nl80211_chan_width to a common format */
203 enum chan_width convert2width(int width)
204 {
205 	switch (width) {
206 	case NL80211_CHAN_WIDTH_20_NOHT:
207 		return CHAN_WIDTH_20_NOHT;
208 	case NL80211_CHAN_WIDTH_20:
209 		return CHAN_WIDTH_20;
210 	case NL80211_CHAN_WIDTH_40:
211 		return CHAN_WIDTH_40;
212 	case NL80211_CHAN_WIDTH_80:
213 		return CHAN_WIDTH_80;
214 	case NL80211_CHAN_WIDTH_80P80:
215 		return CHAN_WIDTH_80P80;
216 	case NL80211_CHAN_WIDTH_160:
217 		return CHAN_WIDTH_160;
218 	}
219 	return CHAN_WIDTH_UNKNOWN;
220 }
221 
222 
223 int is_ap_interface(enum nl80211_iftype nlmode)
224 {
225 	return nlmode == NL80211_IFTYPE_AP ||
226 		nlmode == NL80211_IFTYPE_P2P_GO;
227 }
228 
229 
230 int is_sta_interface(enum nl80211_iftype nlmode)
231 {
232 	return nlmode == NL80211_IFTYPE_STATION ||
233 		nlmode == NL80211_IFTYPE_P2P_CLIENT;
234 }
235 
236 
237 static int is_p2p_net_interface(enum nl80211_iftype nlmode)
238 {
239 	return nlmode == NL80211_IFTYPE_P2P_CLIENT ||
240 		nlmode == NL80211_IFTYPE_P2P_GO;
241 }
242 
243 
244 struct i802_bss * get_bss_ifindex(struct wpa_driver_nl80211_data *drv,
245 				  int ifindex)
246 {
247 	struct i802_bss *bss;
248 
249 	for (bss = drv->first_bss; bss; bss = bss->next) {
250 		if (bss->ifindex == ifindex)
251 			return bss;
252 	}
253 
254 	return NULL;
255 }
256 
257 
258 static int is_mesh_interface(enum nl80211_iftype nlmode)
259 {
260 	return nlmode == NL80211_IFTYPE_MESH_POINT;
261 }
262 
263 
264 void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv)
265 {
266 	if (drv->associated)
267 		os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN);
268 	drv->associated = 0;
269 	os_memset(drv->bssid, 0, ETH_ALEN);
270 	drv->first_bss->freq = 0;
271 }
272 
273 
274 /* nl80211 code */
275 static int ack_handler(struct nl_msg *msg, void *arg)
276 {
277 	int *err = arg;
278 	*err = 0;
279 	return NL_STOP;
280 }
281 
282 
283 struct nl80211_ack_ext_arg {
284 	int *err;
285 	void *ext_data;
286 };
287 
288 
289 static int ack_handler_cookie(struct nl_msg *msg, void *arg)
290 {
291 	struct nl80211_ack_ext_arg *ext_arg = arg;
292 	struct nlattr *tb[NLMSGERR_ATTR_MAX + 1];
293 	u64 *cookie = ext_arg->ext_data;
294 	struct nlattr *attrs;
295 	size_t ack_len, attr_len;
296 
297 	*ext_arg->err = 0;
298 	ack_len = sizeof(struct nlmsghdr) + sizeof(int) +
299 		sizeof(struct nlmsghdr);
300 	attrs = (struct nlattr *)
301 		((u8 *) nlmsg_data(nlmsg_hdr(msg)) + sizeof(struct nlmsghdr) +
302 		 sizeof(int));
303 	if (nlmsg_hdr(msg)->nlmsg_len <= ack_len)
304 		return NL_STOP;
305 
306 	attr_len = nlmsg_hdr(msg)->nlmsg_len - ack_len;
307 
308 	if(!(nlmsg_hdr(msg)->nlmsg_flags & NLM_F_ACK_TLVS))
309 		return NL_STOP;
310 
311 	nla_parse(tb, NLMSGERR_ATTR_MAX, attrs, attr_len, NULL);
312 	if (tb[NLMSGERR_ATTR_COOKIE])
313 		*cookie = nla_get_u64(tb[NLMSGERR_ATTR_COOKIE]);
314 
315 	return NL_STOP;
316 }
317 
318 
319 static int finish_handler(struct nl_msg *msg, void *arg)
320 {
321 	int *ret = arg;
322 	*ret = 0;
323 	return NL_SKIP;
324 }
325 
326 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
327 			 void *arg)
328 {
329 	struct nlmsghdr *nlh = (struct nlmsghdr *) err - 1;
330 	int len = nlh->nlmsg_len;
331 	struct nlattr *attrs;
332 	struct nlattr *tb[NLMSGERR_ATTR_MAX + 1];
333 	int *ret = arg;
334 	int ack_len = sizeof(*nlh) + sizeof(int) + sizeof(*nlh);
335 
336 	*ret = err->error;
337 
338 	if (!(nlh->nlmsg_flags & NLM_F_ACK_TLVS))
339 		return NL_SKIP;
340 
341 	if (!(nlh->nlmsg_flags & NLM_F_CAPPED))
342 		ack_len += err->msg.nlmsg_len - sizeof(*nlh);
343 
344 	if (len <= ack_len)
345 		return NL_STOP;
346 
347 	attrs = (void *) ((unsigned char *) nlh + ack_len);
348 	len -= ack_len;
349 
350 	nla_parse(tb, NLMSGERR_ATTR_MAX, attrs, len, NULL);
351 	if (tb[NLMSGERR_ATTR_MSG]) {
352 		len = strnlen((char *) nla_data(tb[NLMSGERR_ATTR_MSG]),
353 			      nla_len(tb[NLMSGERR_ATTR_MSG]));
354 		wpa_printf(MSG_ERROR, "nl80211: kernel reports: %*s",
355 			   len, (char *) nla_data(tb[NLMSGERR_ATTR_MSG]));
356 	}
357 
358 	return NL_SKIP;
359 }
360 
361 
362 static int no_seq_check(struct nl_msg *msg, void *arg)
363 {
364 	return NL_OK;
365 }
366 
367 
368 static void nl80211_nlmsg_clear(struct nl_msg *msg)
369 {
370 	/*
371 	 * Clear nlmsg data, e.g., to make sure key material is not left in
372 	 * heap memory for unnecessarily long time.
373 	 */
374 	if (msg) {
375 		struct nlmsghdr *hdr = nlmsg_hdr(msg);
376 		void *data = nlmsg_data(hdr);
377 		/*
378 		 * This would use nlmsg_datalen() or the older nlmsg_len() if
379 		 * only libnl were to maintain a stable API.. Neither will work
380 		 * with all released versions, so just calculate the length
381 		 * here.
382 		 */
383 		int len = hdr->nlmsg_len - NLMSG_HDRLEN;
384 
385 		os_memset(data, 0, len);
386 	}
387 }
388 
389 
390 static int send_and_recv(struct nl80211_global *global,
391 			 struct nl_sock *nl_handle, struct nl_msg *msg,
392 			 int (*valid_handler)(struct nl_msg *, void *),
393 			 void *valid_data,
394 			 int (*ack_handler_custom)(struct nl_msg *, void *),
395 			 void *ack_data)
396 {
397 	struct nl_cb *cb;
398 	int err = -ENOMEM, opt;
399 
400 	if (!msg)
401 		return -ENOMEM;
402 
403 	cb = nl_cb_clone(global->nl_cb);
404 	if (!cb)
405 		goto out;
406 
407 	/* try to set NETLINK_EXT_ACK to 1, ignoring errors */
408 	opt = 1;
409 	setsockopt(nl_socket_get_fd(nl_handle), SOL_NETLINK,
410 		   NETLINK_EXT_ACK, &opt, sizeof(opt));
411 
412 	/* try to set NETLINK_CAP_ACK to 1, ignoring errors */
413 	opt = 1;
414 	setsockopt(nl_socket_get_fd(nl_handle), SOL_NETLINK,
415 		   NETLINK_CAP_ACK, &opt, sizeof(opt));
416 
417 	err = nl_send_auto_complete(nl_handle, msg);
418 	if (err < 0) {
419 		wpa_printf(MSG_INFO,
420 			   "nl80211: nl_send_auto_complete() failed: %s",
421 			   nl_geterror(err));
422 		/* Need to convert libnl error code to an errno value. For now,
423 		 * just hardcode this to EBADF; the real error reason is shown
424 		 * in that error print above. */
425 		err = -EBADF;
426 		goto out;
427 	}
428 
429 	err = 1;
430 
431 	nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
432 	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
433 	if (ack_handler_custom) {
434 		struct nl80211_ack_ext_arg *ext_arg = ack_data;
435 
436 		ext_arg->err = &err;
437 		nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM,
438 			  ack_handler_custom, ack_data);
439 	} else {
440 		nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
441 	}
442 
443 	if (valid_handler)
444 		nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
445 			  valid_handler, valid_data);
446 
447 	while (err > 0) {
448 		int res = nl_recvmsgs(nl_handle, cb);
449 
450 		if (res == -NLE_DUMP_INTR) {
451 			/* Most likely one of the nl80211 dump routines hit a
452 			 * case where internal results changed while the dump
453 			 * was being sent. The most common known case for this
454 			 * is scan results fetching while associated were every
455 			 * received Beacon frame from the AP may end up
456 			 * incrementing bss_generation. This
457 			 * NL80211_CMD_GET_SCAN case tries again in the caller;
458 			 * other cases (of which there are no known common ones)
459 			 * will stop and return an error. */
460 			wpa_printf(MSG_DEBUG, "nl80211: %s; convert to -EAGAIN",
461 				   nl_geterror(res));
462 			err = -EAGAIN;
463 		} else if (res < 0) {
464 			wpa_printf(MSG_INFO,
465 				   "nl80211: %s->nl_recvmsgs failed: %d (%s)",
466 				   __func__, res, nl_geterror(res));
467 		}
468 	}
469  out:
470 	nl_cb_put(cb);
471 	/* Always clear the message as it can potentially contain keys */
472 	nl80211_nlmsg_clear(msg);
473 	nlmsg_free(msg);
474 	return err;
475 }
476 
477 
478 int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
479 		       struct nl_msg *msg,
480 		       int (*valid_handler)(struct nl_msg *, void *),
481 		       void *valid_data,
482 		       int (*ack_handler_custom)(struct nl_msg *, void *),
483 		       void *ack_data)
484 {
485 	return send_and_recv(drv->global, drv->global->nl, msg,
486 			     valid_handler, valid_data,
487 			     ack_handler_custom, ack_data);
488 }
489 
490 
491 /* Use this method to mark that it is necessary to own the connection/interface
492  * for this operation.
493  * handle may be set to NULL, to get the same behavior as send_and_recv_msgs().
494  * set_owner can be used to mark this socket for receiving control port frames.
495  */
496 static int send_and_recv_msgs_owner(struct wpa_driver_nl80211_data *drv,
497 				    struct nl_msg *msg,
498 				    struct nl_sock *handle, int set_owner,
499 				    int (*valid_handler)(struct nl_msg *,
500 							 void *),
501 				    void *valid_data,
502 				    int (*ack_handler_custom)(struct nl_msg *,
503 							      void *),
504 				    void *ack_data)
505 {
506 	if (!msg)
507 		return -ENOMEM;
508 
509 	/* Control port over nl80211 needs the flags and attributes below.
510 	 *
511 	 * The Linux kernel has initial checks for them (in nl80211.c) like:
512 	 *     validate_pae_over_nl80211(...)
513 	 * or final checks like:
514 	 *     dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid
515 	 *
516 	 * Final operations (e.g., disassociate) don't need to set these
517 	 * attributes, but they have to be performed on the socket, which has
518 	 * the connection owner property set in the kernel.
519 	 */
520 	if ((drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) &&
521 	    handle && set_owner &&
522 	    (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_OVER_NL80211) ||
523 	     nla_put_flag(msg, NL80211_ATTR_SOCKET_OWNER) ||
524 	     nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, ETH_P_PAE) ||
525 	     nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_PREAUTH)))
526 		return -1;
527 
528 	return send_and_recv(drv->global, handle ? handle : drv->global->nl,
529 			     msg, valid_handler, valid_data,
530 			     ack_handler_custom, ack_data);
531 }
532 
533 
534 static int
535 send_and_recv_msgs_connect_handle(struct wpa_driver_nl80211_data *drv,
536 				  struct nl_msg *msg, struct i802_bss *bss,
537 				  int set_owner)
538 {
539 	struct nl_sock *nl_connect = get_connect_handle(bss);
540 
541 	if (nl_connect)
542 		return send_and_recv_msgs_owner(drv, msg, nl_connect, set_owner,
543 						process_bss_event, bss, NULL,
544 						NULL);
545 	else
546 		return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
547 }
548 
549 
550 struct nl_sock * get_connect_handle(struct i802_bss *bss)
551 {
552 	if ((bss->drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) ||
553 	    bss->use_nl_connect)
554 		return bss->nl_connect;
555 
556 	return NULL;
557 }
558 
559 
560 struct family_data {
561 	const char *group;
562 	int id;
563 };
564 
565 
566 static int family_handler(struct nl_msg *msg, void *arg)
567 {
568 	struct family_data *res = arg;
569 	struct nlattr *tb[CTRL_ATTR_MAX + 1];
570 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
571 	struct nlattr *mcgrp;
572 	int i;
573 
574 	nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
575 		  genlmsg_attrlen(gnlh, 0), NULL);
576 	if (!tb[CTRL_ATTR_MCAST_GROUPS])
577 		return NL_SKIP;
578 
579 	nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
580 		struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
581 		nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
582 			  nla_len(mcgrp), NULL);
583 		if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
584 		    !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
585 		    os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
586 			       res->group,
587 			       nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
588 			continue;
589 		res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
590 		break;
591 	};
592 
593 	return NL_SKIP;
594 }
595 
596 
597 static int nl_get_multicast_id(struct nl80211_global *global,
598 			       const char *family, const char *group)
599 {
600 	struct nl_msg *msg;
601 	int ret;
602 	struct family_data res = { group, -ENOENT };
603 
604 	msg = nlmsg_alloc();
605 	if (!msg)
606 		return -ENOMEM;
607 	if (!genlmsg_put(msg, 0, 0, global->nlctrl_id,
608 			 0, 0, CTRL_CMD_GETFAMILY, 0) ||
609 	    nla_put_string(msg, CTRL_ATTR_FAMILY_NAME, family)) {
610 		nlmsg_free(msg);
611 		return -1;
612 	}
613 
614 	ret = send_and_recv(global, global->nl, msg, family_handler, &res,
615 			    NULL, NULL);
616 	if (ret == 0)
617 		ret = res.id;
618 	return ret;
619 }
620 
621 
622 void * nl80211_cmd(struct wpa_driver_nl80211_data *drv,
623 		   struct nl_msg *msg, int flags, uint8_t cmd)
624 {
625 	if (TEST_FAIL())
626 		return NULL;
627 	return genlmsg_put(msg, 0, 0, drv->global->nl80211_id,
628 			   0, flags, cmd, 0);
629 }
630 
631 
632 static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss)
633 {
634 	if (bss->wdev_id_set)
635 		return nla_put_u64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
636 	return nla_put_u32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
637 }
638 
639 
640 struct nl_msg * nl80211_cmd_msg(struct i802_bss *bss, int flags, uint8_t cmd)
641 {
642 	struct nl_msg *msg;
643 
644 	msg = nlmsg_alloc();
645 	if (!msg)
646 		return NULL;
647 
648 	if (!nl80211_cmd(bss->drv, msg, flags, cmd) ||
649 	    nl80211_set_iface_id(msg, bss) < 0) {
650 		nlmsg_free(msg);
651 		return NULL;
652 	}
653 
654 	return msg;
655 }
656 
657 
658 static struct nl_msg *
659 nl80211_ifindex_msg_build(struct wpa_driver_nl80211_data *drv,
660 			  struct nl_msg *msg, int ifindex, int flags,
661 			  uint8_t cmd)
662 {
663 	if (!msg)
664 		return NULL;
665 
666 	if (!nl80211_cmd(drv, msg, flags, cmd) ||
667 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, ifindex)) {
668 		nlmsg_free(msg);
669 		return NULL;
670 	}
671 
672 	return msg;
673 }
674 
675 
676 static struct nl_msg *
677 nl80211_ifindex_msg(struct wpa_driver_nl80211_data *drv, int ifindex,
678 		    int flags, uint8_t cmd)
679 {
680 	return nl80211_ifindex_msg_build(drv, nlmsg_alloc(), ifindex, flags,
681 					 cmd);
682 }
683 
684 
685 struct nl_msg * nl80211_drv_msg(struct wpa_driver_nl80211_data *drv, int flags,
686 				uint8_t cmd)
687 {
688 	return nl80211_ifindex_msg(drv, drv->ifindex, flags, cmd);
689 }
690 
691 
692 struct nl_msg * nl80211_bss_msg(struct i802_bss *bss, int flags, uint8_t cmd)
693 {
694 	return nl80211_ifindex_msg(bss->drv, bss->ifindex, flags, cmd);
695 }
696 
697 
698 struct wiphy_idx_data {
699 	int wiphy_idx;
700 	enum nl80211_iftype nlmode;
701 	u8 *macaddr;
702 	u8 use_4addr;
703 };
704 
705 
706 static int netdev_info_handler(struct nl_msg *msg, void *arg)
707 {
708 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
709 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
710 	struct wiphy_idx_data *info = arg;
711 
712 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
713 		  genlmsg_attrlen(gnlh, 0), NULL);
714 
715 	if (tb[NL80211_ATTR_WIPHY])
716 		info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
717 
718 	if (tb[NL80211_ATTR_IFTYPE])
719 		info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]);
720 
721 	if (tb[NL80211_ATTR_MAC] && info->macaddr)
722 		os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
723 			  ETH_ALEN);
724 
725 	if (tb[NL80211_ATTR_4ADDR])
726 		info->use_4addr = nla_get_u8(tb[NL80211_ATTR_4ADDR]);
727 
728 	return NL_SKIP;
729 }
730 
731 
732 int nl80211_get_wiphy_index(struct i802_bss *bss)
733 {
734 	struct nl_msg *msg;
735 	struct wiphy_idx_data data = {
736 		.wiphy_idx = -1,
737 		.macaddr = NULL,
738 	};
739 
740 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)))
741 		return -1;
742 
743 	if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data,
744 			       NULL, NULL) == 0)
745 		return data.wiphy_idx;
746 	return -1;
747 }
748 
749 
750 static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss)
751 {
752 	struct nl_msg *msg;
753 	struct wiphy_idx_data data = {
754 		.nlmode = NL80211_IFTYPE_UNSPECIFIED,
755 		.macaddr = NULL,
756 	};
757 
758 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)))
759 		return NL80211_IFTYPE_UNSPECIFIED;
760 
761 	if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data,
762 			       NULL, NULL) == 0)
763 		return data.nlmode;
764 	return NL80211_IFTYPE_UNSPECIFIED;
765 }
766 
767 
768 static int nl80211_get_macaddr(struct i802_bss *bss)
769 {
770 	struct nl_msg *msg;
771 	struct wiphy_idx_data data = {
772 		.macaddr = bss->addr,
773 	};
774 
775 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)))
776 		return -1;
777 
778 	return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data,
779 				  NULL, NULL);
780 }
781 
782 
783 static int nl80211_get_4addr(struct i802_bss *bss)
784 {
785 	struct nl_msg *msg;
786 	struct wiphy_idx_data data = {
787 		.use_4addr = 0,
788 	};
789 
790 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)) ||
791 	    send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data,
792 			       NULL, NULL))
793 		return -1;
794 	return data.use_4addr;
795 }
796 
797 
798 static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv,
799 				    struct nl80211_wiphy_data *w)
800 {
801 	struct nl_msg *msg;
802 	int ret;
803 
804 	msg = nlmsg_alloc();
805 	if (!msg)
806 		return -1;
807 
808 	if (!nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS) ||
809 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx)) {
810 		nlmsg_free(msg);
811 		return -1;
812 	}
813 
814 	ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL,
815 			    NULL, NULL);
816 	if (ret) {
817 		wpa_printf(MSG_DEBUG, "nl80211: Register beacons command "
818 			   "failed: ret=%d (%s)",
819 			   ret, strerror(-ret));
820 	}
821 	return ret;
822 }
823 
824 
825 static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle)
826 {
827 	struct nl80211_wiphy_data *w = eloop_ctx;
828 	int res;
829 
830 	wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available");
831 
832 	res = nl_recvmsgs(handle, w->nl_cb);
833 	if (res < 0) {
834 		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
835 			   __func__, res);
836 	}
837 }
838 
839 
840 static int process_beacon_event(struct nl_msg *msg, void *arg)
841 {
842 	struct nl80211_wiphy_data *w = arg;
843 	struct wpa_driver_nl80211_data *drv;
844 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
845 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
846 	union wpa_event_data event;
847 
848 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
849 		  genlmsg_attrlen(gnlh, 0), NULL);
850 
851 	if (gnlh->cmd != NL80211_CMD_FRAME) {
852 		wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)",
853 			   gnlh->cmd);
854 		return NL_SKIP;
855 	}
856 
857 	if (!tb[NL80211_ATTR_FRAME])
858 		return NL_SKIP;
859 
860 	dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data,
861 			 wiphy_list) {
862 		os_memset(&event, 0, sizeof(event));
863 		event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]);
864 		event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]);
865 		wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
866 	}
867 
868 	return NL_SKIP;
869 }
870 
871 
872 static struct nl80211_wiphy_data *
873 nl80211_get_wiphy_data_ap(struct i802_bss *bss)
874 {
875 	static DEFINE_DL_LIST(nl80211_wiphys);
876 	struct nl80211_wiphy_data *w;
877 	int wiphy_idx, found = 0;
878 	struct i802_bss *tmp_bss;
879 	u8 channel;
880 
881 	if (bss->wiphy_data != NULL)
882 		return bss->wiphy_data;
883 
884 	wiphy_idx = nl80211_get_wiphy_index(bss);
885 
886 	dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) {
887 		if (w->wiphy_idx == wiphy_idx)
888 			goto add;
889 	}
890 
891 	/* alloc new one */
892 	w = os_zalloc(sizeof(*w));
893 	if (w == NULL)
894 		return NULL;
895 	w->wiphy_idx = wiphy_idx;
896 	dl_list_init(&w->bsss);
897 	dl_list_init(&w->drvs);
898 
899 	/* Beacon frames not supported in IEEE 802.11ad */
900 	if (ieee80211_freq_to_chan(bss->freq, &channel) !=
901 	    HOSTAPD_MODE_IEEE80211AD) {
902 		w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
903 		if (!w->nl_cb) {
904 			os_free(w);
905 			return NULL;
906 		}
907 		nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
908 			  no_seq_check, NULL);
909 		nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
910 			  process_beacon_event, w);
911 
912 		w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb,
913 						 "wiphy beacons");
914 		if (w->nl_beacons == NULL) {
915 			os_free(w);
916 			return NULL;
917 		}
918 
919 		if (nl80211_register_beacons(bss->drv, w)) {
920 			nl_destroy_handles(&w->nl_beacons);
921 			os_free(w);
922 			return NULL;
923 		}
924 
925 		nl80211_register_eloop_read(&w->nl_beacons,
926 					    nl80211_recv_beacons, w, 0);
927 	}
928 
929 	dl_list_add(&nl80211_wiphys, &w->list);
930 
931 add:
932 	/* drv entry for this bss already there? */
933 	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
934 		if (tmp_bss->drv == bss->drv) {
935 			found = 1;
936 			break;
937 		}
938 	}
939 	/* if not add it */
940 	if (!found)
941 		dl_list_add(&w->drvs, &bss->drv->wiphy_list);
942 
943 	dl_list_add(&w->bsss, &bss->wiphy_list);
944 	bss->wiphy_data = w;
945 	return w;
946 }
947 
948 
949 static void nl80211_put_wiphy_data_ap(struct i802_bss *bss)
950 {
951 	struct nl80211_wiphy_data *w = bss->wiphy_data;
952 	struct i802_bss *tmp_bss;
953 	int found = 0;
954 
955 	if (w == NULL)
956 		return;
957 	bss->wiphy_data = NULL;
958 	dl_list_del(&bss->wiphy_list);
959 
960 	/* still any for this drv present? */
961 	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
962 		if (tmp_bss->drv == bss->drv) {
963 			found = 1;
964 			break;
965 		}
966 	}
967 	/* if not remove it */
968 	if (!found)
969 		dl_list_del(&bss->drv->wiphy_list);
970 
971 	if (!dl_list_empty(&w->bsss))
972 		return;
973 
974 	if (w->nl_beacons)
975 		nl80211_destroy_eloop_handle(&w->nl_beacons, 0);
976 
977 	nl_cb_put(w->nl_cb);
978 	dl_list_del(&w->list);
979 	os_free(w);
980 }
981 
982 
983 static unsigned int nl80211_get_ifindex(void *priv)
984 {
985 	struct i802_bss *bss = priv;
986 	struct wpa_driver_nl80211_data *drv = bss->drv;
987 
988 	return drv->ifindex;
989 }
990 
991 
992 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
993 {
994 	struct i802_bss *bss = priv;
995 	struct wpa_driver_nl80211_data *drv = bss->drv;
996 	if (!drv->associated)
997 		return -1;
998 	os_memcpy(bssid, drv->bssid, ETH_ALEN);
999 	return 0;
1000 }
1001 
1002 
1003 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
1004 {
1005 	struct i802_bss *bss = priv;
1006 	struct wpa_driver_nl80211_data *drv = bss->drv;
1007 	if (!drv->associated)
1008 		return -1;
1009 	os_memcpy(ssid, drv->ssid, drv->ssid_len);
1010 	return drv->ssid_len;
1011 }
1012 
1013 
1014 static void wpa_driver_nl80211_event_newlink(
1015 	struct nl80211_global *global, struct wpa_driver_nl80211_data *drv,
1016 	int ifindex, const char *ifname)
1017 {
1018 	union wpa_event_data event;
1019 
1020 	if (drv && os_strcmp(drv->first_bss->ifname, ifname) == 0) {
1021 		if (if_nametoindex(drv->first_bss->ifname) == 0) {
1022 			wpa_printf(MSG_DEBUG, "nl80211: Interface %s does not exist - ignore RTM_NEWLINK",
1023 				   drv->first_bss->ifname);
1024 			return;
1025 		}
1026 		if (!drv->if_removed)
1027 			return;
1028 		wpa_printf(MSG_DEBUG, "nl80211: Mark if_removed=0 for %s based on RTM_NEWLINK event",
1029 			   drv->first_bss->ifname);
1030 		drv->if_removed = 0;
1031 	}
1032 
1033 	os_memset(&event, 0, sizeof(event));
1034 	event.interface_status.ifindex = ifindex;
1035 	os_strlcpy(event.interface_status.ifname, ifname,
1036 		   sizeof(event.interface_status.ifname));
1037 	event.interface_status.ievent = EVENT_INTERFACE_ADDED;
1038 	if (drv)
1039 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
1040 	else
1041 		wpa_supplicant_event_global(global->ctx, EVENT_INTERFACE_STATUS,
1042 					    &event);
1043 }
1044 
1045 
1046 static void wpa_driver_nl80211_event_dellink(
1047 	struct nl80211_global *global, struct wpa_driver_nl80211_data *drv,
1048 	int ifindex, const char *ifname)
1049 {
1050 	union wpa_event_data event;
1051 
1052 	if (drv && os_strcmp(drv->first_bss->ifname, ifname) == 0) {
1053 		if (drv->if_removed) {
1054 			wpa_printf(MSG_DEBUG, "nl80211: if_removed already set - ignore RTM_DELLINK event for %s",
1055 				   ifname);
1056 			return;
1057 		}
1058 		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed - mark if_removed=1",
1059 			   ifname);
1060 		drv->if_removed = 1;
1061 	} else {
1062 		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed",
1063 			   ifname);
1064 	}
1065 
1066 	os_memset(&event, 0, sizeof(event));
1067 	event.interface_status.ifindex = ifindex;
1068 	os_strlcpy(event.interface_status.ifname, ifname,
1069 		   sizeof(event.interface_status.ifname));
1070 	event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
1071 	if (drv)
1072 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
1073 	else
1074 		wpa_supplicant_event_global(global->ctx, EVENT_INTERFACE_STATUS,
1075 					    &event);
1076 }
1077 
1078 
1079 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
1080 					 u8 *buf, size_t len)
1081 {
1082 	int attrlen, rta_len;
1083 	struct rtattr *attr;
1084 
1085 	attrlen = len;
1086 	attr = (struct rtattr *) buf;
1087 
1088 	rta_len = RTA_ALIGN(sizeof(struct rtattr));
1089 	while (RTA_OK(attr, attrlen)) {
1090 		if (attr->rta_type == IFLA_IFNAME) {
1091 			if (os_strcmp(((char *) attr) + rta_len,
1092 				      drv->first_bss->ifname) == 0)
1093 				return 1;
1094 			else
1095 				break;
1096 		}
1097 		attr = RTA_NEXT(attr, attrlen);
1098 	}
1099 
1100 	return 0;
1101 }
1102 
1103 
1104 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
1105 					  int ifindex, u8 *buf, size_t len)
1106 {
1107 	if (drv->ifindex == ifindex)
1108 		return 1;
1109 
1110 	if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
1111 		nl80211_check_global(drv->global);
1112 		wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
1113 			   "interface");
1114 		if (wpa_driver_nl80211_finish_drv_init(drv, NULL, 0, NULL) < 0)
1115 			return -1;
1116 		return 1;
1117 	}
1118 
1119 	return 0;
1120 }
1121 
1122 
1123 static struct wpa_driver_nl80211_data *
1124 nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len,
1125 		 int *init_failed)
1126 {
1127 	struct wpa_driver_nl80211_data *drv;
1128 	int res;
1129 
1130 	if (init_failed)
1131 		*init_failed = 0;
1132 	dl_list_for_each(drv, &global->interfaces,
1133 			 struct wpa_driver_nl80211_data, list) {
1134 		res = wpa_driver_nl80211_own_ifindex(drv, idx, buf, len);
1135 		if (res < 0) {
1136 			wpa_printf(MSG_DEBUG,
1137 				   "nl80211: Found matching own interface, but failed to complete reinitialization");
1138 			if (init_failed)
1139 				*init_failed = 1;
1140 			return drv;
1141 		}
1142 		if (res > 0 || have_ifidx(drv, idx, IFIDX_ANY))
1143 			return drv;
1144 	}
1145 	return NULL;
1146 }
1147 
1148 
1149 static void nl80211_refresh_mac(struct wpa_driver_nl80211_data *drv,
1150 				int ifindex, int notify)
1151 {
1152 	struct i802_bss *bss;
1153 	u8 addr[ETH_ALEN];
1154 
1155 	bss = get_bss_ifindex(drv, ifindex);
1156 	if (bss &&
1157 	    linux_get_ifhwaddr(drv->global->ioctl_sock,
1158 			       bss->ifname, addr) < 0) {
1159 		wpa_printf(MSG_DEBUG,
1160 			   "nl80211: %s: failed to re-read MAC address",
1161 			   bss->ifname);
1162 	} else if (bss && os_memcmp(addr, bss->addr, ETH_ALEN) != 0) {
1163 		wpa_printf(MSG_DEBUG,
1164 			   "nl80211: Own MAC address on ifindex %d (%s) changed from "
1165 			   MACSTR " to " MACSTR,
1166 			   ifindex, bss->ifname,
1167 			   MAC2STR(bss->addr), MAC2STR(addr));
1168 		os_memcpy(bss->addr, addr, ETH_ALEN);
1169 		if (notify)
1170 			wpa_supplicant_event(drv->ctx,
1171 					     EVENT_INTERFACE_MAC_CHANGED, NULL);
1172 	}
1173 }
1174 
1175 
1176 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
1177 						 struct ifinfomsg *ifi,
1178 						 u8 *buf, size_t len)
1179 {
1180 	struct nl80211_global *global = ctx;
1181 	struct wpa_driver_nl80211_data *drv;
1182 	int attrlen;
1183 	struct rtattr *attr;
1184 	u32 brid = 0;
1185 	char namebuf[IFNAMSIZ];
1186 	char ifname[IFNAMSIZ + 1];
1187 	char extra[100], *pos, *end;
1188 	int init_failed;
1189 
1190 	extra[0] = '\0';
1191 	pos = extra;
1192 	end = pos + sizeof(extra);
1193 	ifname[0] = '\0';
1194 
1195 	attrlen = len;
1196 	attr = (struct rtattr *) buf;
1197 	while (RTA_OK(attr, attrlen)) {
1198 		switch (attr->rta_type) {
1199 		case IFLA_IFNAME:
1200 			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
1201 				break;
1202 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
1203 			ifname[RTA_PAYLOAD(attr)] = '\0';
1204 			break;
1205 		case IFLA_MASTER:
1206 			brid = nla_get_u32((struct nlattr *) attr);
1207 			pos += os_snprintf(pos, end - pos, " master=%u", brid);
1208 			break;
1209 		case IFLA_WIRELESS:
1210 			pos += os_snprintf(pos, end - pos, " wext");
1211 			break;
1212 		case IFLA_OPERSTATE:
1213 			pos += os_snprintf(pos, end - pos, " operstate=%u",
1214 					   nla_get_u32((struct nlattr *) attr));
1215 			break;
1216 		case IFLA_LINKMODE:
1217 			pos += os_snprintf(pos, end - pos, " linkmode=%u",
1218 					   nla_get_u32((struct nlattr *) attr));
1219 			break;
1220 		}
1221 		attr = RTA_NEXT(attr, attrlen);
1222 	}
1223 	extra[sizeof(extra) - 1] = '\0';
1224 
1225 	wpa_printf(MSG_DEBUG, "RTM_NEWLINK: ifi_index=%d ifname=%s%s ifi_family=%d ifi_flags=0x%x (%s%s%s%s)",
1226 		   ifi->ifi_index, ifname, extra, ifi->ifi_family,
1227 		   ifi->ifi_flags,
1228 		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
1229 		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
1230 		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
1231 		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
1232 
1233 	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len, &init_failed);
1234 	if (!drv)
1235 		goto event_newlink;
1236 	if (init_failed)
1237 		return; /* do not update interface state */
1238 
1239 	if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
1240 		namebuf[0] = '\0';
1241 		if (if_indextoname(ifi->ifi_index, namebuf) &&
1242 		    linux_iface_up(drv->global->ioctl_sock, namebuf) > 0) {
1243 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1244 				   "event since interface %s is up", namebuf);
1245 			drv->ignore_if_down_event = 0;
1246 			/* Re-read MAC address as it may have changed */
1247 			nl80211_refresh_mac(drv, ifi->ifi_index, 1);
1248 			return;
1249 		}
1250 		wpa_printf(MSG_DEBUG, "nl80211: Interface down (%s/%s)",
1251 			   namebuf, ifname);
1252 		if (os_strcmp(drv->first_bss->ifname, ifname) != 0) {
1253 			wpa_printf(MSG_DEBUG,
1254 				   "nl80211: Not the main interface (%s) - do not indicate interface down",
1255 				   drv->first_bss->ifname);
1256 		} else if (drv->ignore_if_down_event) {
1257 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1258 				   "event generated by mode change");
1259 			drv->ignore_if_down_event = 0;
1260 		} else {
1261 			drv->if_disabled = 1;
1262 			wpa_supplicant_event(drv->ctx,
1263 					     EVENT_INTERFACE_DISABLED, NULL);
1264 
1265 			/*
1266 			 * Try to get drv again, since it may be removed as
1267 			 * part of the EVENT_INTERFACE_DISABLED handling for
1268 			 * dynamic interfaces
1269 			 */
1270 			drv = nl80211_find_drv(global, ifi->ifi_index,
1271 					       buf, len, NULL);
1272 			if (!drv)
1273 				return;
1274 		}
1275 	}
1276 
1277 	if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
1278 		namebuf[0] = '\0';
1279 		if (if_indextoname(ifi->ifi_index, namebuf) &&
1280 		    linux_iface_up(drv->global->ioctl_sock, namebuf) == 0) {
1281 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1282 				   "event since interface %s is down",
1283 				   namebuf);
1284 			return;
1285 		}
1286 		wpa_printf(MSG_DEBUG, "nl80211: Interface up (%s/%s)",
1287 			   namebuf, ifname);
1288 		if (os_strcmp(drv->first_bss->ifname, ifname) != 0) {
1289 			wpa_printf(MSG_DEBUG,
1290 				   "nl80211: Not the main interface (%s) - do not indicate interface up",
1291 				   drv->first_bss->ifname);
1292 		} else if (if_nametoindex(drv->first_bss->ifname) == 0) {
1293 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1294 				   "event since interface %s does not exist",
1295 				   drv->first_bss->ifname);
1296 		} else if (drv->if_removed) {
1297 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1298 				   "event since interface %s is marked "
1299 				   "removed", drv->first_bss->ifname);
1300 		} else {
1301 			/* Re-read MAC address as it may have changed */
1302 			nl80211_refresh_mac(drv, ifi->ifi_index, 0);
1303 
1304 			drv->if_disabled = 0;
1305 			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
1306 					     NULL);
1307 		}
1308 	}
1309 
1310 	/*
1311 	 * Some drivers send the association event before the operup event--in
1312 	 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
1313 	 * fails. This will hit us when wpa_supplicant does not need to do
1314 	 * IEEE 802.1X authentication
1315 	 */
1316 	if (drv->operstate == 1 &&
1317 	    (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
1318 	    !(ifi->ifi_flags & IFF_RUNNING)) {
1319 		wpa_printf(MSG_DEBUG, "nl80211: Set IF_OPER_UP again based on ifi_flags and expected operstate");
1320 		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
1321 				       -1, IF_OPER_UP);
1322 	}
1323 
1324 event_newlink:
1325 	if (ifname[0])
1326 		wpa_driver_nl80211_event_newlink(global, drv, ifi->ifi_index,
1327 						 ifname);
1328 
1329 	if (ifi->ifi_family == AF_BRIDGE && brid && drv) {
1330 		struct i802_bss *bss;
1331 
1332 		/* device has been added to bridge */
1333 		if (!if_indextoname(brid, namebuf)) {
1334 			wpa_printf(MSG_DEBUG,
1335 				   "nl80211: Could not find bridge ifname for ifindex %u",
1336 				   brid);
1337 			return;
1338 		}
1339 		wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
1340 			   brid, namebuf);
1341 		add_ifidx(drv, brid, ifi->ifi_index);
1342 
1343 		for (bss = drv->first_bss; bss; bss = bss->next) {
1344 			if (os_strcmp(ifname, bss->ifname) == 0) {
1345 				os_strlcpy(bss->brname, namebuf, IFNAMSIZ);
1346 				break;
1347 			}
1348 		}
1349 	}
1350 }
1351 
1352 
1353 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
1354 						 struct ifinfomsg *ifi,
1355 						 u8 *buf, size_t len)
1356 {
1357 	struct nl80211_global *global = ctx;
1358 	struct wpa_driver_nl80211_data *drv;
1359 	int attrlen;
1360 	struct rtattr *attr;
1361 	u32 brid = 0;
1362 	char ifname[IFNAMSIZ + 1];
1363 	char extra[100], *pos, *end;
1364 
1365 	extra[0] = '\0';
1366 	pos = extra;
1367 	end = pos + sizeof(extra);
1368 	ifname[0] = '\0';
1369 
1370 	attrlen = len;
1371 	attr = (struct rtattr *) buf;
1372 	while (RTA_OK(attr, attrlen)) {
1373 		switch (attr->rta_type) {
1374 		case IFLA_IFNAME:
1375 			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
1376 				break;
1377 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
1378 			ifname[RTA_PAYLOAD(attr)] = '\0';
1379 			break;
1380 		case IFLA_MASTER:
1381 			brid = nla_get_u32((struct nlattr *) attr);
1382 			pos += os_snprintf(pos, end - pos, " master=%u", brid);
1383 			break;
1384 		case IFLA_OPERSTATE:
1385 			pos += os_snprintf(pos, end - pos, " operstate=%u",
1386 					   nla_get_u32((struct nlattr *) attr));
1387 			break;
1388 		case IFLA_LINKMODE:
1389 			pos += os_snprintf(pos, end - pos, " linkmode=%u",
1390 					   nla_get_u32((struct nlattr *) attr));
1391 			break;
1392 		}
1393 		attr = RTA_NEXT(attr, attrlen);
1394 	}
1395 	extra[sizeof(extra) - 1] = '\0';
1396 
1397 	wpa_printf(MSG_DEBUG, "RTM_DELLINK: ifi_index=%d ifname=%s%s ifi_family=%d ifi_flags=0x%x (%s%s%s%s)",
1398 		   ifi->ifi_index, ifname, extra, ifi->ifi_family,
1399 		   ifi->ifi_flags,
1400 		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
1401 		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
1402 		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
1403 		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
1404 
1405 	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len, NULL);
1406 
1407 	if (ifi->ifi_family == AF_BRIDGE && brid && drv) {
1408 		/* device has been removed from bridge */
1409 		char namebuf[IFNAMSIZ];
1410 
1411 		if (!if_indextoname(brid, namebuf)) {
1412 			wpa_printf(MSG_DEBUG,
1413 				   "nl80211: Could not find bridge ifname for ifindex %u",
1414 				   brid);
1415 		} else {
1416 			wpa_printf(MSG_DEBUG,
1417 				   "nl80211: Remove ifindex %u for bridge %s",
1418 				   brid, namebuf);
1419 		}
1420 		del_ifidx(drv, brid, ifi->ifi_index);
1421 	}
1422 
1423 	if (ifi->ifi_family != AF_BRIDGE || !brid)
1424 		wpa_driver_nl80211_event_dellink(global, drv, ifi->ifi_index,
1425 						 ifname);
1426 }
1427 
1428 
1429 struct nl80211_get_assoc_freq_arg {
1430 	struct wpa_driver_nl80211_data *drv;
1431 	unsigned int assoc_freq;
1432 	unsigned int ibss_freq;
1433 	u8 assoc_bssid[ETH_ALEN];
1434 	u8 assoc_ssid[SSID_MAX_LEN];
1435 	u8 assoc_ssid_len;
1436 };
1437 
1438 static int nl80211_get_assoc_freq_handler(struct nl_msg *msg, void *arg)
1439 {
1440 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
1441 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1442 	struct nlattr *bss[NL80211_BSS_MAX + 1];
1443 	static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
1444 		[NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
1445 		[NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
1446 		[NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
1447 		[NL80211_BSS_STATUS] = { .type = NLA_U32 },
1448 	};
1449 	struct nl80211_get_assoc_freq_arg *ctx = arg;
1450 	enum nl80211_bss_status status;
1451 
1452 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1453 		  genlmsg_attrlen(gnlh, 0), NULL);
1454 	if (!tb[NL80211_ATTR_BSS] ||
1455 	    nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
1456 			     bss_policy) ||
1457 	    !bss[NL80211_BSS_STATUS])
1458 		return NL_SKIP;
1459 
1460 	status = nla_get_u32(bss[NL80211_BSS_STATUS]);
1461 	if (status == NL80211_BSS_STATUS_ASSOCIATED &&
1462 	    bss[NL80211_BSS_FREQUENCY]) {
1463 		ctx->assoc_freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
1464 		wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz",
1465 			   ctx->assoc_freq);
1466 	}
1467 	if (status == NL80211_BSS_STATUS_IBSS_JOINED &&
1468 	    bss[NL80211_BSS_FREQUENCY]) {
1469 		ctx->ibss_freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
1470 		wpa_printf(MSG_DEBUG, "nl80211: IBSS-joined on %u MHz",
1471 			   ctx->ibss_freq);
1472 	}
1473 	if (status == NL80211_BSS_STATUS_ASSOCIATED &&
1474 	    bss[NL80211_BSS_BSSID]) {
1475 		os_memcpy(ctx->assoc_bssid,
1476 			  nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN);
1477 		wpa_printf(MSG_DEBUG, "nl80211: Associated with "
1478 			   MACSTR, MAC2STR(ctx->assoc_bssid));
1479 	}
1480 
1481 	if (status == NL80211_BSS_STATUS_ASSOCIATED &&
1482 	    bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
1483 		const u8 *ie, *ssid;
1484 		size_t ie_len;
1485 
1486 		ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1487 		ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1488 		ssid = get_ie(ie, ie_len, WLAN_EID_SSID);
1489 		if (ssid && ssid[1] > 0 && ssid[1] <= SSID_MAX_LEN) {
1490 			ctx->assoc_ssid_len = ssid[1];
1491 			os_memcpy(ctx->assoc_ssid, ssid + 2, ssid[1]);
1492 		}
1493 	}
1494 
1495 	return NL_SKIP;
1496 }
1497 
1498 
1499 int nl80211_get_assoc_ssid(struct wpa_driver_nl80211_data *drv, u8 *ssid)
1500 {
1501 	struct nl_msg *msg;
1502 	int ret;
1503 	struct nl80211_get_assoc_freq_arg arg;
1504 	int count = 0;
1505 
1506 try_again:
1507 	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1508 	os_memset(&arg, 0, sizeof(arg));
1509 	arg.drv = drv;
1510 	ret = send_and_recv_msgs(drv, msg, nl80211_get_assoc_freq_handler,
1511 				 &arg, NULL, NULL);
1512 	if (ret == -EAGAIN) {
1513 		count++;
1514 		if (count >= 10) {
1515 			wpa_printf(MSG_INFO,
1516 				   "nl80211: Failed to receive consistent scan result dump for get_assoc_ssid");
1517 		} else {
1518 			wpa_printf(MSG_DEBUG,
1519 				   "nl80211: Failed to receive consistent scan result dump for get_assoc_ssid - try again");
1520 			goto try_again;
1521 		}
1522 	}
1523 	if (ret == 0) {
1524 		os_memcpy(ssid, arg.assoc_ssid, arg.assoc_ssid_len);
1525 		return arg.assoc_ssid_len;
1526 	}
1527 	wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d (%s)",
1528 		   ret, strerror(-ret));
1529 	return ret;
1530 }
1531 
1532 
1533 unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
1534 {
1535 	struct nl_msg *msg;
1536 	int ret;
1537 	struct nl80211_get_assoc_freq_arg arg;
1538 	int count = 0;
1539 
1540 try_again:
1541 	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1542 	os_memset(&arg, 0, sizeof(arg));
1543 	arg.drv = drv;
1544 	ret = send_and_recv_msgs(drv, msg, nl80211_get_assoc_freq_handler,
1545 				 &arg, NULL, NULL);
1546 	if (ret == -EAGAIN) {
1547 		count++;
1548 		if (count >= 10) {
1549 			wpa_printf(MSG_INFO,
1550 				   "nl80211: Failed to receive consistent scan result dump for get_assoc_freq");
1551 		} else {
1552 			wpa_printf(MSG_DEBUG,
1553 				   "nl80211: Failed to receive consistent scan result dump for get_assoc_freq - try again");
1554 			goto try_again;
1555 		}
1556 	}
1557 	if (ret == 0) {
1558 		unsigned int freq = drv->nlmode == NL80211_IFTYPE_ADHOC ?
1559 			arg.ibss_freq : arg.assoc_freq;
1560 		wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
1561 			   "associated BSS from scan results: %u MHz", freq);
1562 		if (freq)
1563 			drv->assoc_freq = freq;
1564 		return drv->assoc_freq;
1565 	}
1566 	wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1567 		   "(%s)", ret, strerror(-ret));
1568 	return drv->assoc_freq;
1569 }
1570 
1571 
1572 static int get_link_signal(struct nl_msg *msg, void *arg)
1573 {
1574 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
1575 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1576 	struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
1577 	static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
1578 		[NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
1579 		[NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 },
1580 		[NL80211_STA_INFO_BEACON_SIGNAL_AVG] = { .type = NLA_U8 },
1581 	};
1582 	struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
1583 	static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
1584 		[NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
1585 		[NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
1586 		[NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
1587 		[NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
1588 	};
1589 	struct wpa_signal_info *sig_change = arg;
1590 
1591 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1592 		  genlmsg_attrlen(gnlh, 0), NULL);
1593 	if (!tb[NL80211_ATTR_STA_INFO] ||
1594 	    nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
1595 			     tb[NL80211_ATTR_STA_INFO], policy))
1596 		return NL_SKIP;
1597 	if (!sinfo[NL80211_STA_INFO_SIGNAL])
1598 		return NL_SKIP;
1599 
1600 	sig_change->current_signal =
1601 		(s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
1602 
1603 	if (sinfo[NL80211_STA_INFO_SIGNAL_AVG])
1604 		sig_change->avg_signal =
1605 			(s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]);
1606 	else
1607 		sig_change->avg_signal = 0;
1608 
1609 	if (sinfo[NL80211_STA_INFO_BEACON_SIGNAL_AVG])
1610 		sig_change->avg_beacon_signal =
1611 			(s8)
1612 			nla_get_u8(sinfo[NL80211_STA_INFO_BEACON_SIGNAL_AVG]);
1613 	else
1614 		sig_change->avg_beacon_signal = 0;
1615 
1616 	if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
1617 		if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
1618 				     sinfo[NL80211_STA_INFO_TX_BITRATE],
1619 				     rate_policy)) {
1620 			sig_change->current_txrate = 0;
1621 		} else {
1622 			if (rinfo[NL80211_RATE_INFO_BITRATE]) {
1623 				sig_change->current_txrate =
1624 					nla_get_u16(rinfo[
1625 					     NL80211_RATE_INFO_BITRATE]) * 100;
1626 			}
1627 		}
1628 	}
1629 
1630 	return NL_SKIP;
1631 }
1632 
1633 
1634 int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
1635 			    struct wpa_signal_info *sig)
1636 {
1637 	struct nl_msg *msg;
1638 
1639 	sig->current_signal = -WPA_INVALID_NOISE;
1640 	sig->current_txrate = 0;
1641 
1642 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_STATION)) ||
1643 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid)) {
1644 		nlmsg_free(msg);
1645 		return -ENOBUFS;
1646 	}
1647 
1648 	return send_and_recv_msgs(drv, msg, get_link_signal, sig, NULL, NULL);
1649 }
1650 
1651 
1652 static int get_link_noise(struct nl_msg *msg, void *arg)
1653 {
1654 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
1655 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1656 	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1657 	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1658 		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1659 		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1660 	};
1661 	struct wpa_signal_info *sig_change = arg;
1662 
1663 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1664 		  genlmsg_attrlen(gnlh, 0), NULL);
1665 
1666 	if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1667 		wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
1668 		return NL_SKIP;
1669 	}
1670 
1671 	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1672 			     tb[NL80211_ATTR_SURVEY_INFO],
1673 			     survey_policy)) {
1674 		wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
1675 			   "attributes!");
1676 		return NL_SKIP;
1677 	}
1678 
1679 	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1680 		return NL_SKIP;
1681 
1682 	if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1683 	    sig_change->frequency)
1684 		return NL_SKIP;
1685 
1686 	if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1687 		return NL_SKIP;
1688 
1689 	sig_change->current_noise =
1690 		(s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1691 
1692 	return NL_SKIP;
1693 }
1694 
1695 
1696 int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
1697 			   struct wpa_signal_info *sig_change)
1698 {
1699 	struct nl_msg *msg;
1700 
1701 	sig_change->current_noise = WPA_INVALID_NOISE;
1702 	sig_change->frequency = drv->assoc_freq;
1703 
1704 	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
1705 	return send_and_recv_msgs(drv, msg, get_link_noise, sig_change,
1706 				  NULL, NULL);
1707 }
1708 
1709 
1710 static int get_channel_info(struct nl_msg *msg, void *arg)
1711 {
1712 	struct nlattr *tb[NL80211_ATTR_MAX + 1] = { 0 };
1713 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1714 	struct wpa_channel_info *chan_info = arg;
1715 
1716 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1717 		  genlmsg_attrlen(gnlh, 0), NULL);
1718 
1719 	os_memset(chan_info, 0, sizeof(struct wpa_channel_info));
1720 	chan_info->chanwidth = CHAN_WIDTH_UNKNOWN;
1721 
1722 	if (tb[NL80211_ATTR_WIPHY_FREQ])
1723 		chan_info->frequency =
1724 			nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
1725 	if (tb[NL80211_ATTR_CHANNEL_WIDTH])
1726 		chan_info->chanwidth = convert2width(
1727 			nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH]));
1728 	if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1729 		enum nl80211_channel_type ct =
1730 			nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1731 
1732 		switch (ct) {
1733 		case NL80211_CHAN_HT40MINUS:
1734 			chan_info->sec_channel = -1;
1735 			break;
1736 		case NL80211_CHAN_HT40PLUS:
1737 			chan_info->sec_channel = 1;
1738 			break;
1739 		default:
1740 			chan_info->sec_channel = 0;
1741 			break;
1742 		}
1743 	}
1744 	if (tb[NL80211_ATTR_CENTER_FREQ1])
1745 		chan_info->center_frq1 =
1746 			nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
1747 	if (tb[NL80211_ATTR_CENTER_FREQ2])
1748 		chan_info->center_frq2 =
1749 			nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
1750 
1751 	if (chan_info->center_frq2) {
1752 		u8 seg1_idx = 0;
1753 
1754 		if (ieee80211_freq_to_chan(chan_info->center_frq2, &seg1_idx) !=
1755 		    NUM_HOSTAPD_MODES)
1756 			chan_info->seg1_idx = seg1_idx;
1757 	}
1758 
1759 	return NL_SKIP;
1760 }
1761 
1762 
1763 static int nl80211_channel_info(void *priv, struct wpa_channel_info *ci)
1764 {
1765 	struct i802_bss *bss = priv;
1766 	struct wpa_driver_nl80211_data *drv = bss->drv;
1767 	struct nl_msg *msg;
1768 
1769 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_INTERFACE);
1770 	return send_and_recv_msgs(drv, msg, get_channel_info, ci, NULL, NULL);
1771 }
1772 
1773 
1774 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
1775 					     void *handle)
1776 {
1777 	struct nl_cb *cb = eloop_ctx;
1778 	int res;
1779 
1780 	wpa_printf(MSG_MSGDUMP, "nl80211: Event message available");
1781 
1782 	res = nl_recvmsgs(handle, cb);
1783 	if (res < 0) {
1784 		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
1785 			   __func__, res);
1786 	}
1787 }
1788 
1789 
1790 /**
1791  * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
1792  * @priv: driver_nl80211 private data
1793  * @alpha2_arg: country to which to switch to
1794  * Returns: 0 on success, -1 on failure
1795  *
1796  * This asks nl80211 to set the regulatory domain for given
1797  * country ISO / IEC alpha2.
1798  */
1799 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
1800 {
1801 	struct i802_bss *bss = priv;
1802 	struct wpa_driver_nl80211_data *drv = bss->drv;
1803 	char alpha2[3];
1804 	struct nl_msg *msg;
1805 
1806 	msg = nlmsg_alloc();
1807 	if (!msg)
1808 		return -ENOMEM;
1809 
1810 	alpha2[0] = alpha2_arg[0];
1811 	alpha2[1] = alpha2_arg[1];
1812 	alpha2[2] = '\0';
1813 
1814 	if (!nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG) ||
1815 	    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, alpha2)) {
1816 		nlmsg_free(msg);
1817 		return -EINVAL;
1818 	}
1819 	if (send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL))
1820 		return -EINVAL;
1821 	return 0;
1822 }
1823 
1824 
1825 static int nl80211_get_country(struct nl_msg *msg, void *arg)
1826 {
1827 	char *alpha2 = arg;
1828 	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
1829 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1830 
1831 	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1832 		  genlmsg_attrlen(gnlh, 0), NULL);
1833 	if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) {
1834 		wpa_printf(MSG_DEBUG, "nl80211: No country information available");
1835 		return NL_SKIP;
1836 	}
1837 	os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3);
1838 	return NL_SKIP;
1839 }
1840 
1841 
1842 static int wpa_driver_nl80211_get_country(void *priv, char *alpha2)
1843 {
1844 	struct i802_bss *bss = priv;
1845 	struct wpa_driver_nl80211_data *drv = bss->drv;
1846 	struct nl_msg *msg;
1847 	int ret;
1848 
1849 	msg = nlmsg_alloc();
1850 	if (!msg)
1851 		return -ENOMEM;
1852 
1853 	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG);
1854 	alpha2[0] = '\0';
1855 	ret = send_and_recv_msgs(drv, msg, nl80211_get_country, alpha2,
1856 				 NULL, NULL);
1857 	if (!alpha2[0])
1858 		ret = -1;
1859 
1860 	return ret;
1861 }
1862 
1863 
1864 static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
1865 {
1866 	int ret;
1867 
1868 	global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1869 	if (global->nl_cb == NULL) {
1870 		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1871 			   "callbacks");
1872 		return -1;
1873 	}
1874 
1875 	global->nl = nl_create_handle(global->nl_cb, "nl");
1876 	if (global->nl == NULL)
1877 		goto err;
1878 
1879 	global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211");
1880 	if (global->nl80211_id < 0) {
1881 		wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
1882 			   "found");
1883 		goto err;
1884 	}
1885 
1886 	global->nlctrl_id = genl_ctrl_resolve(global->nl, "nlctrl");
1887 	if (global->nlctrl_id < 0) {
1888 		wpa_printf(MSG_ERROR,
1889 			   "nl80211: 'nlctrl' generic netlink not found");
1890 		goto err;
1891 	}
1892 
1893 	global->nl_event = nl_create_handle(global->nl_cb, "event");
1894 	if (global->nl_event == NULL)
1895 		goto err;
1896 
1897 	ret = nl_get_multicast_id(global, "nl80211", "scan");
1898 	if (ret >= 0)
1899 		ret = nl_socket_add_membership(global->nl_event, ret);
1900 	if (ret < 0) {
1901 		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1902 			   "membership for scan events: %d (%s)",
1903 			   ret, nl_geterror(ret));
1904 		goto err;
1905 	}
1906 
1907 	ret = nl_get_multicast_id(global, "nl80211", "mlme");
1908 	if (ret >= 0)
1909 		ret = nl_socket_add_membership(global->nl_event, ret);
1910 	if (ret < 0) {
1911 		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1912 			   "membership for mlme events: %d (%s)",
1913 			   ret, nl_geterror(ret));
1914 		goto err;
1915 	}
1916 
1917 	ret = nl_get_multicast_id(global, "nl80211", "regulatory");
1918 	if (ret >= 0)
1919 		ret = nl_socket_add_membership(global->nl_event, ret);
1920 	if (ret < 0) {
1921 		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
1922 			   "membership for regulatory events: %d (%s)",
1923 			   ret, nl_geterror(ret));
1924 		/* Continue without regulatory events */
1925 	}
1926 
1927 	ret = nl_get_multicast_id(global, "nl80211", "vendor");
1928 	if (ret >= 0)
1929 		ret = nl_socket_add_membership(global->nl_event, ret);
1930 	if (ret < 0) {
1931 		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
1932 			   "membership for vendor events: %d (%s)",
1933 			   ret, nl_geterror(ret));
1934 		/* Continue without vendor events */
1935 	}
1936 
1937 	nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
1938 		  no_seq_check, NULL);
1939 	nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
1940 		  process_global_event, global);
1941 
1942 	nl80211_register_eloop_read(&global->nl_event,
1943 				    wpa_driver_nl80211_event_receive,
1944 				    global->nl_cb, 0);
1945 
1946 	return 0;
1947 
1948 err:
1949 	nl_destroy_handles(&global->nl_event);
1950 	nl_destroy_handles(&global->nl);
1951 	nl_cb_put(global->nl_cb);
1952 	global->nl_cb = NULL;
1953 	return -1;
1954 }
1955 
1956 
1957 static void nl80211_check_global(struct nl80211_global *global)
1958 {
1959 	struct nl_sock *handle;
1960 	const char *groups[] = { "scan", "mlme", "regulatory", "vendor", NULL };
1961 	int ret;
1962 	unsigned int i;
1963 
1964 	/*
1965 	 * Try to re-add memberships to handle case of cfg80211 getting reloaded
1966 	 * and all registration having been cleared.
1967 	 */
1968 	handle = (void *) (((intptr_t) global->nl_event) ^
1969 			   ELOOP_SOCKET_INVALID);
1970 
1971 	for (i = 0; groups[i]; i++) {
1972 		ret = nl_get_multicast_id(global, "nl80211", groups[i]);
1973 		if (ret >= 0)
1974 			ret = nl_socket_add_membership(handle, ret);
1975 		if (ret < 0) {
1976 			wpa_printf(MSG_INFO,
1977 				   "nl80211: Could not re-add multicast membership for %s events: %d (%s)",
1978 				   groups[i], ret, nl_geterror(ret));
1979 		}
1980 	}
1981 }
1982 
1983 
1984 static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
1985 {
1986 	struct wpa_driver_nl80211_data *drv = ctx;
1987 
1988 	wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
1989 
1990 	/*
1991 	 * rtnetlink ifdown handler will report interfaces other than the P2P
1992 	 * Device interface as disabled.
1993 	 */
1994 	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
1995 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL);
1996 }
1997 
1998 
1999 static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
2000 {
2001 	struct wpa_driver_nl80211_data *drv = ctx;
2002 	wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
2003 	if (i802_set_iface_flags(drv->first_bss, 1)) {
2004 		wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
2005 			   "after rfkill unblock");
2006 		return;
2007 	}
2008 
2009 	if (is_p2p_net_interface(drv->nlmode))
2010 		nl80211_disable_11b_rates(drv, drv->ifindex, 1);
2011 
2012 	/*
2013 	 * rtnetlink ifup handler will report interfaces other than the P2P
2014 	 * Device interface as enabled.
2015 	 */
2016 	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
2017 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL);
2018 }
2019 
2020 
2021 static void wpa_driver_nl80211_handle_eapol_tx_status(int sock,
2022 						      void *eloop_ctx,
2023 						      void *handle)
2024 {
2025 	struct wpa_driver_nl80211_data *drv = eloop_ctx;
2026 	u8 data[2048];
2027 	struct msghdr msg;
2028 	struct iovec entry;
2029 	u8 control[512];
2030 	struct cmsghdr *cmsg;
2031 	int res, found_ee = 0, found_wifi = 0, acked = 0;
2032 	union wpa_event_data event;
2033 
2034 	memset(&msg, 0, sizeof(msg));
2035 	msg.msg_iov = &entry;
2036 	msg.msg_iovlen = 1;
2037 	entry.iov_base = data;
2038 	entry.iov_len = sizeof(data);
2039 	msg.msg_control = &control;
2040 	msg.msg_controllen = sizeof(control);
2041 
2042 	res = recvmsg(sock, &msg, MSG_ERRQUEUE);
2043 	/* if error or not fitting 802.3 header, return */
2044 	if (res < 14)
2045 		return;
2046 
2047 	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
2048 	{
2049 		if (cmsg->cmsg_level == SOL_SOCKET &&
2050 		    cmsg->cmsg_type == SCM_WIFI_STATUS) {
2051 			int *ack;
2052 
2053 			found_wifi = 1;
2054 			ack = (void *)CMSG_DATA(cmsg);
2055 			acked = *ack;
2056 		}
2057 
2058 		if (cmsg->cmsg_level == SOL_PACKET &&
2059 		    cmsg->cmsg_type == PACKET_TX_TIMESTAMP) {
2060 			struct sock_extended_err *err =
2061 				(struct sock_extended_err *)CMSG_DATA(cmsg);
2062 
2063 			if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS)
2064 				found_ee = 1;
2065 		}
2066 	}
2067 
2068 	if (!found_ee || !found_wifi)
2069 		return;
2070 
2071 	memset(&event, 0, sizeof(event));
2072 	event.eapol_tx_status.dst = data;
2073 	event.eapol_tx_status.data = data + 14;
2074 	event.eapol_tx_status.data_len = res - 14;
2075 	event.eapol_tx_status.ack = acked;
2076 	wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event);
2077 }
2078 
2079 
2080 static int nl80211_init_connect_handle(struct i802_bss *bss)
2081 {
2082 	if (bss->nl_connect) {
2083 		wpa_printf(MSG_DEBUG,
2084 			   "nl80211: Connect handle already created (nl_connect=%p)",
2085 			   bss->nl_connect);
2086 		return -1;
2087 	}
2088 
2089 	bss->nl_connect = nl_create_handle(bss->nl_cb, "connect");
2090 	if (!bss->nl_connect)
2091 		return -1;
2092 	nl80211_register_eloop_read(&bss->nl_connect,
2093 				    wpa_driver_nl80211_event_receive,
2094 				    bss->nl_cb, 1);
2095 	return 0;
2096 }
2097 
2098 
2099 static int nl80211_init_bss(struct i802_bss *bss)
2100 {
2101 	bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2102 	if (!bss->nl_cb)
2103 		return -1;
2104 
2105 	nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
2106 		  no_seq_check, NULL);
2107 	nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
2108 		  process_bss_event, bss);
2109 
2110 	nl80211_init_connect_handle(bss);
2111 
2112 	return 0;
2113 }
2114 
2115 
2116 static void nl80211_destroy_bss(struct i802_bss *bss)
2117 {
2118 	nl_cb_put(bss->nl_cb);
2119 	bss->nl_cb = NULL;
2120 
2121 	if (bss->nl_connect)
2122 		nl80211_destroy_eloop_handle(&bss->nl_connect, 1);
2123 }
2124 
2125 
2126 static void
2127 wpa_driver_nl80211_drv_init_rfkill(struct wpa_driver_nl80211_data *drv)
2128 {
2129 	struct rfkill_config *rcfg;
2130 
2131 	if (drv->rfkill)
2132 		return;
2133 
2134 	rcfg = os_zalloc(sizeof(*rcfg));
2135 	if (!rcfg)
2136 		return;
2137 
2138 	rcfg->ctx = drv;
2139 
2140 	/* rfkill uses netdev sysfs for initialization. However, P2P Device is
2141 	 * not associated with a netdev, so use the name of some other interface
2142 	 * sharing the same wiphy as the P2P Device interface.
2143 	 *
2144 	 * Note: This is valid, as a P2P Device interface is always dynamically
2145 	 * created and is created only once another wpa_s interface was added.
2146 	 */
2147 	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) {
2148 		struct nl80211_global *global = drv->global;
2149 		struct wpa_driver_nl80211_data *tmp1;
2150 
2151 		dl_list_for_each(tmp1, &global->interfaces,
2152 				 struct wpa_driver_nl80211_data, list) {
2153 			if (drv == tmp1 || drv->wiphy_idx != tmp1->wiphy_idx ||
2154 			    !tmp1->rfkill)
2155 				continue;
2156 
2157 			wpa_printf(MSG_DEBUG,
2158 				   "nl80211: Use (%s) to initialize P2P Device rfkill",
2159 				   tmp1->first_bss->ifname);
2160 			os_strlcpy(rcfg->ifname, tmp1->first_bss->ifname,
2161 				   sizeof(rcfg->ifname));
2162 			break;
2163 		}
2164 	} else {
2165 		os_strlcpy(rcfg->ifname, drv->first_bss->ifname,
2166 			   sizeof(rcfg->ifname));
2167 	}
2168 
2169 	rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
2170 	rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
2171 	drv->rfkill = rfkill_init(rcfg);
2172 	if (!drv->rfkill) {
2173 		wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
2174 		os_free(rcfg);
2175 	}
2176 }
2177 
2178 
2179 static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname,
2180 					  void *global_priv, int hostapd,
2181 					  const u8 *set_addr,
2182 					  const char *driver_params)
2183 {
2184 	struct wpa_driver_nl80211_data *drv;
2185 	struct i802_bss *bss;
2186 
2187 	if (global_priv == NULL)
2188 		return NULL;
2189 	drv = os_zalloc(sizeof(*drv));
2190 	if (drv == NULL)
2191 		return NULL;
2192 	drv->global = global_priv;
2193 	drv->ctx = ctx;
2194 	drv->hostapd = !!hostapd;
2195 	drv->eapol_sock = -1;
2196 
2197 	/*
2198 	 * There is no driver capability flag for this, so assume it is
2199 	 * supported and disable this on first attempt to use if the driver
2200 	 * rejects the command due to missing support.
2201 	 */
2202 	drv->set_rekey_offload = 1;
2203 
2204 	drv->num_if_indices = ARRAY_SIZE(drv->default_if_indices);
2205 	drv->if_indices = drv->default_if_indices;
2206 
2207 	drv->first_bss = os_zalloc(sizeof(*drv->first_bss));
2208 	if (!drv->first_bss) {
2209 		os_free(drv);
2210 		return NULL;
2211 	}
2212 	bss = drv->first_bss;
2213 	bss->drv = drv;
2214 	bss->ctx = ctx;
2215 
2216 	os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
2217 	drv->monitor_ifidx = -1;
2218 	drv->monitor_sock = -1;
2219 	drv->eapol_tx_sock = -1;
2220 	drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
2221 
2222 	if (nl80211_init_bss(bss))
2223 		goto failed;
2224 
2225 	if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1, driver_params))
2226 		goto failed;
2227 
2228 	if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_TX_STATUS) {
2229 		drv->control_port_ap = 1;
2230 		goto skip_wifi_status;
2231 	}
2232 
2233 	drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
2234 	if (drv->eapol_tx_sock < 0)
2235 		goto failed;
2236 
2237 	if (drv->data_tx_status) {
2238 		int enabled = 1;
2239 
2240 		if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS,
2241 			       &enabled, sizeof(enabled)) < 0) {
2242 			wpa_printf(MSG_DEBUG,
2243 				   "nl80211: wifi status sockopt failed: %s",
2244 				   strerror(errno));
2245 			drv->data_tx_status = 0;
2246 			if (!drv->use_monitor)
2247 				drv->capa.flags &=
2248 					~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
2249 		} else {
2250 			eloop_register_read_sock(
2251 				drv->eapol_tx_sock,
2252 				wpa_driver_nl80211_handle_eapol_tx_status,
2253 				drv, NULL);
2254 		}
2255 	}
2256 skip_wifi_status:
2257 
2258 	if (drv->global) {
2259 		nl80211_check_global(drv->global);
2260 		dl_list_add(&drv->global->interfaces, &drv->list);
2261 		drv->in_interface_list = 1;
2262 	}
2263 
2264 	return bss;
2265 
2266 failed:
2267 	wpa_driver_nl80211_deinit(bss);
2268 	return NULL;
2269 }
2270 
2271 
2272 /**
2273  * wpa_driver_nl80211_init - Initialize nl80211 driver interface
2274  * @ctx: context to be used when calling wpa_supplicant functions,
2275  * e.g., wpa_supplicant_event()
2276  * @ifname: interface name, e.g., wlan0
2277  * @global_priv: private driver global data from global_init()
2278  * Returns: Pointer to private data, %NULL on failure
2279  */
2280 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
2281 				      void *global_priv)
2282 {
2283 	return wpa_driver_nl80211_drv_init(ctx, ifname, global_priv, 0, NULL,
2284 					   NULL);
2285 }
2286 
2287 
2288 static int nl80211_register_frame(struct i802_bss *bss,
2289 				  struct nl_sock *nl_handle,
2290 				  u16 type, const u8 *match, size_t match_len,
2291 				  bool multicast)
2292 {
2293 	struct wpa_driver_nl80211_data *drv = bss->drv;
2294 	struct nl_msg *msg;
2295 	int ret;
2296 	char buf[30];
2297 
2298 	buf[0] = '\0';
2299 	wpa_snprintf_hex(buf, sizeof(buf), match, match_len);
2300 	wpa_printf(MSG_DEBUG,
2301 		   "nl80211: Register frame type=0x%x (%s) nl_handle=%p match=%s multicast=%d",
2302 		   type, fc2str(type), nl_handle, buf, multicast);
2303 
2304 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_REGISTER_FRAME)) ||
2305 	    (multicast && nla_put_flag(msg, NL80211_ATTR_RECEIVE_MULTICAST)) ||
2306 	    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, type) ||
2307 	    nla_put(msg, NL80211_ATTR_FRAME_MATCH, match_len, match)) {
2308 		nlmsg_free(msg);
2309 		return -1;
2310 	}
2311 
2312 	ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL,
2313 			    NULL, NULL);
2314 	if (ret) {
2315 		wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
2316 			   "failed (type=%u): ret=%d (%s)",
2317 			   type, ret, strerror(-ret));
2318 		wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
2319 			    match, match_len);
2320 	}
2321 	return ret;
2322 }
2323 
2324 
2325 static int nl80211_alloc_mgmt_handle(struct i802_bss *bss)
2326 {
2327 	if (bss->nl_mgmt) {
2328 		wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting "
2329 			   "already on! (nl_mgmt=%p)", bss->nl_mgmt);
2330 		return -1;
2331 	}
2332 
2333 	bss->nl_mgmt = nl_create_handle(bss->nl_cb, "mgmt");
2334 	if (bss->nl_mgmt == NULL)
2335 		return -1;
2336 
2337 	return 0;
2338 }
2339 
2340 
2341 static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss)
2342 {
2343 	nl80211_register_eloop_read(&bss->nl_mgmt,
2344 				    wpa_driver_nl80211_event_receive,
2345 				    bss->nl_cb, 0);
2346 }
2347 
2348 
2349 static int nl80211_register_action_frame(struct i802_bss *bss,
2350 					 const u8 *match, size_t match_len)
2351 {
2352 	u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
2353 	return nl80211_register_frame(bss, bss->nl_mgmt,
2354 				      type, match, match_len, false);
2355 }
2356 
2357 
2358 static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
2359 {
2360 	struct wpa_driver_nl80211_data *drv = bss->drv;
2361 	u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4);
2362 	int ret = 0;
2363 
2364 	if (nl80211_alloc_mgmt_handle(bss))
2365 		return -1;
2366 	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP "
2367 		   "handle %p", bss->nl_mgmt);
2368 
2369 	if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
2370 		/* register for any AUTH message */
2371 		nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0, false);
2372 	} else if ((drv->capa.flags & WPA_DRIVER_FLAGS_SAE) &&
2373 		   !(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
2374 		/* register for SAE Authentication frames */
2375 		nl80211_register_frame(bss, bss->nl_mgmt, type,
2376 				       (u8 *) "\x03\x00", 2, false);
2377 	}
2378 
2379 #ifdef CONFIG_PASN
2380 	/* register for PASN Authentication frames */
2381 	if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) &&
2382 	    nl80211_register_frame(bss, bss->nl_mgmt, type,
2383 				   (u8 *) "\x07\x00", 2, false))
2384 		ret = -1;
2385 #endif /* CONFIG_PASN */
2386 
2387 #ifdef CONFIG_INTERWORKING
2388 	/* QoS Map Configure */
2389 	if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0)
2390 		ret = -1;
2391 #endif /* CONFIG_INTERWORKING */
2392 #if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING) || defined(CONFIG_DPP)
2393 	/* GAS Initial Request */
2394 	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0)
2395 		ret = -1;
2396 	/* GAS Initial Response */
2397 	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0)
2398 		ret = -1;
2399 	/* GAS Comeback Request */
2400 	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0)
2401 		ret = -1;
2402 	/* GAS Comeback Response */
2403 	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0)
2404 		ret = -1;
2405 	/* Protected GAS Initial Request */
2406 	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0a", 2) < 0)
2407 		ret = -1;
2408 	/* Protected GAS Initial Response */
2409 	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0b", 2) < 0)
2410 		ret = -1;
2411 	/* Protected GAS Comeback Request */
2412 	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0c", 2) < 0)
2413 		ret = -1;
2414 	/* Protected GAS Comeback Response */
2415 	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0d", 2) < 0)
2416 		ret = -1;
2417 #endif /* CONFIG_P2P || CONFIG_INTERWORKING || CONFIG_DPP */
2418 #ifdef CONFIG_P2P
2419 	/* P2P Public Action */
2420 	if (nl80211_register_action_frame(bss,
2421 					  (u8 *) "\x04\x09\x50\x6f\x9a\x09",
2422 					  6) < 0)
2423 		ret = -1;
2424 	/* P2P Action */
2425 	if (nl80211_register_action_frame(bss,
2426 					  (u8 *) "\x7f\x50\x6f\x9a\x09",
2427 					  5) < 0)
2428 		ret = -1;
2429 #endif /* CONFIG_P2P */
2430 #ifdef CONFIG_DPP
2431 	/* DPP Public Action */
2432 	if (nl80211_register_action_frame(bss,
2433 					  (u8 *) "\x04\x09\x50\x6f\x9a\x1a",
2434 					  6) < 0)
2435 		ret = -1;
2436 #endif /* CONFIG_DPP */
2437 #ifdef CONFIG_OCV
2438 	/* SA Query Request */
2439 	if (nl80211_register_action_frame(bss, (u8 *) "\x08\x00", 2) < 0)
2440 		ret = -1;
2441 #endif /* CONFIG_OCV */
2442 	/* SA Query Response */
2443 	if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0)
2444 		ret = -1;
2445 #ifdef CONFIG_TDLS
2446 	if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) {
2447 		/* TDLS Discovery Response */
2448 		if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) <
2449 		    0)
2450 			ret = -1;
2451 	}
2452 #endif /* CONFIG_TDLS */
2453 #ifdef CONFIG_FST
2454 	/* FST Action frames */
2455 	if (nl80211_register_action_frame(bss, (u8 *) "\x12", 1) < 0)
2456 		ret = -1;
2457 #endif /* CONFIG_FST */
2458 
2459 	/* FT Action frames */
2460 	if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
2461 		ret = -1;
2462 	else if (!drv->has_driver_key_mgmt) {
2463 		int i;
2464 
2465 		/* Update supported AKMs only if the driver doesn't advertize
2466 		 * any AKM capabilities. */
2467 		drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
2468 			WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
2469 
2470 		/* Update per interface supported AKMs */
2471 		for (i = 0; i < WPA_IF_MAX; i++)
2472 			drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt;
2473 	}
2474 
2475 	/* WNM - BSS Transition Management Request */
2476 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0)
2477 		ret = -1;
2478 	/* WNM-Sleep Mode Response */
2479 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0)
2480 		ret = -1;
2481 #ifdef CONFIG_WNM
2482 	/* WNM - Collocated Interference Request */
2483 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x0b", 2) < 0)
2484 		ret = -1;
2485 #endif /* CONFIG_WNM */
2486 
2487 #ifdef CONFIG_HS20
2488 	/* WNM-Notification */
2489 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x1a", 2) < 0)
2490 		ret = -1;
2491 #endif /* CONFIG_HS20 */
2492 
2493 	/* WMM-AC ADDTS Response */
2494 	if (nl80211_register_action_frame(bss, (u8 *) "\x11\x01", 2) < 0)
2495 		ret = -1;
2496 
2497 	/* WMM-AC DELTS */
2498 	if (nl80211_register_action_frame(bss, (u8 *) "\x11\x02", 2) < 0)
2499 		ret = -1;
2500 
2501 	/* Radio Measurement - Neighbor Report Response */
2502 	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x05", 2) < 0)
2503 		ret = -1;
2504 
2505 	/* Radio Measurement - Radio Measurement Request */
2506 	if  (!drv->no_rrm &&
2507 	     nl80211_register_action_frame(bss, (u8 *) "\x05\x00", 2) < 0)
2508 		ret = -1;
2509 
2510 	/* Radio Measurement - Link Measurement Request */
2511 	if ((drv->capa.rrm_flags & WPA_DRIVER_FLAGS_TX_POWER_INSERTION) &&
2512 	    (nl80211_register_action_frame(bss, (u8 *) "\x05\x02", 2) < 0))
2513 		ret = -1;
2514 
2515 	/* Robust AV SCS Response */
2516 	if (nl80211_register_action_frame(bss, (u8 *) "\x13\x01", 2) < 0)
2517 		ret = -1;
2518 
2519 	/* Robust AV MSCS Response */
2520 	if (nl80211_register_action_frame(bss, (u8 *) "\x13\x05", 2) < 0)
2521 		ret = -1;
2522 
2523 	/* Protected QoS Management Action frame */
2524 	if (nl80211_register_action_frame(bss, (u8 *) "\x7e\x50\x6f\x9a\x1a",
2525 					  5) < 0)
2526 		ret = -1;
2527 
2528 	nl80211_mgmt_handle_register_eloop(bss);
2529 
2530 	return ret;
2531 }
2532 
2533 
2534 static int nl80211_mgmt_subscribe_mesh(struct i802_bss *bss)
2535 {
2536 	int ret = 0;
2537 
2538 	if (nl80211_alloc_mgmt_handle(bss))
2539 		return -1;
2540 
2541 	wpa_printf(MSG_DEBUG,
2542 		   "nl80211: Subscribe to mgmt frames with mesh handle %p",
2543 		   bss->nl_mgmt);
2544 
2545 	/* Auth frames for mesh SAE */
2546 	if (nl80211_register_frame(bss, bss->nl_mgmt,
2547 				   (WLAN_FC_TYPE_MGMT << 2) |
2548 				   (WLAN_FC_STYPE_AUTH << 4),
2549 				   NULL, 0, false) < 0)
2550 		ret = -1;
2551 
2552 	/* Mesh peering open */
2553 	if (nl80211_register_action_frame(bss, (u8 *) "\x0f\x01", 2) < 0)
2554 		ret = -1;
2555 	/* Mesh peering confirm */
2556 	if (nl80211_register_action_frame(bss, (u8 *) "\x0f\x02", 2) < 0)
2557 		ret = -1;
2558 	/* Mesh peering close */
2559 	if (nl80211_register_action_frame(bss, (u8 *) "\x0f\x03", 2) < 0)
2560 		ret = -1;
2561 
2562 	nl80211_mgmt_handle_register_eloop(bss);
2563 
2564 	return ret;
2565 }
2566 
2567 
2568 static int nl80211_register_spurious_class3(struct i802_bss *bss)
2569 {
2570 	struct nl_msg *msg;
2571 	int ret;
2572 
2573 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_UNEXPECTED_FRAME);
2574 	ret = send_and_recv(bss->drv->global, bss->nl_mgmt, msg, NULL, NULL,
2575 			    NULL, NULL);
2576 	if (ret) {
2577 		wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 "
2578 			   "failed: ret=%d (%s)",
2579 			   ret, strerror(-ret));
2580 	}
2581 	return ret;
2582 }
2583 
2584 
2585 static int nl80211_action_subscribe_ap(struct i802_bss *bss)
2586 {
2587 	int ret = 0;
2588 
2589 	/* Public Action frames */
2590 	if (nl80211_register_action_frame(bss, (u8 *) "\x04", 1) < 0)
2591 		ret = -1;
2592 	/* RRM Measurement Report */
2593 	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x01", 2) < 0)
2594 		ret = -1;
2595 	/* RRM Link Measurement Report */
2596 	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x03", 2) < 0)
2597 		ret = -1;
2598 	/* RRM Neighbor Report Request */
2599 	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x04", 2) < 0)
2600 		ret = -1;
2601 	/* FT Action frames */
2602 	if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
2603 		ret = -1;
2604 	/* SA Query */
2605 	if (nl80211_register_action_frame(bss, (u8 *) "\x08", 1) < 0)
2606 		ret = -1;
2607 	/* Protected Dual of Public Action */
2608 	if (nl80211_register_action_frame(bss, (u8 *) "\x09", 1) < 0)
2609 		ret = -1;
2610 	/* WNM */
2611 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a", 1) < 0)
2612 		ret = -1;
2613 	/* WMM */
2614 	if (nl80211_register_action_frame(bss, (u8 *) "\x11", 1) < 0)
2615 		ret = -1;
2616 #ifdef CONFIG_FST
2617 	/* FST Action frames */
2618 	if (nl80211_register_action_frame(bss, (u8 *) "\x12", 1) < 0)
2619 		ret = -1;
2620 #endif /* CONFIG_FST */
2621 	/* Vendor-specific */
2622 	if (nl80211_register_action_frame(bss, (u8 *) "\x7f", 1) < 0)
2623 		ret = -1;
2624 
2625 	return ret;
2626 }
2627 
2628 
2629 static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss)
2630 {
2631 	static const int stypes[] = {
2632 		WLAN_FC_STYPE_AUTH,
2633 		WLAN_FC_STYPE_ASSOC_REQ,
2634 		WLAN_FC_STYPE_REASSOC_REQ,
2635 		WLAN_FC_STYPE_DISASSOC,
2636 		WLAN_FC_STYPE_DEAUTH,
2637 		WLAN_FC_STYPE_PROBE_REQ,
2638 /* Beacon doesn't work as mac80211 doesn't currently allow
2639  * it, but it wouldn't really be the right thing anyway as
2640  * it isn't per interface ... maybe just dump the scan
2641  * results periodically for OLBC?
2642  */
2643 		/* WLAN_FC_STYPE_BEACON, */
2644 	};
2645 	unsigned int i;
2646 
2647 	if (nl80211_alloc_mgmt_handle(bss))
2648 		return -1;
2649 	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
2650 		   "handle %p", bss->nl_mgmt);
2651 
2652 	for (i = 0; i < ARRAY_SIZE(stypes); i++) {
2653 		if (nl80211_register_frame(bss, bss->nl_mgmt,
2654 					   (WLAN_FC_TYPE_MGMT << 2) |
2655 					   (stypes[i] << 4),
2656 					   NULL, 0, false) < 0) {
2657 			goto out_err;
2658 		}
2659 	}
2660 
2661 	if (nl80211_action_subscribe_ap(bss))
2662 		goto out_err;
2663 
2664 	if (nl80211_register_spurious_class3(bss))
2665 		goto out_err;
2666 
2667 	nl80211_mgmt_handle_register_eloop(bss);
2668 	return 0;
2669 
2670 out_err:
2671 	nl_destroy_handles(&bss->nl_mgmt);
2672 	return -1;
2673 }
2674 
2675 
2676 static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss)
2677 {
2678 	if (nl80211_alloc_mgmt_handle(bss))
2679 		return -1;
2680 	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
2681 		   "handle %p (device SME)", bss->nl_mgmt);
2682 
2683 	if (nl80211_action_subscribe_ap(bss))
2684 		goto out_err;
2685 
2686 	if (bss->drv->device_ap_sme) {
2687 		u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4);
2688 
2689 		/* Register for all Authentication frames */
2690 		if (nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0,
2691 					   false) < 0)
2692 			wpa_printf(MSG_DEBUG,
2693 				   "nl80211: Failed to subscribe to handle Authentication frames - SAE offload may not work");
2694 	}
2695 
2696 	nl80211_mgmt_handle_register_eloop(bss);
2697 	return 0;
2698 
2699 out_err:
2700 	nl_destroy_handles(&bss->nl_mgmt);
2701 	return -1;
2702 }
2703 
2704 
2705 static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason)
2706 {
2707 	if (bss->nl_mgmt == NULL)
2708 		return;
2709 	wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p "
2710 		   "(%s)", bss->nl_mgmt, reason);
2711 	nl80211_destroy_eloop_handle(&bss->nl_mgmt, 0);
2712 
2713 	nl80211_put_wiphy_data_ap(bss);
2714 }
2715 
2716 
2717 static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
2718 {
2719 	wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
2720 }
2721 
2722 
2723 static void nl80211_del_p2pdev(struct i802_bss *bss)
2724 {
2725 	struct nl_msg *msg;
2726 	int ret;
2727 
2728 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_DEL_INTERFACE);
2729 	ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
2730 
2731 	wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s",
2732 		   bss->ifname, (long long unsigned int) bss->wdev_id,
2733 		   strerror(-ret));
2734 }
2735 
2736 
2737 static int nl80211_set_p2pdev(struct i802_bss *bss, int start)
2738 {
2739 	struct nl_msg *msg;
2740 	int ret;
2741 
2742 	msg = nl80211_cmd_msg(bss, 0, start ? NL80211_CMD_START_P2P_DEVICE :
2743 			      NL80211_CMD_STOP_P2P_DEVICE);
2744 	ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
2745 
2746 	wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s",
2747 		   start ? "Start" : "Stop",
2748 		   bss->ifname, (long long unsigned int) bss->wdev_id,
2749 		   strerror(-ret));
2750 	return ret;
2751 }
2752 
2753 
2754 static int i802_set_iface_flags(struct i802_bss *bss, int up)
2755 {
2756 	enum nl80211_iftype nlmode;
2757 
2758 	nlmode = nl80211_get_ifmode(bss);
2759 	if (nlmode != NL80211_IFTYPE_P2P_DEVICE) {
2760 		return linux_set_iface_flags(bss->drv->global->ioctl_sock,
2761 					     bss->ifname, up);
2762 	}
2763 
2764 	/* P2P Device has start/stop which is equivalent */
2765 	return nl80211_set_p2pdev(bss, up);
2766 }
2767 
2768 
2769 #ifdef CONFIG_TESTING_OPTIONS
2770 static int qca_vendor_test_cmd_handler(struct nl_msg *msg, void *arg)
2771 {
2772 	/* struct wpa_driver_nl80211_data *drv = arg; */
2773 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
2774 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2775 
2776 
2777 	wpa_printf(MSG_DEBUG,
2778 		   "nl80211: QCA vendor test command response received");
2779 
2780 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2781 		  genlmsg_attrlen(gnlh, 0), NULL);
2782 	if (!tb[NL80211_ATTR_VENDOR_DATA]) {
2783 		wpa_printf(MSG_DEBUG, "nl80211: No vendor data attribute");
2784 		return NL_SKIP;
2785 	}
2786 
2787 	wpa_hexdump(MSG_DEBUG,
2788 		    "nl80211: Received QCA vendor test command response",
2789 		    nla_data(tb[NL80211_ATTR_VENDOR_DATA]),
2790 		    nla_len(tb[NL80211_ATTR_VENDOR_DATA]));
2791 
2792 	return NL_SKIP;
2793 }
2794 #endif /* CONFIG_TESTING_OPTIONS */
2795 
2796 
2797 static void qca_vendor_test(struct wpa_driver_nl80211_data *drv)
2798 {
2799 #ifdef CONFIG_TESTING_OPTIONS
2800 	struct nl_msg *msg;
2801 	struct nlattr *params;
2802 	int ret;
2803 
2804 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
2805 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
2806 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
2807 			QCA_NL80211_VENDOR_SUBCMD_TEST) ||
2808 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
2809 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_TEST, 123)) {
2810 		nlmsg_free(msg);
2811 		return;
2812 	}
2813 	nla_nest_end(msg, params);
2814 
2815 	ret = send_and_recv_msgs(drv, msg, qca_vendor_test_cmd_handler, drv,
2816 				 NULL, NULL);
2817 	wpa_printf(MSG_DEBUG,
2818 		   "nl80211: QCA vendor test command returned %d (%s)",
2819 		   ret, strerror(-ret));
2820 #endif /* CONFIG_TESTING_OPTIONS */
2821 }
2822 
2823 
2824 static int
2825 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
2826 				   const u8 *set_addr, int first,
2827 				   const char *driver_params)
2828 {
2829 	struct i802_bss *bss = drv->first_bss;
2830 	int send_rfkill_event = 0;
2831 	enum nl80211_iftype nlmode;
2832 
2833 	drv->ifindex = if_nametoindex(bss->ifname);
2834 	bss->ifindex = drv->ifindex;
2835 	bss->wdev_id = drv->global->if_add_wdevid;
2836 	bss->wdev_id_set = drv->global->if_add_wdevid_set;
2837 
2838 	bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex;
2839 	bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set;
2840 	drv->global->if_add_wdevid_set = 0;
2841 
2842 	if (!bss->if_dynamic && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP)
2843 		bss->static_ap = 1;
2844 
2845 	if (first &&
2846 	    nl80211_get_ifmode(bss) != NL80211_IFTYPE_P2P_DEVICE &&
2847 	    linux_iface_up(drv->global->ioctl_sock, bss->ifname) > 0)
2848 		drv->start_iface_up = 1;
2849 
2850 	if (wpa_driver_nl80211_capa(drv))
2851 		return -1;
2852 
2853 	if (driver_params && nl80211_set_param(bss, driver_params) < 0)
2854 		return -1;
2855 
2856 	wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
2857 		   bss->ifname, drv->phyname);
2858 
2859 	if (set_addr &&
2860 	    (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) ||
2861 	     linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
2862 				set_addr)))
2863 		return -1;
2864 
2865 	if (first && nl80211_get_ifmode(bss) == NL80211_IFTYPE_STATION)
2866 		drv->start_mode_sta = 1;
2867 
2868 	if (drv->hostapd || bss->static_ap)
2869 		nlmode = NL80211_IFTYPE_AP;
2870 	else if (bss->if_dynamic ||
2871 		 nl80211_get_ifmode(bss) == NL80211_IFTYPE_MESH_POINT)
2872 		nlmode = nl80211_get_ifmode(bss);
2873 	else
2874 		nlmode = NL80211_IFTYPE_STATION;
2875 
2876 	if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) {
2877 		wpa_printf(MSG_ERROR, "nl80211: Could not configure driver mode");
2878 		return -1;
2879 	}
2880 
2881 	if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
2882 		nl80211_get_macaddr(bss);
2883 
2884 	wpa_driver_nl80211_drv_init_rfkill(drv);
2885 
2886 	if (!rfkill_is_blocked(drv->rfkill)) {
2887 		int ret = i802_set_iface_flags(bss, 1);
2888 		if (ret) {
2889 			wpa_printf(MSG_ERROR, "nl80211: Could not set "
2890 				   "interface '%s' UP", bss->ifname);
2891 			return ret;
2892 		}
2893 
2894 		if (is_p2p_net_interface(nlmode))
2895 			nl80211_disable_11b_rates(bss->drv,
2896 						  bss->drv->ifindex, 1);
2897 
2898 		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
2899 			return ret;
2900 	} else {
2901 		wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
2902 			   "interface '%s' due to rfkill", bss->ifname);
2903 		if (nlmode != NL80211_IFTYPE_P2P_DEVICE)
2904 			drv->if_disabled = 1;
2905 
2906 		send_rfkill_event = 1;
2907 	}
2908 
2909 	if (!drv->hostapd && nlmode != NL80211_IFTYPE_P2P_DEVICE)
2910 		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
2911 				       1, IF_OPER_DORMANT);
2912 
2913 	if (nlmode != NL80211_IFTYPE_P2P_DEVICE) {
2914 		if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
2915 				       bss->addr))
2916 			return -1;
2917 		os_memcpy(drv->perm_addr, bss->addr, ETH_ALEN);
2918 	}
2919 
2920 	if (send_rfkill_event) {
2921 		eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
2922 				       drv, drv->ctx);
2923 	}
2924 
2925 	if (drv->vendor_cmd_test_avail)
2926 		qca_vendor_test(drv);
2927 
2928 	return 0;
2929 }
2930 
2931 
2932 static int wpa_driver_nl80211_del_beacon(struct i802_bss *bss)
2933 {
2934 	struct nl_msg *msg;
2935 	struct wpa_driver_nl80211_data *drv = bss->drv;
2936 
2937 	wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
2938 		   drv->ifindex);
2939 	nl80211_put_wiphy_data_ap(bss);
2940 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON);
2941 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
2942 }
2943 
2944 
2945 /**
2946  * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
2947  * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init()
2948  *
2949  * Shut down driver interface and processing of driver events. Free
2950  * private data buffer if one was allocated in wpa_driver_nl80211_init().
2951  */
2952 static void wpa_driver_nl80211_deinit(struct i802_bss *bss)
2953 {
2954 	struct wpa_driver_nl80211_data *drv = bss->drv;
2955 	unsigned int i;
2956 
2957 	wpa_printf(MSG_INFO, "nl80211: deinit ifname=%s disabled_11b_rates=%d",
2958 		   bss->ifname, drv->disabled_11b_rates);
2959 
2960 	bss->in_deinit = 1;
2961 	if (drv->data_tx_status)
2962 		eloop_unregister_read_sock(drv->eapol_tx_sock);
2963 	if (drv->eapol_tx_sock >= 0)
2964 		close(drv->eapol_tx_sock);
2965 
2966 	if (bss->nl_preq)
2967 		wpa_driver_nl80211_probe_req_report(bss, 0);
2968 	if (bss->added_if_into_bridge) {
2969 		if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
2970 				    bss->ifname) < 0)
2971 			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
2972 				   "interface %s from bridge %s: %s",
2973 				   bss->ifname, bss->brname, strerror(errno));
2974 	}
2975 
2976 	if (drv->rtnl_sk)
2977 		nl_socket_free(drv->rtnl_sk);
2978 
2979 	if (bss->added_bridge) {
2980 		if (linux_set_iface_flags(drv->global->ioctl_sock, bss->brname,
2981 					  0) < 0)
2982 			wpa_printf(MSG_INFO,
2983 				   "nl80211: Could not set bridge %s down",
2984 				   bss->brname);
2985 		if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
2986 			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
2987 				   "bridge %s: %s",
2988 				   bss->brname, strerror(errno));
2989 	}
2990 
2991 	nl80211_remove_monitor_interface(drv);
2992 
2993 	if (is_ap_interface(drv->nlmode))
2994 		wpa_driver_nl80211_del_beacon(bss);
2995 
2996 	if (drv->eapol_sock >= 0) {
2997 		eloop_unregister_read_sock(drv->eapol_sock);
2998 		close(drv->eapol_sock);
2999 	}
3000 
3001 	if (drv->if_indices != drv->default_if_indices)
3002 		os_free(drv->if_indices);
3003 
3004 	if (drv->disabled_11b_rates)
3005 		nl80211_disable_11b_rates(drv, drv->ifindex, 0);
3006 
3007 	netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0,
3008 			       IF_OPER_UP);
3009 	eloop_cancel_timeout(wpa_driver_nl80211_send_rfkill, drv, drv->ctx);
3010 	rfkill_deinit(drv->rfkill);
3011 
3012 	eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
3013 
3014 	if (!drv->start_iface_up)
3015 		(void) i802_set_iface_flags(bss, 0);
3016 
3017 	if (drv->addr_changed) {
3018 		if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname,
3019 					  0) < 0) {
3020 			wpa_printf(MSG_DEBUG,
3021 				   "nl80211: Could not set interface down to restore permanent MAC address");
3022 		}
3023 		if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
3024 				       drv->perm_addr) < 0) {
3025 			wpa_printf(MSG_DEBUG,
3026 				   "nl80211: Could not restore permanent MAC address");
3027 		}
3028 	}
3029 
3030 	if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) {
3031 		if (drv->start_mode_sta)
3032 			wpa_driver_nl80211_set_mode(bss,
3033 						    NL80211_IFTYPE_STATION);
3034 		nl80211_mgmt_unsubscribe(bss, "deinit");
3035 	} else {
3036 		nl80211_mgmt_unsubscribe(bss, "deinit");
3037 		nl80211_del_p2pdev(bss);
3038 	}
3039 
3040 	nl80211_destroy_bss(drv->first_bss);
3041 
3042 	os_free(drv->filter_ssids);
3043 
3044 	os_free(drv->auth_ie);
3045 	os_free(drv->auth_data);
3046 
3047 	if (drv->in_interface_list)
3048 		dl_list_del(&drv->list);
3049 
3050 	os_free(drv->extended_capa);
3051 	os_free(drv->extended_capa_mask);
3052 	for (i = 0; i < drv->num_iface_ext_capa; i++) {
3053 		os_free(drv->iface_ext_capa[i].ext_capa);
3054 		os_free(drv->iface_ext_capa[i].ext_capa_mask);
3055 	}
3056 	os_free(drv->first_bss);
3057 #ifdef CONFIG_DRIVER_NL80211_QCA
3058 	os_free(drv->pending_roam_data);
3059 #endif /* CONFIG_DRIVER_NL80211_QCA */
3060 	os_free(drv);
3061 }
3062 
3063 
3064 static u32 wpa_alg_to_cipher_suite(enum wpa_alg alg, size_t key_len)
3065 {
3066 	switch (alg) {
3067 	case WPA_ALG_WEP:
3068 		if (key_len == 5)
3069 			return RSN_CIPHER_SUITE_WEP40;
3070 		return RSN_CIPHER_SUITE_WEP104;
3071 	case WPA_ALG_TKIP:
3072 		return RSN_CIPHER_SUITE_TKIP;
3073 	case WPA_ALG_CCMP:
3074 		return RSN_CIPHER_SUITE_CCMP;
3075 	case WPA_ALG_GCMP:
3076 		return RSN_CIPHER_SUITE_GCMP;
3077 	case WPA_ALG_CCMP_256:
3078 		return RSN_CIPHER_SUITE_CCMP_256;
3079 	case WPA_ALG_GCMP_256:
3080 		return RSN_CIPHER_SUITE_GCMP_256;
3081 	case WPA_ALG_BIP_CMAC_128:
3082 		return RSN_CIPHER_SUITE_AES_128_CMAC;
3083 	case WPA_ALG_BIP_GMAC_128:
3084 		return RSN_CIPHER_SUITE_BIP_GMAC_128;
3085 	case WPA_ALG_BIP_GMAC_256:
3086 		return RSN_CIPHER_SUITE_BIP_GMAC_256;
3087 	case WPA_ALG_BIP_CMAC_256:
3088 		return RSN_CIPHER_SUITE_BIP_CMAC_256;
3089 	case WPA_ALG_SMS4:
3090 		return RSN_CIPHER_SUITE_SMS4;
3091 	case WPA_ALG_KRK:
3092 		return RSN_CIPHER_SUITE_KRK;
3093 	case WPA_ALG_NONE:
3094 		wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm %d",
3095 			   alg);
3096 		return 0;
3097 	}
3098 
3099 	wpa_printf(MSG_ERROR, "nl80211: Unsupported encryption algorithm %d",
3100 		   alg);
3101 	return 0;
3102 }
3103 
3104 
3105 static u32 wpa_cipher_to_cipher_suite(unsigned int cipher)
3106 {
3107 	switch (cipher) {
3108 	case WPA_CIPHER_CCMP_256:
3109 		return RSN_CIPHER_SUITE_CCMP_256;
3110 	case WPA_CIPHER_GCMP_256:
3111 		return RSN_CIPHER_SUITE_GCMP_256;
3112 	case WPA_CIPHER_CCMP:
3113 		return RSN_CIPHER_SUITE_CCMP;
3114 	case WPA_CIPHER_GCMP:
3115 		return RSN_CIPHER_SUITE_GCMP;
3116 	case WPA_CIPHER_TKIP:
3117 		return RSN_CIPHER_SUITE_TKIP;
3118 	case WPA_CIPHER_WEP104:
3119 		return RSN_CIPHER_SUITE_WEP104;
3120 	case WPA_CIPHER_WEP40:
3121 		return RSN_CIPHER_SUITE_WEP40;
3122 	case WPA_CIPHER_GTK_NOT_USED:
3123 		return RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED;
3124 	}
3125 
3126 	return 0;
3127 }
3128 
3129 
3130 static int wpa_cipher_to_cipher_suites(unsigned int ciphers, u32 suites[],
3131 				       int max_suites)
3132 {
3133 	int num_suites = 0;
3134 
3135 	if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP_256)
3136 		suites[num_suites++] = RSN_CIPHER_SUITE_CCMP_256;
3137 	if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP_256)
3138 		suites[num_suites++] = RSN_CIPHER_SUITE_GCMP_256;
3139 	if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP)
3140 		suites[num_suites++] = RSN_CIPHER_SUITE_CCMP;
3141 	if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP)
3142 		suites[num_suites++] = RSN_CIPHER_SUITE_GCMP;
3143 	if (num_suites < max_suites && ciphers & WPA_CIPHER_TKIP)
3144 		suites[num_suites++] = RSN_CIPHER_SUITE_TKIP;
3145 	if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP104)
3146 		suites[num_suites++] = RSN_CIPHER_SUITE_WEP104;
3147 	if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP40)
3148 		suites[num_suites++] = RSN_CIPHER_SUITE_WEP40;
3149 
3150 	return num_suites;
3151 }
3152 
3153 
3154 static int wpa_key_mgmt_to_suites(unsigned int key_mgmt_suites, u32 suites[],
3155 				  int max_suites)
3156 {
3157 	int num_suites = 0;
3158 
3159 #define __AKM(a, b) \
3160 	if (num_suites < max_suites && \
3161 	    (key_mgmt_suites & (WPA_KEY_MGMT_ ## a))) \
3162 		suites[num_suites++] = (RSN_AUTH_KEY_MGMT_ ## b)
3163 	__AKM(IEEE8021X, UNSPEC_802_1X);
3164 	__AKM(PSK, PSK_OVER_802_1X);
3165 	__AKM(FT_IEEE8021X, FT_802_1X);
3166 	__AKM(FT_PSK, FT_PSK);
3167 	__AKM(IEEE8021X_SHA256, 802_1X_SHA256);
3168 	__AKM(PSK_SHA256, PSK_SHA256);
3169 	__AKM(SAE, SAE);
3170 	__AKM(FT_SAE, FT_SAE);
3171 	__AKM(CCKM, CCKM);
3172 	__AKM(OSEN, OSEN);
3173 	__AKM(IEEE8021X_SUITE_B, 802_1X_SUITE_B);
3174 	__AKM(IEEE8021X_SUITE_B_192, 802_1X_SUITE_B_192);
3175 	__AKM(FILS_SHA256, FILS_SHA256);
3176 	__AKM(FILS_SHA384, FILS_SHA384);
3177 	__AKM(FT_FILS_SHA256, FT_FILS_SHA256);
3178 	__AKM(FT_FILS_SHA384, FT_FILS_SHA384);
3179 	__AKM(OWE, OWE);
3180 	__AKM(DPP, DPP);
3181 	__AKM(FT_IEEE8021X_SHA384, FT_802_1X_SHA384);
3182 #undef __AKM
3183 
3184 	return num_suites;
3185 }
3186 
3187 
3188 #ifdef CONFIG_DRIVER_NL80211_QCA
3189 static int issue_key_mgmt_set_key(struct wpa_driver_nl80211_data *drv,
3190 				  const u8 *key, size_t key_len)
3191 {
3192 	struct nl_msg *msg;
3193 	int ret;
3194 
3195 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD))
3196 		return 0;
3197 
3198 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
3199 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
3200 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
3201 			QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_SET_KEY) ||
3202 	    nla_put(msg, NL80211_ATTR_VENDOR_DATA, key_len, key)) {
3203 		nl80211_nlmsg_clear(msg);
3204 		nlmsg_free(msg);
3205 		return -1;
3206 	}
3207 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
3208 	if (ret) {
3209 		wpa_printf(MSG_DEBUG,
3210 			   "nl80211: Key management set key failed: ret=%d (%s)",
3211 			   ret, strerror(-ret));
3212 	}
3213 
3214 	return ret;
3215 }
3216 #endif /* CONFIG_DRIVER_NL80211_QCA */
3217 
3218 
3219 static int nl80211_set_pmk(struct wpa_driver_nl80211_data *drv,
3220 			   const u8 *key, size_t key_len,
3221 			   const u8 *addr)
3222 {
3223 	struct nl_msg *msg = NULL;
3224 	int ret;
3225 
3226 	/*
3227 	 * If the authenticator address is not set, assume it is
3228 	 * the current BSSID.
3229 	 */
3230 	if (!addr && drv->associated)
3231 		addr = drv->bssid;
3232 	else if (!addr)
3233 		return -1;
3234 
3235 	wpa_printf(MSG_DEBUG, "nl80211: Set PMK to the driver for " MACSTR,
3236 		   MAC2STR(addr));
3237 	wpa_hexdump_key(MSG_DEBUG, "nl80211: PMK", key, key_len);
3238 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_PMK);
3239 	if (!msg ||
3240 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
3241 	    nla_put(msg, NL80211_ATTR_PMK, key_len, key)) {
3242 		nl80211_nlmsg_clear(msg);
3243 		nlmsg_free(msg);
3244 		return -ENOBUFS;
3245 	}
3246 
3247 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
3248 	if (ret) {
3249 		wpa_printf(MSG_DEBUG, "nl80211: Set PMK failed: ret=%d (%s)",
3250 			   ret, strerror(-ret));
3251 	}
3252 
3253 	return ret;
3254 }
3255 
3256 
3257 static int wpa_driver_nl80211_set_key(struct i802_bss *bss,
3258 				      struct wpa_driver_set_key_params *params)
3259 {
3260 	struct wpa_driver_nl80211_data *drv = bss->drv;
3261 	int ifindex;
3262 	struct nl_msg *msg;
3263 	struct nl_msg *key_msg;
3264 	int ret;
3265 	int skip_set_key = 1;
3266 	const char *ifname = params->ifname;
3267 	enum wpa_alg alg = params->alg;
3268 	const u8 *addr = params->addr;
3269 	int key_idx = params->key_idx;
3270 	int set_tx = params->set_tx;
3271 	const u8 *seq = params->seq;
3272 	size_t seq_len = params->seq_len;
3273 	const u8 *key = params->key;
3274 	size_t key_len = params->key_len;
3275 	int vlan_id = params->vlan_id;
3276 	enum key_flag key_flag = params->key_flag;
3277 
3278 	/* Ignore for P2P Device */
3279 	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
3280 		return 0;
3281 
3282 	ifindex = if_nametoindex(ifname);
3283 	wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d "
3284 		   "set_tx=%d seq_len=%lu key_len=%lu key_flag=0x%x",
3285 		   __func__, ifindex, ifname, alg, addr, key_idx, set_tx,
3286 		   (unsigned long) seq_len, (unsigned long) key_len, key_flag);
3287 
3288 	if (check_key_flag(key_flag)) {
3289 		wpa_printf(MSG_DEBUG, "%s: invalid key_flag", __func__);
3290 		return -EINVAL;
3291 	}
3292 
3293 #ifdef CONFIG_DRIVER_NL80211_QCA
3294 	if ((key_flag & KEY_FLAG_PMK) &&
3295 	    (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
3296 		wpa_printf(MSG_DEBUG, "%s: calling issue_key_mgmt_set_key",
3297 			   __func__);
3298 		ret = issue_key_mgmt_set_key(drv, key, key_len);
3299 		return ret;
3300 	}
3301 #endif /* CONFIG_DRIVER_NL80211_QCA */
3302 
3303 	if (key_flag & KEY_FLAG_PMK) {
3304 		if (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)
3305 			return nl80211_set_pmk(drv, key, key_len, addr);
3306 		/* The driver does not have any offload mechanism for PMK, so
3307 		 * there is no need to configure this key. */
3308 		return 0;
3309 	}
3310 
3311 	ret = -ENOBUFS;
3312 	key_msg = nlmsg_alloc();
3313 	if (!key_msg)
3314 		return ret;
3315 
3316 	if ((key_flag & KEY_FLAG_PAIRWISE_MASK) ==
3317 	    KEY_FLAG_PAIRWISE_RX_TX_MODIFY) {
3318 		wpa_printf(MSG_DEBUG,
3319 			   "nl80211: SET_KEY (pairwise RX/TX modify)");
3320 		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_SET_KEY);
3321 		if (!msg)
3322 			goto fail2;
3323 	} else if (alg == WPA_ALG_NONE && (key_flag & KEY_FLAG_RX_TX)) {
3324 		wpa_printf(MSG_DEBUG, "%s: invalid key_flag to delete key",
3325 			   __func__);
3326 		ret = -EINVAL;
3327 		goto fail2;
3328 	} else if (alg == WPA_ALG_NONE) {
3329 		wpa_printf(MSG_DEBUG, "nl80211: DEL_KEY");
3330 		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_DEL_KEY);
3331 		if (!msg)
3332 			goto fail2;
3333 	} else {
3334 		u32 suite;
3335 
3336 		suite = wpa_alg_to_cipher_suite(alg, key_len);
3337 		if (!suite) {
3338 			ret = -EINVAL;
3339 			goto fail2;
3340 		}
3341 		wpa_printf(MSG_DEBUG, "nl80211: NEW_KEY");
3342 		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_NEW_KEY);
3343 		if (!msg)
3344 			goto fail2;
3345 		if (nla_put(key_msg, NL80211_KEY_DATA, key_len, key) ||
3346 		    nla_put_u32(key_msg, NL80211_KEY_CIPHER, suite))
3347 			goto fail;
3348 		wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len);
3349 
3350 		if (seq && seq_len) {
3351 			if (nla_put(key_msg, NL80211_KEY_SEQ, seq_len, seq))
3352 				goto fail;
3353 			wpa_hexdump(MSG_DEBUG, "nl80211: KEY_SEQ",
3354 				    seq, seq_len);
3355 		}
3356 	}
3357 
3358 	if (addr && !is_broadcast_ether_addr(addr)) {
3359 		wpa_printf(MSG_DEBUG, "   addr=" MACSTR, MAC2STR(addr));
3360 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
3361 			goto fail;
3362 
3363 		if ((key_flag & KEY_FLAG_PAIRWISE_MASK) ==
3364 		    KEY_FLAG_PAIRWISE_RX ||
3365 		    (key_flag & KEY_FLAG_PAIRWISE_MASK) ==
3366 		    KEY_FLAG_PAIRWISE_RX_TX_MODIFY) {
3367 			if (nla_put_u8(key_msg, NL80211_KEY_MODE,
3368 				       key_flag == KEY_FLAG_PAIRWISE_RX ?
3369 				       NL80211_KEY_NO_TX : NL80211_KEY_SET_TX))
3370 				goto fail;
3371 		} else if ((key_flag & KEY_FLAG_GROUP_MASK) ==
3372 			   KEY_FLAG_GROUP_RX) {
3373 			wpa_printf(MSG_DEBUG, "   RSN IBSS RX GTK");
3374 			if (nla_put_u32(key_msg, NL80211_KEY_TYPE,
3375 					NL80211_KEYTYPE_GROUP))
3376 				goto fail;
3377 		} else if (!(key_flag & KEY_FLAG_PAIRWISE)) {
3378 			wpa_printf(MSG_DEBUG,
3379 				   "   key_flag missing PAIRWISE when setting a pairwise key");
3380 			ret = -EINVAL;
3381 			goto fail;
3382 		} else if (alg == WPA_ALG_WEP &&
3383 			   (key_flag & KEY_FLAG_RX_TX) == KEY_FLAG_RX_TX) {
3384 			wpa_printf(MSG_DEBUG, "   unicast WEP key");
3385 			skip_set_key = 0;
3386 		} else {
3387 			wpa_printf(MSG_DEBUG, "   pairwise key");
3388 		}
3389 	} else if ((key_flag & KEY_FLAG_PAIRWISE) ||
3390 		   !(key_flag & KEY_FLAG_GROUP)) {
3391 		wpa_printf(MSG_DEBUG,
3392 			   "   invalid key_flag for a broadcast key");
3393 		ret = -EINVAL;
3394 		goto fail;
3395 	} else {
3396 		wpa_printf(MSG_DEBUG, "   broadcast key");
3397 		if (key_flag & KEY_FLAG_DEFAULT)
3398 			skip_set_key = 0;
3399 	}
3400 	if (nla_put_u8(key_msg, NL80211_KEY_IDX, key_idx) ||
3401 	    nla_put_nested(msg, NL80211_ATTR_KEY, key_msg))
3402 		goto fail;
3403 	nl80211_nlmsg_clear(key_msg);
3404 	nlmsg_free(key_msg);
3405 	key_msg = NULL;
3406 
3407 	if (vlan_id && (drv->capa.flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
3408 		wpa_printf(MSG_DEBUG, "nl80211: VLAN ID %d", vlan_id);
3409 		if (nla_put_u16(msg, NL80211_ATTR_VLAN_ID, vlan_id))
3410 			goto fail;
3411 	}
3412 
3413 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
3414 	if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
3415 		ret = 0;
3416 	if (ret)
3417 		wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s",
3418 			   ret, strerror(-ret));
3419 
3420 	/*
3421 	 * If we failed or don't need to set the key as default (below),
3422 	 * we're done here.
3423 	 */
3424 	if (ret || skip_set_key)
3425 		return ret;
3426 	wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_SET_KEY - default key");
3427 
3428 	ret = -ENOBUFS;
3429 	key_msg = nlmsg_alloc();
3430 	if (!key_msg)
3431 		return ret;
3432 
3433 	msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_SET_KEY);
3434 	if (!msg)
3435 		goto fail2;
3436 	if (!key_msg ||
3437 	    nla_put_u8(key_msg, NL80211_KEY_IDX, key_idx) ||
3438 	    nla_put_flag(key_msg, wpa_alg_bip(alg) ?
3439 			 (key_idx == 6 || key_idx == 7 ?
3440 			  NL80211_KEY_DEFAULT_BEACON :
3441 			  NL80211_KEY_DEFAULT_MGMT) :
3442 			 NL80211_KEY_DEFAULT))
3443 		goto fail;
3444 	if (addr && is_broadcast_ether_addr(addr)) {
3445 		struct nlattr *types;
3446 
3447 		types = nla_nest_start(key_msg, NL80211_KEY_DEFAULT_TYPES);
3448 		if (!types ||
3449 		    nla_put_flag(key_msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST))
3450 			goto fail;
3451 		nla_nest_end(key_msg, types);
3452 	} else if (addr) {
3453 		struct nlattr *types;
3454 
3455 		types = nla_nest_start(key_msg, NL80211_KEY_DEFAULT_TYPES);
3456 		if (!types ||
3457 		    nla_put_flag(key_msg, NL80211_KEY_DEFAULT_TYPE_UNICAST))
3458 			goto fail;
3459 		nla_nest_end(key_msg, types);
3460 	}
3461 
3462 	if (nla_put_nested(msg, NL80211_ATTR_KEY, key_msg))
3463 		goto fail;
3464 	nl80211_nlmsg_clear(key_msg);
3465 	nlmsg_free(key_msg);
3466 	key_msg = NULL;
3467 
3468 	if (vlan_id && (drv->capa.flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
3469 		wpa_printf(MSG_DEBUG, "nl80211: set_key default - VLAN ID %d",
3470 			   vlan_id);
3471 		if (nla_put_u16(msg, NL80211_ATTR_VLAN_ID, vlan_id))
3472 			goto fail;
3473 	}
3474 
3475 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
3476 	if (ret)
3477 		wpa_printf(MSG_DEBUG,
3478 			   "nl80211: set_key default failed; err=%d %s",
3479 			   ret, strerror(-ret));
3480 	return ret;
3481 
3482 fail:
3483 	nl80211_nlmsg_clear(msg);
3484 	nlmsg_free(msg);
3485 fail2:
3486 	nl80211_nlmsg_clear(key_msg);
3487 	nlmsg_free(key_msg);
3488 	return ret;
3489 }
3490 
3491 
3492 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
3493 		      int key_idx, int defkey,
3494 		      const u8 *seq, size_t seq_len,
3495 		      const u8 *key, size_t key_len)
3496 {
3497 	struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
3498 	u32 suite;
3499 
3500 	if (!key_attr)
3501 		return -1;
3502 
3503 	suite = wpa_alg_to_cipher_suite(alg, key_len);
3504 	if (!suite)
3505 		return -1;
3506 
3507 	if (defkey && wpa_alg_bip(alg)) {
3508 		if (nla_put_flag(msg, NL80211_KEY_DEFAULT_MGMT))
3509 			return -1;
3510 	} else if (defkey) {
3511 		if (nla_put_flag(msg, NL80211_KEY_DEFAULT))
3512 			return -1;
3513 	}
3514 
3515 	if (nla_put_u8(msg, NL80211_KEY_IDX, key_idx) ||
3516 	    nla_put_u32(msg, NL80211_KEY_CIPHER, suite) ||
3517 	    (seq && seq_len &&
3518 	     nla_put(msg, NL80211_KEY_SEQ, seq_len, seq)) ||
3519 	    nla_put(msg, NL80211_KEY_DATA, key_len, key))
3520 		return -1;
3521 
3522 	nla_nest_end(msg, key_attr);
3523 
3524 	return 0;
3525 }
3526 
3527 
3528 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
3529 				 struct nl_msg *msg)
3530 {
3531 	int i, privacy = 0;
3532 	struct nlattr *nl_keys, *nl_key;
3533 
3534 	for (i = 0; i < 4; i++) {
3535 		if (!params->wep_key[i])
3536 			continue;
3537 		privacy = 1;
3538 		break;
3539 	}
3540 	if (params->wps == WPS_MODE_PRIVACY)
3541 		privacy = 1;
3542 	if (params->pairwise_suite &&
3543 	    params->pairwise_suite != WPA_CIPHER_NONE)
3544 		privacy = 1;
3545 
3546 	if (!privacy)
3547 		return 0;
3548 
3549 	if (nla_put_flag(msg, NL80211_ATTR_PRIVACY))
3550 		return -ENOBUFS;
3551 
3552 	nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
3553 	if (!nl_keys)
3554 		return -ENOBUFS;
3555 
3556 	for (i = 0; i < 4; i++) {
3557 		if (!params->wep_key[i])
3558 			continue;
3559 
3560 		nl_key = nla_nest_start(msg, i);
3561 		if (!nl_key ||
3562 		    nla_put(msg, NL80211_KEY_DATA, params->wep_key_len[i],
3563 			    params->wep_key[i]) ||
3564 		    nla_put_u32(msg, NL80211_KEY_CIPHER,
3565 				params->wep_key_len[i] == 5 ?
3566 				RSN_CIPHER_SUITE_WEP40 :
3567 				RSN_CIPHER_SUITE_WEP104) ||
3568 		    nla_put_u8(msg, NL80211_KEY_IDX, i) ||
3569 		    (i == params->wep_tx_keyidx &&
3570 		     nla_put_flag(msg, NL80211_KEY_DEFAULT)))
3571 			return -ENOBUFS;
3572 
3573 		nla_nest_end(msg, nl_key);
3574 	}
3575 	nla_nest_end(msg, nl_keys);
3576 
3577 	return 0;
3578 }
3579 
3580 
3581 int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
3582 			    const u8 *addr, int cmd, u16 reason_code,
3583 			    int local_state_change,
3584 			    struct i802_bss *bss)
3585 {
3586 	int ret;
3587 	struct nl_msg *msg;
3588 	struct nl_sock *nl_connect = get_connect_handle(bss);
3589 
3590 	if (!(msg = nl80211_drv_msg(drv, 0, cmd)) ||
3591 	    nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code) ||
3592 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
3593 	    (local_state_change &&
3594 	     nla_put_flag(msg, NL80211_ATTR_LOCAL_STATE_CHANGE))) {
3595 		nlmsg_free(msg);
3596 		return -1;
3597 	}
3598 
3599 	if (nl_connect)
3600 		ret = send_and_recv(drv->global, nl_connect, msg,
3601 				    process_bss_event, bss, NULL, NULL);
3602 	else
3603 		ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
3604 	if (ret) {
3605 		wpa_dbg(drv->ctx, MSG_DEBUG,
3606 			"nl80211: MLME command failed: reason=%u ret=%d (%s)",
3607 			reason_code, ret, strerror(-ret));
3608 	}
3609 	return ret;
3610 }
3611 
3612 
3613 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
3614 					 u16 reason_code,
3615 					 struct i802_bss *bss)
3616 {
3617 	int ret;
3618 	int drv_associated = drv->associated;
3619 
3620 	wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code);
3621 	nl80211_mark_disconnected(drv);
3622 	/* Disconnect command doesn't need BSSID - it uses cached value */
3623 	ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT,
3624 				      reason_code, 0, bss);
3625 	/*
3626 	 * For locally generated disconnect, supplicant already generates a
3627 	 * DEAUTH event, so ignore the event from NL80211.
3628 	 */
3629 	drv->ignore_next_local_disconnect = drv_associated && (ret == 0);
3630 
3631 	return ret;
3632 }
3633 
3634 
3635 static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss,
3636 					     const u8 *addr, u16 reason_code)
3637 {
3638 	struct wpa_driver_nl80211_data *drv = bss->drv;
3639 	int ret;
3640 	int drv_associated = drv->associated;
3641 
3642 	if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
3643 		nl80211_mark_disconnected(drv);
3644 		return nl80211_leave_ibss(drv, 1);
3645 	}
3646 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
3647 		return wpa_driver_nl80211_disconnect(drv, reason_code, bss);
3648 	}
3649 	wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
3650 		   __func__, MAC2STR(addr), reason_code);
3651 	nl80211_mark_disconnected(drv);
3652 	ret = wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
3653 				      reason_code, 0, bss);
3654 	/*
3655 	 * For locally generated deauthenticate, supplicant already generates a
3656 	 * DEAUTH event, so ignore the event from NL80211.
3657 	 */
3658 	drv->ignore_next_local_deauth = drv_associated && (ret == 0);
3659 
3660 	return ret;
3661 }
3662 
3663 
3664 static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv,
3665 				     struct wpa_driver_auth_params *params)
3666 {
3667 	int i;
3668 
3669 	drv->auth_freq = params->freq;
3670 	drv->auth_alg = params->auth_alg;
3671 	drv->auth_wep_tx_keyidx = params->wep_tx_keyidx;
3672 	drv->auth_local_state_change = params->local_state_change;
3673 	drv->auth_p2p = params->p2p;
3674 
3675 	if (params->bssid)
3676 		os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN);
3677 	else
3678 		os_memset(drv->auth_bssid_, 0, ETH_ALEN);
3679 
3680 	if (params->ssid) {
3681 		os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len);
3682 		drv->auth_ssid_len = params->ssid_len;
3683 	} else
3684 		drv->auth_ssid_len = 0;
3685 
3686 
3687 	os_free(drv->auth_ie);
3688 	drv->auth_ie = NULL;
3689 	drv->auth_ie_len = 0;
3690 	if (params->ie) {
3691 		drv->auth_ie = os_malloc(params->ie_len);
3692 		if (drv->auth_ie) {
3693 			os_memcpy(drv->auth_ie, params->ie, params->ie_len);
3694 			drv->auth_ie_len = params->ie_len;
3695 		}
3696 	}
3697 
3698 	os_free(drv->auth_data);
3699 	drv->auth_data = NULL;
3700 	drv->auth_data_len = 0;
3701 	if (params->auth_data) {
3702 		drv->auth_data = os_memdup(params->auth_data,
3703 					   params->auth_data_len);
3704 		if (drv->auth_data)
3705 			drv->auth_data_len = params->auth_data_len;
3706 	}
3707 
3708 	for (i = 0; i < 4; i++) {
3709 		if (params->wep_key[i] && params->wep_key_len[i] &&
3710 		    params->wep_key_len[i] <= 16) {
3711 			os_memcpy(drv->auth_wep_key[i], params->wep_key[i],
3712 				  params->wep_key_len[i]);
3713 			drv->auth_wep_key_len[i] = params->wep_key_len[i];
3714 		} else
3715 			drv->auth_wep_key_len[i] = 0;
3716 	}
3717 }
3718 
3719 
3720 static void nl80211_unmask_11b_rates(struct i802_bss *bss)
3721 {
3722 	struct wpa_driver_nl80211_data *drv = bss->drv;
3723 
3724 	if (is_p2p_net_interface(drv->nlmode) || !drv->disabled_11b_rates)
3725 		return;
3726 
3727 	/*
3728 	 * Looks like we failed to unmask 11b rates previously. This could
3729 	 * happen, e.g., if the interface was down at the point in time when a
3730 	 * P2P group was terminated.
3731 	 */
3732 	wpa_printf(MSG_DEBUG,
3733 		   "nl80211: Interface %s mode is for non-P2P, but 11b rates were disabled - re-enable them",
3734 		   bss->ifname);
3735 	nl80211_disable_11b_rates(drv, drv->ifindex, 0);
3736 }
3737 
3738 
3739 static enum nl80211_auth_type get_nl_auth_type(int wpa_auth_alg)
3740 {
3741 	if (wpa_auth_alg & WPA_AUTH_ALG_OPEN)
3742 		return NL80211_AUTHTYPE_OPEN_SYSTEM;
3743 	if (wpa_auth_alg & WPA_AUTH_ALG_SHARED)
3744 		return NL80211_AUTHTYPE_SHARED_KEY;
3745 	if (wpa_auth_alg & WPA_AUTH_ALG_LEAP)
3746 		return NL80211_AUTHTYPE_NETWORK_EAP;
3747 	if (wpa_auth_alg & WPA_AUTH_ALG_FT)
3748 		return NL80211_AUTHTYPE_FT;
3749 	if (wpa_auth_alg & WPA_AUTH_ALG_SAE)
3750 		return NL80211_AUTHTYPE_SAE;
3751 	if (wpa_auth_alg & WPA_AUTH_ALG_FILS)
3752 		return NL80211_AUTHTYPE_FILS_SK;
3753 	if (wpa_auth_alg & WPA_AUTH_ALG_FILS_SK_PFS)
3754 		return NL80211_AUTHTYPE_FILS_SK_PFS;
3755 
3756 	return NL80211_AUTHTYPE_MAX;
3757 }
3758 
3759 
3760 static int wpa_driver_nl80211_authenticate(
3761 	struct i802_bss *bss, struct wpa_driver_auth_params *params)
3762 {
3763 	struct wpa_driver_nl80211_data *drv = bss->drv;
3764 	int ret = -1, i;
3765 	struct nl_msg *msg;
3766 	enum nl80211_auth_type type;
3767 	enum nl80211_iftype nlmode;
3768 	int count = 0;
3769 	int is_retry;
3770 	struct wpa_driver_set_key_params p;
3771 
3772 	nl80211_unmask_11b_rates(bss);
3773 
3774 	is_retry = drv->retry_auth;
3775 	drv->retry_auth = 0;
3776 	drv->ignore_deauth_event = 0;
3777 
3778 	nl80211_mark_disconnected(drv);
3779 	os_memset(drv->auth_bssid, 0, ETH_ALEN);
3780 	if (params->bssid)
3781 		os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN);
3782 	else
3783 		os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
3784 	/* FIX: IBSS mode */
3785 	nlmode = params->p2p ?
3786 		NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
3787 	if (drv->nlmode != nlmode &&
3788 	    wpa_driver_nl80211_set_mode(bss, nlmode) < 0)
3789 		return -1;
3790 
3791 retry:
3792 	wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
3793 		   drv->ifindex);
3794 
3795 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_AUTHENTICATE);
3796 	if (!msg)
3797 		goto fail;
3798 
3799 	os_memset(&p, 0, sizeof(p));
3800 	p.ifname = bss->ifname;
3801 	p.alg = WPA_ALG_WEP;
3802 	for (i = 0; i < 4; i++) {
3803 		if (!params->wep_key[i])
3804 			continue;
3805 		p.key_idx = i;
3806 		p.set_tx = i == params->wep_tx_keyidx;
3807 		p.key = params->wep_key[i];
3808 		p.key_len = params->wep_key_len[i];
3809 		p.key_flag = i == params->wep_tx_keyidx ?
3810 			KEY_FLAG_GROUP_RX_TX_DEFAULT :
3811 			KEY_FLAG_GROUP_RX_TX;
3812 		wpa_driver_nl80211_set_key(bss, &p);
3813 		if (params->wep_tx_keyidx != i)
3814 			continue;
3815 		if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
3816 			       params->wep_key[i], params->wep_key_len[i]))
3817 			goto fail;
3818 	}
3819 
3820 	if (params->bssid) {
3821 		wpa_printf(MSG_DEBUG, "  * bssid=" MACSTR,
3822 			   MAC2STR(params->bssid));
3823 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
3824 			goto fail;
3825 	}
3826 	if (params->freq) {
3827 		wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq);
3828 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq))
3829 			goto fail;
3830 	}
3831 	if (params->ssid) {
3832 		wpa_printf(MSG_DEBUG, "  * SSID=%s",
3833 			   wpa_ssid_txt(params->ssid, params->ssid_len));
3834 		if (nla_put(msg, NL80211_ATTR_SSID, params->ssid_len,
3835 			    params->ssid))
3836 			goto fail;
3837 	}
3838 	wpa_hexdump(MSG_DEBUG, "  * IEs", params->ie, params->ie_len);
3839 	if (params->ie &&
3840 	    nla_put(msg, NL80211_ATTR_IE, params->ie_len, params->ie))
3841 		goto fail;
3842 	if (params->auth_data) {
3843 		wpa_hexdump(MSG_DEBUG, "  * auth_data", params->auth_data,
3844 			    params->auth_data_len);
3845 		if (nla_put(msg, NL80211_ATTR_SAE_DATA, params->auth_data_len,
3846 			    params->auth_data))
3847 			goto fail;
3848 	}
3849 	type = get_nl_auth_type(params->auth_alg);
3850 	wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
3851 	if (type == NL80211_AUTHTYPE_MAX ||
3852 	    nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE, type))
3853 		goto fail;
3854 	if (params->local_state_change) {
3855 		wpa_printf(MSG_DEBUG, "  * Local state change only");
3856 		if (nla_put_flag(msg, NL80211_ATTR_LOCAL_STATE_CHANGE))
3857 			goto fail;
3858 	}
3859 
3860 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
3861 	msg = NULL;
3862 	if (ret) {
3863 		wpa_dbg(drv->ctx, MSG_DEBUG,
3864 			"nl80211: MLME command failed (auth): count=%d ret=%d (%s)",
3865 			count, ret, strerror(-ret));
3866 		count++;
3867 		if ((ret == -EALREADY || ret == -EEXIST) && count == 1 &&
3868 		    params->bssid && !params->local_state_change) {
3869 			/*
3870 			 * mac80211 does not currently accept new
3871 			 * authentication if we are already authenticated. As a
3872 			 * workaround, force deauthentication and try again.
3873 			 */
3874 			wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
3875 				   "after forced deauthentication");
3876 			drv->ignore_deauth_event = 1;
3877 			wpa_driver_nl80211_deauthenticate(
3878 				bss, params->bssid,
3879 				WLAN_REASON_PREV_AUTH_NOT_VALID);
3880 			nlmsg_free(msg);
3881 			goto retry;
3882 		}
3883 
3884 		if (ret == -ENOENT && params->freq && !is_retry) {
3885 			/*
3886 			 * cfg80211 has likely expired the BSS entry even
3887 			 * though it was previously available in our internal
3888 			 * BSS table. To recover quickly, start a single
3889 			 * channel scan on the specified channel.
3890 			 */
3891 			struct wpa_driver_scan_params scan;
3892 			int freqs[2];
3893 
3894 			os_memset(&scan, 0, sizeof(scan));
3895 			scan.num_ssids = 1;
3896 			if (params->ssid) {
3897 				scan.ssids[0].ssid = params->ssid;
3898 				scan.ssids[0].ssid_len = params->ssid_len;
3899 			}
3900 			freqs[0] = params->freq;
3901 			freqs[1] = 0;
3902 			scan.freqs = freqs;
3903 			wpa_printf(MSG_DEBUG, "nl80211: Trigger single "
3904 				   "channel scan to refresh cfg80211 BSS "
3905 				   "entry");
3906 			ret = wpa_driver_nl80211_scan(bss, &scan);
3907 			if (ret == 0) {
3908 				nl80211_copy_auth_params(drv, params);
3909 				drv->scan_for_auth = 1;
3910 			}
3911 		} else if (is_retry) {
3912 			/*
3913 			 * Need to indicate this with an event since the return
3914 			 * value from the retry is not delivered to core code.
3915 			 */
3916 			union wpa_event_data event;
3917 			wpa_printf(MSG_DEBUG, "nl80211: Authentication retry "
3918 				   "failed");
3919 			os_memset(&event, 0, sizeof(event));
3920 			os_memcpy(event.timeout_event.addr, drv->auth_bssid_,
3921 				  ETH_ALEN);
3922 			wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT,
3923 					     &event);
3924 		}
3925 	} else {
3926 		wpa_printf(MSG_DEBUG,
3927 			   "nl80211: Authentication request send successfully");
3928 	}
3929 
3930 fail:
3931 	nlmsg_free(msg);
3932 	return ret;
3933 }
3934 
3935 
3936 int wpa_driver_nl80211_authenticate_retry(struct wpa_driver_nl80211_data *drv)
3937 {
3938 	struct wpa_driver_auth_params params;
3939 	struct i802_bss *bss = drv->first_bss;
3940 	int i;
3941 
3942 	wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again");
3943 
3944 	os_memset(&params, 0, sizeof(params));
3945 	params.freq = drv->auth_freq;
3946 	params.auth_alg = drv->auth_alg;
3947 	params.wep_tx_keyidx = drv->auth_wep_tx_keyidx;
3948 	params.local_state_change = drv->auth_local_state_change;
3949 	params.p2p = drv->auth_p2p;
3950 
3951 	if (!is_zero_ether_addr(drv->auth_bssid_))
3952 		params.bssid = drv->auth_bssid_;
3953 
3954 	if (drv->auth_ssid_len) {
3955 		params.ssid = drv->auth_ssid;
3956 		params.ssid_len = drv->auth_ssid_len;
3957 	}
3958 
3959 	params.ie = drv->auth_ie;
3960 	params.ie_len = drv->auth_ie_len;
3961 	params.auth_data = drv->auth_data;
3962 	params.auth_data_len = drv->auth_data_len;
3963 
3964 	for (i = 0; i < 4; i++) {
3965 		if (drv->auth_wep_key_len[i]) {
3966 			params.wep_key[i] = drv->auth_wep_key[i];
3967 			params.wep_key_len[i] = drv->auth_wep_key_len[i];
3968 		}
3969 	}
3970 
3971 	drv->retry_auth = 1;
3972 	return wpa_driver_nl80211_authenticate(bss, &params);
3973 }
3974 
3975 
3976 static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data,
3977 					size_t data_len, int noack,
3978 					unsigned int freq, int no_cck,
3979 					int offchanok,
3980 					unsigned int wait_time,
3981 					const u16 *csa_offs,
3982 					size_t csa_offs_len, int no_encrypt)
3983 {
3984 	struct wpa_driver_nl80211_data *drv = bss->drv;
3985 	struct ieee80211_mgmt *mgmt;
3986 	int encrypt = !no_encrypt;
3987 	u16 fc;
3988 	int use_cookie = 1;
3989 	int res;
3990 
3991 	mgmt = (struct ieee80211_mgmt *) data;
3992 	fc = le_to_host16(mgmt->frame_control);
3993 	wpa_printf(MSG_DEBUG, "nl80211: send_mlme - da=" MACSTR
3994 		   " noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u no_encrypt=%d fc=0x%x (%s) nlmode=%d",
3995 		   MAC2STR(mgmt->da), noack, freq, no_cck, offchanok, wait_time,
3996 		   no_encrypt, fc, fc2str(fc), drv->nlmode);
3997 
3998 	if ((is_sta_interface(drv->nlmode) ||
3999 	     drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) &&
4000 	    WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4001 	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
4002 		/*
4003 		 * The use of last_mgmt_freq is a bit of a hack,
4004 		 * but it works due to the single-threaded nature
4005 		 * of wpa_supplicant.
4006 		 */
4007 		if (freq == 0) {
4008 			wpa_printf(MSG_DEBUG, "nl80211: Use last_mgmt_freq=%d",
4009 				   drv->last_mgmt_freq);
4010 			freq = drv->last_mgmt_freq;
4011 		}
4012 		wait_time = 0;
4013 		use_cookie = 0;
4014 		no_cck = 1;
4015 		offchanok = 1;
4016 		goto send_frame_cmd;
4017 	}
4018 
4019 	if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) {
4020 		if (freq == 0) {
4021 			wpa_printf(MSG_DEBUG, "nl80211: Use bss->freq=%d",
4022 				   bss->freq);
4023 			freq = bss->freq;
4024 		}
4025 		if ((int) freq == bss->freq)
4026 			wait_time = 0;
4027 		goto send_frame_cmd;
4028 	}
4029 
4030 	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4031 	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
4032 		/*
4033 		 * Only one of the authentication frame types is encrypted.
4034 		 * In order for static WEP encryption to work properly (i.e.,
4035 		 * to not encrypt the frame), we need to tell mac80211 about
4036 		 * the frames that must not be encrypted.
4037 		 */
4038 		u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
4039 		u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
4040 		if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
4041 			encrypt = 0;
4042 	}
4043 
4044 	if (is_sta_interface(drv->nlmode) &&
4045 	    WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4046 	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
4047 		if (freq == 0 &&
4048 		    (drv->capa.flags & WPA_DRIVER_FLAGS_SAE) &&
4049 		    !(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
4050 			freq = nl80211_get_assoc_freq(drv);
4051 			wpa_printf(MSG_DEBUG,
4052 				   "nl80211: send_mlme - Use assoc_freq=%u for external auth",
4053 				   freq);
4054 		}
4055 
4056 		/* Allow off channel for PASN authentication */
4057 		if (data_len >= IEEE80211_HDRLEN + 2 &&
4058 		    WPA_GET_LE16(data + IEEE80211_HDRLEN) == WLAN_AUTH_PASN &&
4059 		    !offchanok) {
4060 			wpa_printf(MSG_DEBUG,
4061 				   "nl80211: send_mlme: allow off channel for PASN");
4062 			offchanok = 1;
4063 		}
4064 	}
4065 
4066 #ifdef CONFIG_PASN
4067 	if (is_sta_interface(drv->nlmode) &&
4068 	    WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4069 	     WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_DEAUTH) {
4070 		wpa_printf(MSG_DEBUG,
4071 			   "nl80211: send_mlme: allow Deauthentication frame for PASN");
4072 
4073 		use_cookie = 0;
4074 		offchanok = 1;
4075 		goto send_frame_cmd;
4076 	}
4077 #endif /* CONFIG_PASN */
4078 
4079 	if (freq == 0 && drv->nlmode == NL80211_IFTYPE_ADHOC) {
4080 		freq = nl80211_get_assoc_freq(drv);
4081 		wpa_printf(MSG_DEBUG,
4082 			   "nl80211: send_mlme - Use assoc_freq=%u for IBSS",
4083 			   freq);
4084 	}
4085 	if (freq == 0) {
4086 		wpa_printf(MSG_DEBUG, "nl80211: send_mlme - Use bss->freq=%u",
4087 			   bss->freq);
4088 		freq = bss->freq;
4089 	}
4090 
4091 	if (drv->use_monitor && is_ap_interface(drv->nlmode)) {
4092 		wpa_printf(MSG_DEBUG,
4093 			   "nl80211: send_frame(freq=%u bss->freq=%u) -> send_monitor",
4094 			   freq, bss->freq);
4095 		return nl80211_send_monitor(drv, data, data_len, encrypt,
4096 					    noack);
4097 	}
4098 
4099 	if (noack || WLAN_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT ||
4100 	    WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ACTION)
4101 		use_cookie = 0;
4102 send_frame_cmd:
4103 #ifdef CONFIG_TESTING_OPTIONS
4104 	if (no_encrypt && !encrypt && !drv->use_monitor) {
4105 		wpa_printf(MSG_DEBUG,
4106 			   "nl80211: Request to send an unencrypted frame - use a monitor interface for this");
4107 		if (nl80211_create_monitor_interface(drv) < 0)
4108 			return -1;
4109 		res = nl80211_send_monitor(drv, data, data_len, encrypt,
4110 					   noack);
4111 		nl80211_remove_monitor_interface(drv);
4112 		return res;
4113 	}
4114 #endif /* CONFIG_TESTING_OPTIONS */
4115 
4116 	wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame_cmd");
4117 	res = nl80211_send_frame_cmd(bss, freq, wait_time, data, data_len,
4118 				     use_cookie, no_cck, noack, offchanok,
4119 				     csa_offs, csa_offs_len);
4120 
4121 	return res;
4122 }
4123 
4124 
4125 static int nl80211_put_basic_rates(struct nl_msg *msg, const int *basic_rates)
4126 {
4127 	u8 rates[NL80211_MAX_SUPP_RATES];
4128 	u8 rates_len = 0;
4129 	int i;
4130 
4131 	if (!basic_rates)
4132 		return 0;
4133 
4134 	for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
4135 		rates[rates_len++] = basic_rates[i] / 5;
4136 
4137 	return nla_put(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
4138 }
4139 
4140 
4141 static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble,
4142 			   int slot, int ht_opmode, int ap_isolate,
4143 			   const int *basic_rates)
4144 {
4145 	struct wpa_driver_nl80211_data *drv = bss->drv;
4146 	struct nl_msg *msg;
4147 
4148 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_BSS)) ||
4149 	    (cts >= 0 &&
4150 	     nla_put_u8(msg, NL80211_ATTR_BSS_CTS_PROT, cts)) ||
4151 	    (preamble >= 0 &&
4152 	     nla_put_u8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble)) ||
4153 	    (slot >= 0 &&
4154 	     nla_put_u8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot)) ||
4155 	    (ht_opmode >= 0 &&
4156 	     nla_put_u16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode)) ||
4157 	    (ap_isolate >= 0 &&
4158 	     nla_put_u8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate)) ||
4159 	    nl80211_put_basic_rates(msg, basic_rates)) {
4160 		nlmsg_free(msg);
4161 		return -ENOBUFS;
4162 	}
4163 
4164 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
4165 }
4166 
4167 
4168 static int wpa_driver_nl80211_set_acl(void *priv,
4169 				      struct hostapd_acl_params *params)
4170 {
4171 	struct i802_bss *bss = priv;
4172 	struct wpa_driver_nl80211_data *drv = bss->drv;
4173 	struct nl_msg *msg;
4174 	struct nl_msg *acl;
4175 	unsigned int i;
4176 	int ret;
4177 	size_t acl_nla_sz, acl_nlmsg_sz, nla_sz, nlmsg_sz;
4178 
4179 	if (!(drv->capa.max_acl_mac_addrs))
4180 		return -ENOTSUP;
4181 
4182 	if (params->num_mac_acl > drv->capa.max_acl_mac_addrs)
4183 		return -ENOTSUP;
4184 
4185 	wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)",
4186 		   params->acl_policy ? "Accept" : "Deny", params->num_mac_acl);
4187 
4188 	acl_nla_sz = nla_total_size(ETH_ALEN) * params->num_mac_acl;
4189 	acl_nlmsg_sz = nlmsg_total_size(acl_nla_sz);
4190 	acl = nlmsg_alloc_size(acl_nlmsg_sz);
4191 	if (!acl)
4192 		return -ENOMEM;
4193 	for (i = 0; i < params->num_mac_acl; i++) {
4194 		if (nla_put(acl, i + 1, ETH_ALEN, params->mac_acl[i].addr)) {
4195 			nlmsg_free(acl);
4196 			return -ENOMEM;
4197 		}
4198 	}
4199 
4200 	/*
4201 	 * genetlink message header (Length of user header is 0) +
4202 	 * u32 attr: NL80211_ATTR_IFINDEX +
4203 	 * u32 attr: NL80211_ATTR_ACL_POLICY +
4204 	 * nested acl attr
4205 	 */
4206 	nla_sz = GENL_HDRLEN +
4207 		nla_total_size(4) * 2 +
4208 		nla_total_size(acl_nla_sz);
4209 	nlmsg_sz = nlmsg_total_size(nla_sz);
4210 	if (!(msg = nl80211_ifindex_msg_build(drv, nlmsg_alloc_size(nlmsg_sz),
4211 					      drv->ifindex, 0,
4212 					      NL80211_CMD_SET_MAC_ACL)) ||
4213 	    nla_put_u32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ?
4214 			NL80211_ACL_POLICY_DENY_UNLESS_LISTED :
4215 			NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED) ||
4216 	    nla_put_nested(msg, NL80211_ATTR_MAC_ADDRS, acl)) {
4217 		nlmsg_free(msg);
4218 		nlmsg_free(acl);
4219 		return -ENOMEM;
4220 	}
4221 	nlmsg_free(acl);
4222 
4223 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
4224 	if (ret) {
4225 		wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)",
4226 			   ret, strerror(-ret));
4227 	}
4228 
4229 	return ret;
4230 }
4231 
4232 
4233 static int nl80211_put_beacon_int(struct nl_msg *msg, int beacon_int)
4234 {
4235 	if (beacon_int > 0) {
4236 		wpa_printf(MSG_DEBUG, "  * beacon_int=%d", beacon_int);
4237 		return nla_put_u32(msg, NL80211_ATTR_BEACON_INTERVAL,
4238 				   beacon_int);
4239 	}
4240 
4241 	return 0;
4242 }
4243 
4244 
4245 static int nl80211_put_dtim_period(struct nl_msg *msg, int dtim_period)
4246 {
4247 	if (dtim_period > 0) {
4248 		wpa_printf(MSG_DEBUG, "  * dtim_period=%d", dtim_period);
4249 		return nla_put_u32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period);
4250 	}
4251 
4252 	return 0;
4253 }
4254 
4255 
4256 #ifdef CONFIG_MESH
4257 static int nl80211_set_mesh_config(void *priv,
4258 				   struct wpa_driver_mesh_bss_params *params)
4259 {
4260 	struct i802_bss *bss = priv;
4261 	struct wpa_driver_nl80211_data *drv = bss->drv;
4262 	struct nl_msg *msg;
4263 	int ret;
4264 
4265 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_MESH_CONFIG);
4266 	if (!msg)
4267 		return -1;
4268 
4269 	ret = nl80211_put_mesh_config(msg, params);
4270 	if (ret < 0) {
4271 		nlmsg_free(msg);
4272 		return ret;
4273 	}
4274 
4275 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
4276 	if (ret) {
4277 		wpa_printf(MSG_ERROR,
4278 			   "nl80211: Mesh config set failed: %d (%s)",
4279 			   ret, strerror(-ret));
4280 		return ret;
4281 	}
4282 	return 0;
4283 }
4284 #endif /* CONFIG_MESH */
4285 
4286 
4287 static int nl80211_put_beacon_rate(struct nl_msg *msg, u64 flags, u64 flags2,
4288 				   struct wpa_driver_ap_params *params)
4289 {
4290 	struct nlattr *bands, *band;
4291 	struct nl80211_txrate_vht vht_rate;
4292 	struct nl80211_txrate_he he_rate;
4293 
4294 	if (!params->freq ||
4295 	    (params->beacon_rate == 0 &&
4296 	     params->rate_type == BEACON_RATE_LEGACY))
4297 		return 0;
4298 
4299 	bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
4300 	if (!bands)
4301 		return -1;
4302 
4303 	switch (params->freq->mode) {
4304 	case HOSTAPD_MODE_IEEE80211B:
4305 	case HOSTAPD_MODE_IEEE80211G:
4306 		band = nla_nest_start(msg, NL80211_BAND_2GHZ);
4307 		break;
4308 	case HOSTAPD_MODE_IEEE80211A:
4309 		if (is_6ghz_freq(params->freq->freq))
4310 			band = nla_nest_start(msg, NL80211_BAND_6GHZ);
4311 		else
4312 			band = nla_nest_start(msg, NL80211_BAND_5GHZ);
4313 		break;
4314 	case HOSTAPD_MODE_IEEE80211AD:
4315 		band = nla_nest_start(msg, NL80211_BAND_60GHZ);
4316 		break;
4317 	default:
4318 		return 0;
4319 	}
4320 
4321 	if (!band)
4322 		return -1;
4323 
4324 	os_memset(&vht_rate, 0, sizeof(vht_rate));
4325 	os_memset(&he_rate, 0, sizeof(he_rate));
4326 
4327 	switch (params->rate_type) {
4328 	case BEACON_RATE_LEGACY:
4329 		if (!(flags & WPA_DRIVER_FLAGS_BEACON_RATE_LEGACY)) {
4330 			wpa_printf(MSG_INFO,
4331 				   "nl80211: Driver does not support setting Beacon frame rate (legacy)");
4332 			return -1;
4333 		}
4334 
4335 		if (nla_put_u8(msg, NL80211_TXRATE_LEGACY,
4336 			       (u8) params->beacon_rate / 5) ||
4337 		    nla_put(msg, NL80211_TXRATE_HT, 0, NULL) ||
4338 		    (params->freq->vht_enabled &&
4339 		     nla_put(msg, NL80211_TXRATE_VHT, sizeof(vht_rate),
4340 			     &vht_rate)))
4341 			return -1;
4342 
4343 		wpa_printf(MSG_DEBUG, " * beacon_rate = legacy:%u (* 100 kbps)",
4344 			   params->beacon_rate);
4345 		break;
4346 	case BEACON_RATE_HT:
4347 		if (!(flags & WPA_DRIVER_FLAGS_BEACON_RATE_HT)) {
4348 			wpa_printf(MSG_INFO,
4349 				   "nl80211: Driver does not support setting Beacon frame rate (HT)");
4350 			return -1;
4351 		}
4352 		if (nla_put(msg, NL80211_TXRATE_LEGACY, 0, NULL) ||
4353 		    nla_put_u8(msg, NL80211_TXRATE_HT, params->beacon_rate) ||
4354 		    (params->freq->vht_enabled &&
4355 		     nla_put(msg, NL80211_TXRATE_VHT, sizeof(vht_rate),
4356 			     &vht_rate)))
4357 			return -1;
4358 		wpa_printf(MSG_DEBUG, " * beacon_rate = HT-MCS %u",
4359 			   params->beacon_rate);
4360 		break;
4361 	case BEACON_RATE_VHT:
4362 		if (!(flags & WPA_DRIVER_FLAGS_BEACON_RATE_VHT)) {
4363 			wpa_printf(MSG_INFO,
4364 				   "nl80211: Driver does not support setting Beacon frame rate (VHT)");
4365 			return -1;
4366 		}
4367 		vht_rate.mcs[0] = BIT(params->beacon_rate);
4368 		if (nla_put(msg, NL80211_TXRATE_LEGACY, 0, NULL))
4369 			return -1;
4370 		if (nla_put(msg, NL80211_TXRATE_HT, 0, NULL))
4371 			return -1;
4372 		if (nla_put(msg, NL80211_TXRATE_VHT, sizeof(vht_rate),
4373 			    &vht_rate))
4374 			return -1;
4375 		wpa_printf(MSG_DEBUG, " * beacon_rate = VHT-MCS %u",
4376 			   params->beacon_rate);
4377 		break;
4378 	case BEACON_RATE_HE:
4379 		if (!(flags2 & WPA_DRIVER_FLAGS2_BEACON_RATE_HE)) {
4380 			wpa_printf(MSG_INFO,
4381 				   "nl80211: Driver does not support setting Beacon frame rate (HE)");
4382 			return -1;
4383 		}
4384 		he_rate.mcs[0] = BIT(params->beacon_rate);
4385 		if (nla_put(msg, NL80211_TXRATE_LEGACY, 0, NULL) ||
4386 		    nla_put(msg, NL80211_TXRATE_HT, 0, NULL) ||
4387 		    nla_put(msg, NL80211_TXRATE_VHT, sizeof(vht_rate),
4388 			    &vht_rate) ||
4389 		    nla_put(msg, NL80211_TXRATE_HE, sizeof(he_rate), &he_rate))
4390 			return -1;
4391 		wpa_printf(MSG_DEBUG, " * beacon_rate = HE-MCS %u",
4392 			   params->beacon_rate);
4393 		break;
4394 	}
4395 
4396 	nla_nest_end(msg, band);
4397 	nla_nest_end(msg, bands);
4398 
4399 	return 0;
4400 }
4401 
4402 
4403 static int nl80211_set_multicast_to_unicast(struct i802_bss *bss,
4404 					    int multicast_to_unicast)
4405 {
4406 	struct wpa_driver_nl80211_data *drv = bss->drv;
4407 	struct nl_msg *msg;
4408 	int ret;
4409 
4410 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_MULTICAST_TO_UNICAST);
4411 	if (!msg ||
4412 	    (multicast_to_unicast &&
4413 	     nla_put_flag(msg, NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED))) {
4414 		wpa_printf(MSG_ERROR,
4415 			   "nl80211: Failed to build NL80211_CMD_SET_MULTICAST_TO_UNICAST msg for %s",
4416 			   bss->ifname);
4417 		nlmsg_free(msg);
4418 		return -ENOBUFS;
4419 	}
4420 
4421 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
4422 
4423 	switch (ret) {
4424 	case 0:
4425 		wpa_printf(MSG_DEBUG,
4426 			   "nl80211: multicast to unicast %s on interface %s",
4427 			   multicast_to_unicast ? "enabled" : "disabled",
4428 			   bss->ifname);
4429 		break;
4430 	case -EOPNOTSUPP:
4431 		if (!multicast_to_unicast)
4432 			break;
4433 		wpa_printf(MSG_INFO,
4434 			   "nl80211: multicast to unicast not supported on interface %s",
4435 			   bss->ifname);
4436 		break;
4437 	default:
4438 		wpa_printf(MSG_ERROR,
4439 			   "nl80211: %s multicast to unicast failed with %d (%s) on interface %s",
4440 			   multicast_to_unicast ? "enabling" : "disabling",
4441 			   ret, strerror(-ret), bss->ifname);
4442 		break;
4443 	}
4444 
4445 	return ret;
4446 }
4447 
4448 
4449 #ifdef CONFIG_SAE
4450 static int nl80211_put_sae_pwe(struct nl_msg *msg, int pwe)
4451 {
4452 	u8 sae_pwe;
4453 
4454 	wpa_printf(MSG_DEBUG, "nl802111: sae_pwe=%d", pwe);
4455 	if (pwe == 0)
4456 		sae_pwe = NL80211_SAE_PWE_HUNT_AND_PECK;
4457 	else if (pwe == 1)
4458 		sae_pwe = NL80211_SAE_PWE_HASH_TO_ELEMENT;
4459 	else if (pwe == 2)
4460 		sae_pwe = NL80211_SAE_PWE_BOTH;
4461 	else if (pwe == 3)
4462 		return 0; /* special test mode */
4463 	else
4464 		return -1;
4465 	if (nla_put_u8(msg, NL80211_ATTR_SAE_PWE, sae_pwe))
4466 		return -1;
4467 
4468 	return 0;
4469 }
4470 #endif /* CONFIG_SAE */
4471 
4472 
4473 #ifdef CONFIG_FILS
4474 static int nl80211_fils_discovery(struct i802_bss *bss, struct nl_msg *msg,
4475 				  struct wpa_driver_ap_params *params)
4476 {
4477 	struct nlattr *attr;
4478 
4479 	if (!bss->drv->fils_discovery) {
4480 		wpa_printf(MSG_ERROR,
4481 			   "nl80211: Driver does not support FILS Discovery frame transmission for %s",
4482 			   bss->ifname);
4483 		return -1;
4484 	}
4485 
4486 	attr = nla_nest_start(msg, NL80211_ATTR_FILS_DISCOVERY);
4487 	if (!attr ||
4488 	    nla_put_u32(msg, NL80211_FILS_DISCOVERY_ATTR_INT_MIN,
4489 			params->fd_min_int) ||
4490 	    nla_put_u32(msg, NL80211_FILS_DISCOVERY_ATTR_INT_MAX,
4491 			params->fd_max_int) ||
4492 	    (params->fd_frame_tmpl &&
4493 	     nla_put(msg, NL80211_FILS_DISCOVERY_ATTR_TMPL,
4494 		     params->fd_frame_tmpl_len, params->fd_frame_tmpl)))
4495 		return -1;
4496 
4497 	nla_nest_end(msg, attr);
4498 	return 0;
4499 }
4500 #endif /* CONFIG_FILS */
4501 
4502 
4503 #ifdef CONFIG_IEEE80211AX
4504 static int nl80211_unsol_bcast_probe_resp(struct i802_bss *bss,
4505 					  struct nl_msg *msg,
4506 					  struct wpa_driver_ap_params *params)
4507 {
4508 	struct nlattr *attr;
4509 
4510 	if (!bss->drv->unsol_bcast_probe_resp) {
4511 		wpa_printf(MSG_ERROR,
4512 			   "nl80211: Driver does not support unsolicited broadcast Probe Response frame transmission for %s",
4513 			   bss->ifname);
4514 		return -1;
4515 	}
4516 
4517 	wpa_printf(MSG_DEBUG,
4518 		   "nl80211: Unsolicited broadcast Probe Response frame interval: %u",
4519 		   params->unsol_bcast_probe_resp_interval);
4520 	attr = nla_nest_start(msg, NL80211_ATTR_UNSOL_BCAST_PROBE_RESP);
4521 	if (!attr ||
4522 	    nla_put_u32(msg, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT,
4523 			params->unsol_bcast_probe_resp_interval) ||
4524 	    (params->unsol_bcast_probe_resp_tmpl &&
4525 	     nla_put(msg, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL,
4526 		     params->unsol_bcast_probe_resp_tmpl_len,
4527 		     params->unsol_bcast_probe_resp_tmpl)))
4528 		return -1;
4529 
4530 	nla_nest_end(msg, attr);
4531 	return 0;
4532 }
4533 #endif /* CONFIG_IEEE80211AX */
4534 
4535 
4536 static int wpa_driver_nl80211_set_ap(void *priv,
4537 				     struct wpa_driver_ap_params *params)
4538 {
4539 	struct i802_bss *bss = priv;
4540 	struct wpa_driver_nl80211_data *drv = bss->drv;
4541 	struct nl_msg *msg;
4542 	u8 cmd = NL80211_CMD_NEW_BEACON;
4543 	int ret = -ENOBUFS;
4544 	int beacon_set;
4545 	int num_suites;
4546 	u32 suites[20], suite;
4547 	u32 ver;
4548 #ifdef CONFIG_MESH
4549 	struct wpa_driver_mesh_bss_params mesh_params;
4550 #endif /* CONFIG_MESH */
4551 
4552 	beacon_set = params->reenable ? 0 : bss->beacon_set;
4553 
4554 	wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
4555 		   beacon_set);
4556 	if (beacon_set)
4557 		cmd = NL80211_CMD_SET_BEACON;
4558 	else if (!drv->device_ap_sme && !drv->use_monitor &&
4559 		 !nl80211_get_wiphy_data_ap(bss))
4560 		return -ENOBUFS;
4561 
4562 	wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head",
4563 		    params->head, params->head_len);
4564 	wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail",
4565 		    params->tail, params->tail_len);
4566 	wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", bss->ifindex);
4567 	wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int);
4568 	wpa_printf(MSG_DEBUG, "nl80211: beacon_rate=%u", params->beacon_rate);
4569 	wpa_printf(MSG_DEBUG, "nl80211: rate_type=%d", params->rate_type);
4570 	wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period);
4571 	wpa_printf(MSG_DEBUG, "nl80211: ssid=%s",
4572 		   wpa_ssid_txt(params->ssid, params->ssid_len));
4573 	if (!(msg = nl80211_bss_msg(bss, 0, cmd)) ||
4574 	    nla_put(msg, NL80211_ATTR_BEACON_HEAD, params->head_len,
4575 		    params->head) ||
4576 	    nla_put(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len,
4577 		    params->tail) ||
4578 	    nl80211_put_beacon_int(msg, params->beacon_int) ||
4579 	    nl80211_put_beacon_rate(msg, drv->capa.flags, drv->capa.flags2,
4580 				    params) ||
4581 	    nl80211_put_dtim_period(msg, params->dtim_period) ||
4582 	    nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid))
4583 		goto fail;
4584 	if (params->proberesp && params->proberesp_len) {
4585 		wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)",
4586 			    params->proberesp, params->proberesp_len);
4587 		if (nla_put(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len,
4588 			    params->proberesp))
4589 			goto fail;
4590 	}
4591 	switch (params->hide_ssid) {
4592 	case NO_SSID_HIDING:
4593 		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use");
4594 		if (nla_put_u32(msg, NL80211_ATTR_HIDDEN_SSID,
4595 				NL80211_HIDDEN_SSID_NOT_IN_USE))
4596 			goto fail;
4597 		break;
4598 	case HIDDEN_SSID_ZERO_LEN:
4599 		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len");
4600 		if (nla_put_u32(msg, NL80211_ATTR_HIDDEN_SSID,
4601 				NL80211_HIDDEN_SSID_ZERO_LEN))
4602 			goto fail;
4603 		break;
4604 	case HIDDEN_SSID_ZERO_CONTENTS:
4605 		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents");
4606 		if (nla_put_u32(msg, NL80211_ATTR_HIDDEN_SSID,
4607 				NL80211_HIDDEN_SSID_ZERO_CONTENTS))
4608 			goto fail;
4609 		break;
4610 	}
4611 	wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy);
4612 	if (params->privacy &&
4613 	    nla_put_flag(msg, NL80211_ATTR_PRIVACY))
4614 		goto fail;
4615 	wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs);
4616 	if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) ==
4617 	    (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) {
4618 		/* Leave out the attribute */
4619 	} else if (params->auth_algs & WPA_AUTH_ALG_SHARED) {
4620 		if (nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE,
4621 				NL80211_AUTHTYPE_SHARED_KEY))
4622 			goto fail;
4623 	} else {
4624 		if (nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE,
4625 				NL80211_AUTHTYPE_OPEN_SYSTEM))
4626 			goto fail;
4627 	}
4628 
4629 	wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version);
4630 	ver = 0;
4631 	if (params->wpa_version & WPA_PROTO_WPA)
4632 		ver |= NL80211_WPA_VERSION_1;
4633 	if (params->wpa_version & WPA_PROTO_RSN)
4634 		ver |= NL80211_WPA_VERSION_2;
4635 	if (ver &&
4636 	    nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
4637 		goto fail;
4638 
4639 	wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x",
4640 		   params->key_mgmt_suites);
4641 	num_suites = wpa_key_mgmt_to_suites(params->key_mgmt_suites,
4642 					    suites, ARRAY_SIZE(suites));
4643 	if (num_suites > NL80211_MAX_NR_AKM_SUITES)
4644 		wpa_printf(MSG_DEBUG,
4645 			   "nl80211: Not enough room for all AKM suites (num_suites=%d > NL80211_MAX_NR_AKM_SUITES)",
4646 			   num_suites);
4647 	else if (num_suites &&
4648 		 nla_put(msg, NL80211_ATTR_AKM_SUITES, num_suites * sizeof(u32),
4649 			 suites))
4650 		goto fail;
4651 
4652 	if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
4653 	    (!params->pairwise_ciphers ||
4654 	     params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) &&
4655 	    (nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, ETH_P_PAE) ||
4656 	     nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
4657 		goto fail;
4658 
4659 	if (drv->device_ap_sme &&
4660 	    (params->key_mgmt_suites & WPA_KEY_MGMT_SAE) &&
4661 	    nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT))
4662 		goto fail;
4663 
4664 	wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x",
4665 		   params->pairwise_ciphers);
4666 	num_suites = wpa_cipher_to_cipher_suites(params->pairwise_ciphers,
4667 						 suites, ARRAY_SIZE(suites));
4668 	if (num_suites &&
4669 	    nla_put(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
4670 		    num_suites * sizeof(u32), suites))
4671 		goto fail;
4672 
4673 	wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x",
4674 		   params->group_cipher);
4675 	suite = wpa_cipher_to_cipher_suite(params->group_cipher);
4676 	if (suite &&
4677 	    nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite))
4678 		goto fail;
4679 
4680 	if (params->beacon_ies) {
4681 		wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies",
4682 				params->beacon_ies);
4683 		if (nla_put(msg, NL80211_ATTR_IE,
4684 			    wpabuf_len(params->beacon_ies),
4685 			    wpabuf_head(params->beacon_ies)))
4686 			goto fail;
4687 	}
4688 	if (params->proberesp_ies) {
4689 		wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies",
4690 				params->proberesp_ies);
4691 		if (nla_put(msg, NL80211_ATTR_IE_PROBE_RESP,
4692 			    wpabuf_len(params->proberesp_ies),
4693 			    wpabuf_head(params->proberesp_ies)))
4694 			goto fail;
4695 	}
4696 	if (params->assocresp_ies) {
4697 		wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies",
4698 				params->assocresp_ies);
4699 		if (nla_put(msg, NL80211_ATTR_IE_ASSOC_RESP,
4700 			    wpabuf_len(params->assocresp_ies),
4701 			    wpabuf_head(params->assocresp_ies)))
4702 			goto fail;
4703 	}
4704 
4705 	if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)  {
4706 		wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d",
4707 			   params->ap_max_inactivity);
4708 		if (nla_put_u16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT,
4709 				params->ap_max_inactivity))
4710 			goto fail;
4711 	}
4712 
4713 #ifdef CONFIG_P2P
4714 	if (params->p2p_go_ctwindow > 0) {
4715 		if (drv->p2p_go_ctwindow_supported) {
4716 			wpa_printf(MSG_DEBUG, "nl80211: P2P GO ctwindow=%d",
4717 				   params->p2p_go_ctwindow);
4718 			if (nla_put_u8(msg, NL80211_ATTR_P2P_CTWINDOW,
4719 				       params->p2p_go_ctwindow))
4720 				goto fail;
4721 		} else {
4722 			wpa_printf(MSG_INFO,
4723 				   "nl80211: Driver does not support CTWindow configuration - ignore this parameter");
4724 		}
4725 	}
4726 #endif /* CONFIG_P2P */
4727 
4728 	if (params->pbss) {
4729 		wpa_printf(MSG_DEBUG, "nl80211: PBSS");
4730 		if (nla_put_flag(msg, NL80211_ATTR_PBSS))
4731 			goto fail;
4732 	}
4733 
4734 	if (params->ftm_responder) {
4735 		struct nlattr *ftm;
4736 
4737 		if (!(drv->capa.flags & WPA_DRIVER_FLAGS_FTM_RESPONDER)) {
4738 			ret = -ENOTSUP;
4739 			goto fail;
4740 		}
4741 
4742 		ftm = nla_nest_start(msg, NL80211_ATTR_FTM_RESPONDER);
4743 		if (!ftm ||
4744 		    nla_put_flag(msg, NL80211_FTM_RESP_ATTR_ENABLED) ||
4745 		    (params->lci &&
4746 		     nla_put(msg, NL80211_FTM_RESP_ATTR_LCI,
4747 			     wpabuf_len(params->lci),
4748 			     wpabuf_head(params->lci))) ||
4749 		    (params->civic &&
4750 		     nla_put(msg, NL80211_FTM_RESP_ATTR_CIVICLOC,
4751 			     wpabuf_len(params->civic),
4752 			     wpabuf_head(params->civic))))
4753 			goto fail;
4754 		nla_nest_end(msg, ftm);
4755 	}
4756 
4757 #ifdef CONFIG_IEEE80211AX
4758 	if (params->he_spr_ctrl) {
4759 		struct nlattr *spr;
4760 
4761 		spr = nla_nest_start(msg, NL80211_ATTR_HE_OBSS_PD);
4762 		wpa_printf(MSG_DEBUG, "nl80211: he_spr_ctrl=0x%x",
4763 			   params->he_spr_ctrl);
4764 
4765 		if (!spr ||
4766 		    nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_SR_CTRL,
4767 			       params->he_spr_ctrl) ||
4768 		    ((params->he_spr_ctrl &
4769 		      SPATIAL_REUSE_NON_SRG_OFFSET_PRESENT) &&
4770 		     nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET,
4771 				params->he_spr_non_srg_obss_pd_max_offset)))
4772 			goto fail;
4773 
4774 		if ((params->he_spr_ctrl &
4775 		     SPATIAL_REUSE_SRG_INFORMATION_PRESENT) &&
4776 		    (nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET,
4777 				params->he_spr_srg_obss_pd_min_offset) ||
4778 		     nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET,
4779 				params->he_spr_srg_obss_pd_max_offset) ||
4780 		     nla_put(msg, NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP,
4781 			     sizeof(params->he_spr_bss_color_bitmap),
4782 			     params->he_spr_bss_color_bitmap) ||
4783 		     nla_put(msg, NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP,
4784 			     sizeof(params->he_spr_partial_bssid_bitmap),
4785 			     params->he_spr_partial_bssid_bitmap)))
4786 			goto fail;
4787 
4788 		nla_nest_end(msg, spr);
4789 	}
4790 
4791 	if (params->freq && params->freq->he_enabled) {
4792 		struct nlattr *bss_color;
4793 
4794 		bss_color = nla_nest_start(msg, NL80211_ATTR_HE_BSS_COLOR);
4795 		if (!bss_color ||
4796 		    (params->he_bss_color_disabled &&
4797 		     nla_put_flag(msg, NL80211_HE_BSS_COLOR_ATTR_DISABLED)) ||
4798 		    (params->he_bss_color_partial &&
4799 		     nla_put_flag(msg, NL80211_HE_BSS_COLOR_ATTR_PARTIAL)) ||
4800 		    nla_put_u8(msg, NL80211_HE_BSS_COLOR_ATTR_COLOR,
4801 			       params->he_bss_color))
4802 			goto fail;
4803 		nla_nest_end(msg, bss_color);
4804 	}
4805 
4806 	if (params->twt_responder) {
4807 		wpa_printf(MSG_DEBUG, "nl80211: twt_responder=%d",
4808 			   params->twt_responder);
4809 		if (nla_put_flag(msg, NL80211_ATTR_TWT_RESPONDER))
4810 			goto fail;
4811 	}
4812 
4813 	if (params->unsol_bcast_probe_resp_interval &&
4814 	    nl80211_unsol_bcast_probe_resp(bss, msg, params) < 0)
4815 		goto fail;
4816 #endif /* CONFIG_IEEE80211AX */
4817 
4818 #ifdef CONFIG_SAE
4819 	if (((params->key_mgmt_suites & WPA_KEY_MGMT_SAE) ||
4820 	     (params->key_mgmt_suites & WPA_KEY_MGMT_FT_SAE)) &&
4821 	    nl80211_put_sae_pwe(msg, params->sae_pwe) < 0)
4822 		goto fail;
4823 #endif /* CONFIG_SAE */
4824 
4825 #ifdef CONFIG_FILS
4826 	if (params->fd_max_int && nl80211_fils_discovery(bss, msg, params) < 0)
4827 		goto fail;
4828 #endif /* CONFIG_FILS */
4829 
4830 	ret = send_and_recv_msgs_connect_handle(drv, msg, bss, 1);
4831 	if (ret) {
4832 		wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
4833 			   ret, strerror(-ret));
4834 	} else {
4835 		bss->beacon_set = 1;
4836 		nl80211_set_bss(bss, params->cts_protect, params->preamble,
4837 				params->short_slot_time, params->ht_opmode,
4838 				params->isolate, params->basic_rates);
4839 		nl80211_set_multicast_to_unicast(bss,
4840 						 params->multicast_to_unicast);
4841 		if (beacon_set && params->freq &&
4842 		    params->freq->bandwidth != bss->bandwidth) {
4843 			wpa_printf(MSG_DEBUG,
4844 				   "nl80211: Update BSS %s bandwidth: %d -> %d",
4845 				   bss->ifname, bss->bandwidth,
4846 				   params->freq->bandwidth);
4847 			ret = nl80211_set_channel(bss, params->freq, 1);
4848 			if (ret) {
4849 				wpa_printf(MSG_DEBUG,
4850 					   "nl80211: Frequency set failed: %d (%s)",
4851 					   ret, strerror(-ret));
4852 			} else {
4853 				wpa_printf(MSG_DEBUG,
4854 					   "nl80211: Frequency set succeeded for ht2040 coex");
4855 				bss->bandwidth = params->freq->bandwidth;
4856 			}
4857 		} else if (!beacon_set && params->freq) {
4858 			/*
4859 			 * cfg80211 updates the driver on frequence change in AP
4860 			 * mode only at the point when beaconing is started, so
4861 			 * set the initial value here.
4862 			 */
4863 			bss->bandwidth = params->freq->bandwidth;
4864 		}
4865 	}
4866 
4867 #ifdef CONFIG_MESH
4868 	if (is_mesh_interface(drv->nlmode) && params->ht_opmode != -1) {
4869 		os_memset(&mesh_params, 0, sizeof(mesh_params));
4870 		mesh_params.flags |= WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE;
4871 		mesh_params.ht_opmode = params->ht_opmode;
4872 		ret = nl80211_set_mesh_config(priv, &mesh_params);
4873 		if (ret < 0)
4874 			return ret;
4875 	}
4876 #endif /* CONFIG_MESH */
4877 
4878 	return ret;
4879 fail:
4880 	nlmsg_free(msg);
4881 	return ret;
4882 }
4883 
4884 
4885 static int nl80211_put_freq_params(struct nl_msg *msg,
4886 				   const struct hostapd_freq_params *freq)
4887 {
4888 	enum hostapd_hw_mode hw_mode;
4889 	int is_24ghz;
4890 	u8 channel;
4891 
4892 	wpa_printf(MSG_DEBUG, "  * freq=%d", freq->freq);
4893 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq))
4894 		return -ENOBUFS;
4895 
4896 	wpa_printf(MSG_DEBUG, "  * he_enabled=%d", freq->he_enabled);
4897 	wpa_printf(MSG_DEBUG, "  * vht_enabled=%d", freq->vht_enabled);
4898 	wpa_printf(MSG_DEBUG, "  * ht_enabled=%d", freq->ht_enabled);
4899 
4900 	hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
4901 	is_24ghz = hw_mode == HOSTAPD_MODE_IEEE80211G ||
4902 		hw_mode == HOSTAPD_MODE_IEEE80211B;
4903 
4904 	if (freq->vht_enabled || (freq->he_enabled && !is_24ghz)) {
4905 		enum nl80211_chan_width cw;
4906 
4907 		wpa_printf(MSG_DEBUG, "  * bandwidth=%d", freq->bandwidth);
4908 		switch (freq->bandwidth) {
4909 		case 20:
4910 			cw = NL80211_CHAN_WIDTH_20;
4911 			break;
4912 		case 40:
4913 			cw = NL80211_CHAN_WIDTH_40;
4914 			break;
4915 		case 80:
4916 			if (freq->center_freq2)
4917 				cw = NL80211_CHAN_WIDTH_80P80;
4918 			else
4919 				cw = NL80211_CHAN_WIDTH_80;
4920 			break;
4921 		case 160:
4922 			cw = NL80211_CHAN_WIDTH_160;
4923 			break;
4924 		default:
4925 			return -EINVAL;
4926 		}
4927 
4928 		wpa_printf(MSG_DEBUG, "  * channel_width=%d", cw);
4929 		wpa_printf(MSG_DEBUG, "  * center_freq1=%d",
4930 			   freq->center_freq1);
4931 		wpa_printf(MSG_DEBUG, "  * center_freq2=%d",
4932 			   freq->center_freq2);
4933 		if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, cw) ||
4934 		    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1,
4935 				freq->center_freq1) ||
4936 		    (freq->center_freq2 &&
4937 		     nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2,
4938 				 freq->center_freq2)))
4939 			return -ENOBUFS;
4940 	} else if (freq->ht_enabled) {
4941 		enum nl80211_channel_type ct;
4942 
4943 		wpa_printf(MSG_DEBUG, "  * sec_channel_offset=%d",
4944 			   freq->sec_channel_offset);
4945 		switch (freq->sec_channel_offset) {
4946 		case -1:
4947 			ct = NL80211_CHAN_HT40MINUS;
4948 			break;
4949 		case 1:
4950 			ct = NL80211_CHAN_HT40PLUS;
4951 			break;
4952 		default:
4953 			ct = NL80211_CHAN_HT20;
4954 			break;
4955 		}
4956 
4957 		wpa_printf(MSG_DEBUG, "  * channel_type=%d", ct);
4958 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, ct))
4959 			return -ENOBUFS;
4960 	} else if (freq->edmg.channels && freq->edmg.bw_config) {
4961 		wpa_printf(MSG_DEBUG,
4962 			   "  * EDMG configuration: channels=0x%x bw_config=%d",
4963 			   freq->edmg.channels, freq->edmg.bw_config);
4964 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_CHANNELS,
4965 			       freq->edmg.channels) ||
4966 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_BW_CONFIG,
4967 			       freq->edmg.bw_config))
4968 			return -1;
4969 	} else {
4970 		wpa_printf(MSG_DEBUG, "  * channel_type=%d",
4971 			   NL80211_CHAN_NO_HT);
4972 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
4973 				NL80211_CHAN_NO_HT))
4974 			return -ENOBUFS;
4975 	}
4976 	return 0;
4977 }
4978 
4979 
4980 static int nl80211_set_channel(struct i802_bss *bss,
4981 			       struct hostapd_freq_params *freq, int set_chan)
4982 {
4983 	struct wpa_driver_nl80211_data *drv = bss->drv;
4984 	struct nl_msg *msg;
4985 	int ret;
4986 
4987 	wpa_printf(MSG_DEBUG,
4988 		   "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, he_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
4989 		   freq->freq, freq->ht_enabled, freq->vht_enabled, freq->he_enabled,
4990 		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
4991 
4992 	msg = nl80211_drv_msg(drv, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
4993 			      NL80211_CMD_SET_WIPHY);
4994 	if (!msg || nl80211_put_freq_params(msg, freq) < 0) {
4995 		nlmsg_free(msg);
4996 		return -1;
4997 	}
4998 
4999 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
5000 	if (ret == 0) {
5001 		bss->freq = freq->freq;
5002 		return 0;
5003 	}
5004 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
5005 		   "%d (%s)", freq->freq, ret, strerror(-ret));
5006 	return -1;
5007 }
5008 
5009 
5010 static u32 sta_flags_nl80211(int flags)
5011 {
5012 	u32 f = 0;
5013 
5014 	if (flags & WPA_STA_AUTHORIZED)
5015 		f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
5016 	if (flags & WPA_STA_WMM)
5017 		f |= BIT(NL80211_STA_FLAG_WME);
5018 	if (flags & WPA_STA_SHORT_PREAMBLE)
5019 		f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
5020 	if (flags & WPA_STA_MFP)
5021 		f |= BIT(NL80211_STA_FLAG_MFP);
5022 	if (flags & WPA_STA_TDLS_PEER)
5023 		f |= BIT(NL80211_STA_FLAG_TDLS_PEER);
5024 	if (flags & WPA_STA_AUTHENTICATED)
5025 		f |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
5026 	if (flags & WPA_STA_ASSOCIATED)
5027 		f |= BIT(NL80211_STA_FLAG_ASSOCIATED);
5028 
5029 	return f;
5030 }
5031 
5032 
5033 #ifdef CONFIG_MESH
5034 static u32 sta_plink_state_nl80211(enum mesh_plink_state state)
5035 {
5036 	switch (state) {
5037 	case PLINK_IDLE:
5038 		return NL80211_PLINK_LISTEN;
5039 	case PLINK_OPN_SNT:
5040 		return NL80211_PLINK_OPN_SNT;
5041 	case PLINK_OPN_RCVD:
5042 		return NL80211_PLINK_OPN_RCVD;
5043 	case PLINK_CNF_RCVD:
5044 		return NL80211_PLINK_CNF_RCVD;
5045 	case PLINK_ESTAB:
5046 		return NL80211_PLINK_ESTAB;
5047 	case PLINK_HOLDING:
5048 		return NL80211_PLINK_HOLDING;
5049 	case PLINK_BLOCKED:
5050 		return NL80211_PLINK_BLOCKED;
5051 	default:
5052 		wpa_printf(MSG_ERROR, "nl80211: Invalid mesh plink state %d",
5053 			   state);
5054 	}
5055 	return -1;
5056 }
5057 #endif /* CONFIG_MESH */
5058 
5059 
5060 static int wpa_driver_nl80211_sta_add(void *priv,
5061 				      struct hostapd_sta_add_params *params)
5062 {
5063 	struct i802_bss *bss = priv;
5064 	struct wpa_driver_nl80211_data *drv = bss->drv;
5065 	struct nl_msg *msg;
5066 	struct nl80211_sta_flag_update upd;
5067 	int ret = -ENOBUFS;
5068 
5069 	if ((params->flags & WPA_STA_TDLS_PEER) &&
5070 	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
5071 		return -EOPNOTSUPP;
5072 
5073 	wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR,
5074 		   params->set ? "Set" : "Add", MAC2STR(params->addr));
5075 	msg = nl80211_bss_msg(bss, 0, params->set ? NL80211_CMD_SET_STATION :
5076 			      NL80211_CMD_NEW_STATION);
5077 	if (!msg || nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr))
5078 		goto fail;
5079 
5080 	/*
5081 	 * Set the below properties only in one of the following cases:
5082 	 * 1. New station is added, already associated.
5083 	 * 2. Set WPA_STA_TDLS_PEER station.
5084 	 * 3. Set an already added unassociated station, if driver supports
5085 	 * full AP client state. (Set these properties after station became
5086 	 * associated will be rejected by the driver).
5087 	 */
5088 	if (!params->set || (params->flags & WPA_STA_TDLS_PEER) ||
5089 	    (params->set && FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags) &&
5090 	     (params->flags & WPA_STA_ASSOCIATED))) {
5091 		wpa_hexdump(MSG_DEBUG, "  * supported rates",
5092 			    params->supp_rates, params->supp_rates_len);
5093 		wpa_printf(MSG_DEBUG, "  * capability=0x%x",
5094 			   params->capability);
5095 		if (nla_put(msg, NL80211_ATTR_STA_SUPPORTED_RATES,
5096 			    params->supp_rates_len, params->supp_rates) ||
5097 		    nla_put_u16(msg, NL80211_ATTR_STA_CAPABILITY,
5098 				params->capability))
5099 			goto fail;
5100 
5101 		if (params->ht_capabilities) {
5102 			wpa_hexdump(MSG_DEBUG, "  * ht_capabilities",
5103 				    (u8 *) params->ht_capabilities,
5104 				    sizeof(*params->ht_capabilities));
5105 			if (nla_put(msg, NL80211_ATTR_HT_CAPABILITY,
5106 				    sizeof(*params->ht_capabilities),
5107 				    params->ht_capabilities))
5108 				goto fail;
5109 		}
5110 
5111 		if (params->vht_capabilities) {
5112 			wpa_hexdump(MSG_DEBUG, "  * vht_capabilities",
5113 				    (u8 *) params->vht_capabilities,
5114 				    sizeof(*params->vht_capabilities));
5115 			if (nla_put(msg, NL80211_ATTR_VHT_CAPABILITY,
5116 				    sizeof(*params->vht_capabilities),
5117 				    params->vht_capabilities))
5118 				goto fail;
5119 		}
5120 
5121 		if (params->he_capab) {
5122 			wpa_hexdump(MSG_DEBUG, "  * he_capab",
5123 				    params->he_capab, params->he_capab_len);
5124 			if (nla_put(msg, NL80211_ATTR_HE_CAPABILITY,
5125 				    params->he_capab_len, params->he_capab))
5126 				goto fail;
5127 		}
5128 
5129 		if (params->he_6ghz_capab) {
5130 			wpa_hexdump(MSG_DEBUG, "  * he_6ghz_capab",
5131 				    params->he_6ghz_capab,
5132 				    sizeof(*params->he_6ghz_capab));
5133 			if (nla_put(msg, NL80211_ATTR_HE_6GHZ_CAPABILITY,
5134 				    sizeof(*params->he_6ghz_capab),
5135 				    params->he_6ghz_capab))
5136 				goto fail;
5137 		}
5138 
5139 		if (params->ext_capab) {
5140 			wpa_hexdump(MSG_DEBUG, "  * ext_capab",
5141 				    params->ext_capab, params->ext_capab_len);
5142 			if (nla_put(msg, NL80211_ATTR_STA_EXT_CAPABILITY,
5143 				    params->ext_capab_len, params->ext_capab))
5144 				goto fail;
5145 		}
5146 
5147 		if (is_ap_interface(drv->nlmode) &&
5148 		    nla_put_u8(msg, NL80211_ATTR_STA_SUPPORT_P2P_PS,
5149 			       params->support_p2p_ps ?
5150 			       NL80211_P2P_PS_SUPPORTED :
5151 			       NL80211_P2P_PS_UNSUPPORTED))
5152 			goto fail;
5153 	}
5154 	if (!params->set) {
5155 		if (params->aid) {
5156 			wpa_printf(MSG_DEBUG, "  * aid=%u", params->aid);
5157 			if (nla_put_u16(msg, NL80211_ATTR_STA_AID, params->aid))
5158 				goto fail;
5159 		} else {
5160 			/*
5161 			 * cfg80211 validates that AID is non-zero, so we have
5162 			 * to make this a non-zero value for the TDLS case where
5163 			 * a stub STA entry is used for now and for a station
5164 			 * that is still not associated.
5165 			 */
5166 			wpa_printf(MSG_DEBUG, "  * aid=1 (%s workaround)",
5167 				   (params->flags & WPA_STA_TDLS_PEER) ?
5168 				   "TDLS" : "UNASSOC_STA");
5169 			if (nla_put_u16(msg, NL80211_ATTR_STA_AID, 1))
5170 				goto fail;
5171 		}
5172 		wpa_printf(MSG_DEBUG, "  * listen_interval=%u",
5173 			   params->listen_interval);
5174 		if (nla_put_u16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
5175 				params->listen_interval))
5176 			goto fail;
5177 	} else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) {
5178 		wpa_printf(MSG_DEBUG, "  * peer_aid=%u", params->aid);
5179 		if (nla_put_u16(msg, NL80211_ATTR_PEER_AID, params->aid))
5180 			goto fail;
5181 	} else if (FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags) &&
5182 		   (params->flags & WPA_STA_ASSOCIATED)) {
5183 		wpa_printf(MSG_DEBUG, "  * aid=%u", params->aid);
5184 		wpa_printf(MSG_DEBUG, "  * listen_interval=%u",
5185 			   params->listen_interval);
5186 		if (nla_put_u16(msg, NL80211_ATTR_STA_AID, params->aid) ||
5187 		    nla_put_u16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
5188 				params->listen_interval))
5189 			goto fail;
5190 	}
5191 
5192 	if (params->vht_opmode_enabled) {
5193 		wpa_printf(MSG_DEBUG, "  * opmode=%u", params->vht_opmode);
5194 		if (nla_put_u8(msg, NL80211_ATTR_OPMODE_NOTIF,
5195 			       params->vht_opmode))
5196 			goto fail;
5197 	}
5198 
5199 	if (params->supp_channels) {
5200 		wpa_hexdump(MSG_DEBUG, "  * supported channels",
5201 			    params->supp_channels, params->supp_channels_len);
5202 		if (nla_put(msg, NL80211_ATTR_STA_SUPPORTED_CHANNELS,
5203 			    params->supp_channels_len, params->supp_channels))
5204 			goto fail;
5205 	}
5206 
5207 	if (params->supp_oper_classes) {
5208 		wpa_hexdump(MSG_DEBUG, "  * supported operating classes",
5209 			    params->supp_oper_classes,
5210 			    params->supp_oper_classes_len);
5211 		if (nla_put(msg, NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES,
5212 			    params->supp_oper_classes_len,
5213 			    params->supp_oper_classes))
5214 			goto fail;
5215 	}
5216 
5217 	os_memset(&upd, 0, sizeof(upd));
5218 	upd.set = sta_flags_nl80211(params->flags);
5219 	upd.mask = upd.set | sta_flags_nl80211(params->flags_mask);
5220 
5221 	/*
5222 	 * If the driver doesn't support full AP client state, ignore ASSOC/AUTH
5223 	 * flags, as nl80211 driver moves a new station, by default, into
5224 	 * associated state.
5225 	 *
5226 	 * On the other hand, if the driver supports that feature and the
5227 	 * station is added in unauthenticated state, set the
5228 	 * authenticated/associated bits in the mask to prevent moving this
5229 	 * station to associated state before it is actually associated.
5230 	 *
5231 	 * This is irrelevant for mesh mode where the station is added to the
5232 	 * driver as authenticated already, and ASSOCIATED isn't part of the
5233 	 * nl80211 API.
5234 	 */
5235 	if (!is_mesh_interface(drv->nlmode)) {
5236 		if (!FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags)) {
5237 			wpa_printf(MSG_DEBUG,
5238 				   "nl80211: Ignore ASSOC/AUTH flags since driver doesn't support full AP client state");
5239 			upd.mask &= ~(BIT(NL80211_STA_FLAG_ASSOCIATED) |
5240 				      BIT(NL80211_STA_FLAG_AUTHENTICATED));
5241 		} else if (!params->set &&
5242 			   !(params->flags & WPA_STA_TDLS_PEER)) {
5243 			if (!(params->flags & WPA_STA_AUTHENTICATED))
5244 				upd.mask |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
5245 			if (!(params->flags & WPA_STA_ASSOCIATED))
5246 				upd.mask |= BIT(NL80211_STA_FLAG_ASSOCIATED);
5247 		}
5248 #ifdef CONFIG_MESH
5249 	} else {
5250 		if (params->plink_state == PLINK_ESTAB && params->peer_aid) {
5251 			ret = nla_put_u16(msg, NL80211_ATTR_MESH_PEER_AID,
5252 					  params->peer_aid);
5253 			if (ret)
5254 				goto fail;
5255 		}
5256 #endif /* CONFIG_MESH */
5257 	}
5258 
5259 	wpa_printf(MSG_DEBUG, "  * flags set=0x%x mask=0x%x",
5260 		   upd.set, upd.mask);
5261 	if (nla_put(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd))
5262 		goto fail;
5263 
5264 #ifdef CONFIG_MESH
5265 	if (params->plink_state &&
5266 	    nla_put_u8(msg, NL80211_ATTR_STA_PLINK_STATE,
5267 		       sta_plink_state_nl80211(params->plink_state)))
5268 		goto fail;
5269 #endif /* CONFIG_MESH */
5270 
5271 	if ((!params->set || (params->flags & WPA_STA_TDLS_PEER) ||
5272 	     FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags)) &&
5273 	     (params->flags & WPA_STA_WMM)) {
5274 		struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME);
5275 
5276 		wpa_printf(MSG_DEBUG, "  * qosinfo=0x%x", params->qosinfo);
5277 		if (!wme ||
5278 		    nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
5279 			       params->qosinfo & WMM_QOSINFO_STA_AC_MASK) ||
5280 		    nla_put_u8(msg, NL80211_STA_WME_MAX_SP,
5281 			       (params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) &
5282 			       WMM_QOSINFO_STA_SP_MASK))
5283 			goto fail;
5284 		nla_nest_end(msg, wme);
5285 	}
5286 
5287 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
5288 	msg = NULL;
5289 	if (ret)
5290 		wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION "
5291 			   "result: %d (%s)", params->set ? "SET" : "NEW", ret,
5292 			   strerror(-ret));
5293 	if (ret == -EEXIST)
5294 		ret = 0;
5295 fail:
5296 	nlmsg_free(msg);
5297 	return ret;
5298 }
5299 
5300 
5301 static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
5302 {
5303 #ifdef CONFIG_LIBNL3_ROUTE
5304 	struct wpa_driver_nl80211_data *drv = bss->drv;
5305 	struct rtnl_neigh *rn;
5306 	struct nl_addr *nl_addr;
5307 	int err;
5308 
5309 	rn = rtnl_neigh_alloc();
5310 	if (!rn)
5311 		return;
5312 
5313 	rtnl_neigh_set_family(rn, AF_BRIDGE);
5314 	rtnl_neigh_set_ifindex(rn, bss->ifindex);
5315 	nl_addr = nl_addr_build(AF_BRIDGE, (void *) addr, ETH_ALEN);
5316 	if (!nl_addr) {
5317 		rtnl_neigh_put(rn);
5318 		return;
5319 	}
5320 	rtnl_neigh_set_lladdr(rn, nl_addr);
5321 
5322 	err = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
5323 	if (err < 0) {
5324 		wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
5325 			   MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
5326 			   bss->ifindex, nl_geterror(err));
5327 	} else {
5328 		wpa_printf(MSG_DEBUG, "nl80211: deleted bridge FDB entry for "
5329 			   MACSTR, MAC2STR(addr));
5330 	}
5331 
5332 	nl_addr_put(nl_addr);
5333 	rtnl_neigh_put(rn);
5334 #endif /* CONFIG_LIBNL3_ROUTE */
5335 }
5336 
5337 
5338 static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr,
5339 					 int deauth, u16 reason_code)
5340 {
5341 	struct wpa_driver_nl80211_data *drv = bss->drv;
5342 	struct nl_msg *msg;
5343 	int ret;
5344 
5345 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_STATION)) ||
5346 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
5347 	    (deauth == 0 &&
5348 	     nla_put_u8(msg, NL80211_ATTR_MGMT_SUBTYPE,
5349 			WLAN_FC_STYPE_DISASSOC)) ||
5350 	    (deauth == 1 &&
5351 	     nla_put_u8(msg, NL80211_ATTR_MGMT_SUBTYPE,
5352 			WLAN_FC_STYPE_DEAUTH)) ||
5353 	    (reason_code &&
5354 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code))) {
5355 		nlmsg_free(msg);
5356 		return -ENOBUFS;
5357 	}
5358 
5359 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
5360 	wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR
5361 		   " --> %d (%s)",
5362 		   bss->ifname, MAC2STR(addr), ret, strerror(-ret));
5363 
5364 	if (drv->rtnl_sk)
5365 		rtnl_neigh_delete_fdb_entry(bss, addr);
5366 
5367 	if (ret == -ENOENT)
5368 		return 0;
5369 	return ret;
5370 }
5371 
5372 
5373 void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, int ifidx)
5374 {
5375 	struct nl_msg *msg;
5376 	struct wpa_driver_nl80211_data *drv2;
5377 
5378 	wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
5379 
5380 	/* stop listening for EAPOL on this interface */
5381 	dl_list_for_each(drv2, &drv->global->interfaces,
5382 			 struct wpa_driver_nl80211_data, list)
5383 	{
5384 		del_ifidx(drv2, ifidx, IFIDX_ANY);
5385 		/* Remove all bridges learned for this iface */
5386 		del_ifidx(drv2, IFIDX_ANY, ifidx);
5387 	}
5388 
5389 	msg = nl80211_ifindex_msg(drv, ifidx, 0, NL80211_CMD_DEL_INTERFACE);
5390 	if (send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL) == 0)
5391 		return;
5392 	wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
5393 }
5394 
5395 
5396 const char * nl80211_iftype_str(enum nl80211_iftype mode)
5397 {
5398 	switch (mode) {
5399 	case NL80211_IFTYPE_ADHOC:
5400 		return "ADHOC";
5401 	case NL80211_IFTYPE_STATION:
5402 		return "STATION";
5403 	case NL80211_IFTYPE_AP:
5404 		return "AP";
5405 	case NL80211_IFTYPE_AP_VLAN:
5406 		return "AP_VLAN";
5407 	case NL80211_IFTYPE_WDS:
5408 		return "WDS";
5409 	case NL80211_IFTYPE_MONITOR:
5410 		return "MONITOR";
5411 	case NL80211_IFTYPE_MESH_POINT:
5412 		return "MESH_POINT";
5413 	case NL80211_IFTYPE_P2P_CLIENT:
5414 		return "P2P_CLIENT";
5415 	case NL80211_IFTYPE_P2P_GO:
5416 		return "P2P_GO";
5417 	case NL80211_IFTYPE_P2P_DEVICE:
5418 		return "P2P_DEVICE";
5419 	case NL80211_IFTYPE_OCB:
5420 		return "OCB";
5421 	case NL80211_IFTYPE_NAN:
5422 		return "NAN";
5423 	default:
5424 		return "unknown";
5425 	}
5426 }
5427 
5428 
5429 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
5430 				     const char *ifname,
5431 				     enum nl80211_iftype iftype,
5432 				     const u8 *addr, int wds,
5433 				     int (*handler)(struct nl_msg *, void *),
5434 				     void *arg)
5435 {
5436 	struct nl_msg *msg;
5437 	int ifidx;
5438 	int ret = -ENOBUFS;
5439 
5440 	wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)",
5441 		   iftype, nl80211_iftype_str(iftype));
5442 
5443 	msg = nl80211_cmd_msg(drv->first_bss, 0, NL80211_CMD_NEW_INTERFACE);
5444 	if (!msg ||
5445 	    nla_put_string(msg, NL80211_ATTR_IFNAME, ifname) ||
5446 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, iftype))
5447 		goto fail;
5448 
5449 	if (iftype == NL80211_IFTYPE_MONITOR) {
5450 		struct nlattr *flags;
5451 
5452 		flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS);
5453 		if (!flags ||
5454 		    nla_put_flag(msg, NL80211_MNTR_FLAG_COOK_FRAMES))
5455 			goto fail;
5456 
5457 		nla_nest_end(msg, flags);
5458 	} else if (wds) {
5459 		if (nla_put_u8(msg, NL80211_ATTR_4ADDR, wds))
5460 			goto fail;
5461 	}
5462 
5463 	/*
5464 	 * Tell cfg80211 that the interface belongs to the socket that created
5465 	 * it, and the interface should be deleted when the socket is closed.
5466 	 */
5467 	if (nla_put_flag(msg, NL80211_ATTR_IFACE_SOCKET_OWNER))
5468 		goto fail;
5469 
5470 	if ((addr && iftype == NL80211_IFTYPE_P2P_DEVICE) &&
5471 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
5472 		goto fail;
5473 
5474 	ret = send_and_recv_msgs(drv, msg, handler, arg, NULL, NULL);
5475 	msg = NULL;
5476 	if (ret) {
5477 	fail:
5478 		nlmsg_free(msg);
5479 		wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
5480 			   ifname, ret, strerror(-ret));
5481 		return ret;
5482 	}
5483 
5484 	if (iftype == NL80211_IFTYPE_P2P_DEVICE)
5485 		return 0;
5486 
5487 	ifidx = if_nametoindex(ifname);
5488 	wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
5489 		   ifname, ifidx);
5490 
5491 	if (ifidx <= 0)
5492 		return -1;
5493 
5494 	/*
5495 	 * Some virtual interfaces need to process EAPOL packets and events on
5496 	 * the parent interface. This is used mainly with hostapd.
5497 	 */
5498 	if (drv->hostapd ||
5499 	    iftype == NL80211_IFTYPE_AP_VLAN ||
5500 	    iftype == NL80211_IFTYPE_WDS ||
5501 	    iftype == NL80211_IFTYPE_MONITOR) {
5502 		/* start listening for EAPOL on this interface */
5503 		add_ifidx(drv, ifidx, IFIDX_ANY);
5504 	}
5505 
5506 	if (addr && iftype != NL80211_IFTYPE_MONITOR &&
5507 	    linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) {
5508 		nl80211_remove_iface(drv, ifidx);
5509 		return -1;
5510 	}
5511 
5512 	return ifidx;
5513 }
5514 
5515 
5516 int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
5517 			 const char *ifname, enum nl80211_iftype iftype,
5518 			 const u8 *addr, int wds,
5519 			 int (*handler)(struct nl_msg *, void *),
5520 			 void *arg, int use_existing)
5521 {
5522 	int ret;
5523 
5524 	ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler,
5525 					arg);
5526 
5527 	/* if error occurred and interface exists already */
5528 	if (ret == -ENFILE && if_nametoindex(ifname)) {
5529 		if (use_existing) {
5530 			wpa_printf(MSG_DEBUG, "nl80211: Continue using existing interface %s",
5531 				   ifname);
5532 			if (addr && iftype != NL80211_IFTYPE_MONITOR &&
5533 			    linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
5534 					       addr) < 0 &&
5535 			    (linux_set_iface_flags(drv->global->ioctl_sock,
5536 						   ifname, 0) < 0 ||
5537 			     linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
5538 						addr) < 0 ||
5539 			     linux_set_iface_flags(drv->global->ioctl_sock,
5540 						   ifname, 1) < 0))
5541 					return -1;
5542 			return -ENFILE;
5543 		}
5544 		wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
5545 
5546 		/* Try to remove the interface that was already there. */
5547 		nl80211_remove_iface(drv, if_nametoindex(ifname));
5548 
5549 		/* Try to create the interface again */
5550 		ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
5551 						wds, handler, arg);
5552 	}
5553 
5554 	if (ret >= 0 && is_p2p_net_interface(iftype)) {
5555 		wpa_printf(MSG_DEBUG,
5556 			   "nl80211: Interface %s created for P2P - disable 11b rates",
5557 			   ifname);
5558 		nl80211_disable_11b_rates(drv, ret, 1);
5559 	}
5560 
5561 	return ret;
5562 }
5563 
5564 
5565 static int nl80211_setup_ap(struct i802_bss *bss)
5566 {
5567 	struct wpa_driver_nl80211_data *drv = bss->drv;
5568 
5569 	wpa_printf(MSG_DEBUG, "nl80211: Setup AP(%s) - device_ap_sme=%d use_monitor=%d",
5570 		   bss->ifname, drv->device_ap_sme, drv->use_monitor);
5571 
5572 	/*
5573 	 * Disable Probe Request reporting unless we need it in this way for
5574 	 * devices that include the AP SME, in the other case (unless using
5575 	 * monitor iface) we'll get it through the nl_mgmt socket instead.
5576 	 */
5577 	if (!drv->device_ap_sme)
5578 		wpa_driver_nl80211_probe_req_report(bss, 0);
5579 
5580 	if (!drv->device_ap_sme && !drv->use_monitor)
5581 		if (nl80211_mgmt_subscribe_ap(bss))
5582 			return -1;
5583 
5584 	if (drv->device_ap_sme && !drv->use_monitor)
5585 		if (nl80211_mgmt_subscribe_ap_dev_sme(bss))
5586 			wpa_printf(MSG_DEBUG,
5587 				   "nl80211: Failed to subscribe for mgmt frames from SME driver - trying to run without it");
5588 
5589 	if (!drv->device_ap_sme && drv->use_monitor &&
5590 	    nl80211_create_monitor_interface(drv) &&
5591 	    !drv->device_ap_sme)
5592 		return -1;
5593 
5594 	if (drv->device_ap_sme &&
5595 	    wpa_driver_nl80211_probe_req_report(bss, 1) < 0) {
5596 		wpa_printf(MSG_DEBUG, "nl80211: Failed to enable "
5597 			   "Probe Request frame reporting in AP mode");
5598 		/* Try to survive without this */
5599 	}
5600 
5601 	return 0;
5602 }
5603 
5604 
5605 static void nl80211_teardown_ap(struct i802_bss *bss)
5606 {
5607 	struct wpa_driver_nl80211_data *drv = bss->drv;
5608 
5609 	wpa_printf(MSG_DEBUG, "nl80211: Teardown AP(%s) - device_ap_sme=%d use_monitor=%d",
5610 		   bss->ifname, drv->device_ap_sme, drv->use_monitor);
5611 	if (drv->device_ap_sme) {
5612 		wpa_driver_nl80211_probe_req_report(bss, 0);
5613 		if (!drv->use_monitor)
5614 			nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)");
5615 	} else if (drv->use_monitor)
5616 		nl80211_remove_monitor_interface(drv);
5617 	else
5618 		nl80211_mgmt_unsubscribe(bss, "AP teardown");
5619 
5620 	nl80211_put_wiphy_data_ap(bss);
5621 	bss->beacon_set = 0;
5622 }
5623 
5624 
5625 static int nl80211_tx_control_port(void *priv, const u8 *dest,
5626 				   u16 proto, const u8 *buf, size_t len,
5627 				   int no_encrypt)
5628 {
5629 	struct nl80211_ack_ext_arg ext_arg;
5630 	struct i802_bss *bss = priv;
5631 	struct nl_msg *msg;
5632 	u64 cookie = 0;
5633 	int ret;
5634 
5635 	wpa_printf(MSG_DEBUG,
5636 		   "nl80211: Send over control port dest=" MACSTR
5637 		   " proto=0x%04x len=%u no_encrypt=%d",
5638 		   MAC2STR(dest), proto, (unsigned int) len, no_encrypt);
5639 
5640 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_CONTROL_PORT_FRAME);
5641 	if (!msg ||
5642 	    nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
5643 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dest) ||
5644 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
5645 	    (no_encrypt &&
5646 	     nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))) {
5647 		nlmsg_free(msg);
5648 		return -ENOBUFS;
5649 	}
5650 
5651 	os_memset(&ext_arg, 0, sizeof(struct nl80211_ack_ext_arg));
5652 	ext_arg.ext_data = &cookie;
5653 	ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL,
5654 				 ack_handler_cookie, &ext_arg);
5655 	if (ret) {
5656 		wpa_printf(MSG_DEBUG,
5657 			   "nl80211: tx_control_port failed: ret=%d (%s)",
5658 			   ret, strerror(-ret));
5659 	} else {
5660 		struct wpa_driver_nl80211_data *drv = bss->drv;
5661 
5662 		wpa_printf(MSG_DEBUG,
5663 			   "nl80211: tx_control_port cookie=0x%llx",
5664 			   (long long unsigned int) cookie);
5665 		drv->eapol_tx_cookie = cookie;
5666 	}
5667 
5668 	return ret;
5669 }
5670 
5671 
5672 static int nl80211_send_eapol_data(struct i802_bss *bss,
5673 				   const u8 *addr, const u8 *data,
5674 				   size_t data_len)
5675 {
5676 	struct sockaddr_ll ll;
5677 	int ret;
5678 
5679 	if (bss->drv->eapol_tx_sock < 0) {
5680 		wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL");
5681 		return -1;
5682 	}
5683 
5684 	os_memset(&ll, 0, sizeof(ll));
5685 	ll.sll_family = AF_PACKET;
5686 	ll.sll_ifindex = bss->ifindex;
5687 	ll.sll_protocol = htons(ETH_P_PAE);
5688 	ll.sll_halen = ETH_ALEN;
5689 	os_memcpy(ll.sll_addr, addr, ETH_ALEN);
5690 	ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0,
5691 		     (struct sockaddr *) &ll, sizeof(ll));
5692 	if (ret < 0)
5693 		wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s",
5694 			   strerror(errno));
5695 
5696 	return ret;
5697 }
5698 
5699 
5700 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
5701 
5702 static int wpa_driver_nl80211_hapd_send_eapol(
5703 	void *priv, const u8 *addr, const u8 *data,
5704 	size_t data_len, int encrypt, const u8 *own_addr, u32 flags)
5705 {
5706 	struct i802_bss *bss = priv;
5707 	struct wpa_driver_nl80211_data *drv = bss->drv;
5708 	struct ieee80211_hdr *hdr;
5709 	size_t len;
5710 	u8 *pos;
5711 	int res;
5712 	int qos = flags & WPA_STA_WMM;
5713 
5714 	/* For now, disable EAPOL TX over control port in AP mode by default
5715 	 * since it does not provide TX status notifications. */
5716 	if (drv->control_port_ap &&
5717 	    (drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT))
5718 		return nl80211_tx_control_port(bss, addr, ETH_P_EAPOL,
5719 					       data, data_len, !encrypt);
5720 
5721 	if (drv->device_ap_sme || !drv->use_monitor)
5722 		return nl80211_send_eapol_data(bss, addr, data, data_len);
5723 
5724 	len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
5725 		data_len;
5726 	hdr = os_zalloc(len);
5727 	if (hdr == NULL) {
5728 		wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)",
5729 			   (unsigned long) len);
5730 		return -1;
5731 	}
5732 
5733 	hdr->frame_control =
5734 		IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
5735 	hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
5736 	if (encrypt)
5737 		hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
5738 	if (qos) {
5739 		hdr->frame_control |=
5740 			host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
5741 	}
5742 
5743 	memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
5744 	memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
5745 	memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
5746 	pos = (u8 *) (hdr + 1);
5747 
5748 	if (qos) {
5749 		/* Set highest priority in QoS header */
5750 		pos[0] = 7;
5751 		pos[1] = 0;
5752 		pos += 2;
5753 	}
5754 
5755 	memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
5756 	pos += sizeof(rfc1042_header);
5757 	WPA_PUT_BE16(pos, ETH_P_PAE);
5758 	pos += 2;
5759 	memcpy(pos, data, data_len);
5760 
5761 	res = nl80211_send_monitor(drv, hdr, len, encrypt, 0);
5762 	if (res < 0) {
5763 		wpa_printf(MSG_ERROR,
5764 			   "hapd_send_eapol - packet len: %lu - failed",
5765 			   (unsigned long) len);
5766 	}
5767 	os_free(hdr);
5768 
5769 	return res;
5770 }
5771 
5772 
5773 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
5774 					    unsigned int total_flags,
5775 					    unsigned int flags_or,
5776 					    unsigned int flags_and)
5777 {
5778 	struct i802_bss *bss = priv;
5779 	struct nl_msg *msg;
5780 	struct nlattr *flags;
5781 	struct nl80211_sta_flag_update upd;
5782 
5783 	wpa_printf(MSG_DEBUG, "nl80211: Set STA flags - ifname=%s addr=" MACSTR
5784 		   " total_flags=0x%x flags_or=0x%x flags_and=0x%x authorized=%d",
5785 		   bss->ifname, MAC2STR(addr), total_flags, flags_or, flags_and,
5786 		   !!(total_flags & WPA_STA_AUTHORIZED));
5787 
5788 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
5789 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
5790 		goto fail;
5791 
5792 	/*
5793 	 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
5794 	 * can be removed eventually.
5795 	 */
5796 	flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS);
5797 	if (!flags ||
5798 	    ((total_flags & WPA_STA_AUTHORIZED) &&
5799 	     nla_put_flag(msg, NL80211_STA_FLAG_AUTHORIZED)) ||
5800 	    ((total_flags & WPA_STA_WMM) &&
5801 	     nla_put_flag(msg, NL80211_STA_FLAG_WME)) ||
5802 	    ((total_flags & WPA_STA_SHORT_PREAMBLE) &&
5803 	     nla_put_flag(msg, NL80211_STA_FLAG_SHORT_PREAMBLE)) ||
5804 	    ((total_flags & WPA_STA_MFP) &&
5805 	     nla_put_flag(msg, NL80211_STA_FLAG_MFP)) ||
5806 	    ((total_flags & WPA_STA_TDLS_PEER) &&
5807 	     nla_put_flag(msg, NL80211_STA_FLAG_TDLS_PEER)))
5808 		goto fail;
5809 
5810 	nla_nest_end(msg, flags);
5811 
5812 	os_memset(&upd, 0, sizeof(upd));
5813 	upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
5814 	upd.set = sta_flags_nl80211(flags_or);
5815 	if (nla_put(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd))
5816 		goto fail;
5817 
5818 	return send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
5819 fail:
5820 	nlmsg_free(msg);
5821 	return -ENOBUFS;
5822 }
5823 
5824 
5825 static int driver_nl80211_sta_set_airtime_weight(void *priv, const u8 *addr,
5826 						 unsigned int weight)
5827 {
5828 	struct i802_bss *bss = priv;
5829 	struct nl_msg *msg;
5830 	int ret;
5831 
5832 	wpa_printf(MSG_DEBUG,
5833 		   "nl80211: Set STA airtime weight - ifname=%s addr=" MACSTR
5834 		   " weight=%u", bss->ifname, MAC2STR(addr), weight);
5835 
5836 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
5837 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
5838 	    nla_put_u16(msg, NL80211_ATTR_AIRTIME_WEIGHT, weight))
5839 		goto fail;
5840 
5841 	ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
5842 	if (ret) {
5843 		wpa_printf(MSG_DEBUG,
5844 			   "nl80211: SET_STATION[AIRTIME_WEIGHT] failed: ret=%d (%s)",
5845 			   ret, strerror(-ret));
5846 	}
5847 	return ret;
5848 fail:
5849 	nlmsg_free(msg);
5850 	return -ENOBUFS;
5851 }
5852 
5853 
5854 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
5855 				 struct wpa_driver_associate_params *params)
5856 {
5857 	enum nl80211_iftype nlmode, old_mode;
5858 
5859 	if (params->p2p) {
5860 		wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P "
5861 			   "group (GO)");
5862 		nlmode = NL80211_IFTYPE_P2P_GO;
5863 	} else
5864 		nlmode = NL80211_IFTYPE_AP;
5865 
5866 	old_mode = drv->nlmode;
5867 	if (wpa_driver_nl80211_set_mode(drv->first_bss, nlmode)) {
5868 		nl80211_remove_monitor_interface(drv);
5869 		return -1;
5870 	}
5871 
5872 	if (params->freq.freq &&
5873 	    nl80211_set_channel(drv->first_bss, &params->freq, 0)) {
5874 		if (old_mode != nlmode)
5875 			wpa_driver_nl80211_set_mode(drv->first_bss, old_mode);
5876 		nl80211_remove_monitor_interface(drv);
5877 		return -1;
5878 	}
5879 
5880 	return 0;
5881 }
5882 
5883 
5884 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv,
5885 			      int reset_mode)
5886 {
5887 	struct nl_msg *msg;
5888 	int ret;
5889 
5890 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_IBSS);
5891 	ret = send_and_recv_msgs_connect_handle(drv, msg, drv->first_bss, 1);
5892 	if (ret) {
5893 		wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
5894 			   "(%s)", ret, strerror(-ret));
5895 	} else {
5896 		wpa_printf(MSG_DEBUG,
5897 			   "nl80211: Leave IBSS request sent successfully");
5898 	}
5899 
5900 	if (reset_mode &&
5901 	    wpa_driver_nl80211_set_mode(drv->first_bss,
5902 					NL80211_IFTYPE_STATION)) {
5903 		wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
5904 			   "station mode");
5905 	}
5906 
5907 	return ret;
5908 }
5909 
5910 
5911 static int nl80211_ht_vht_overrides(struct nl_msg *msg,
5912 				    struct wpa_driver_associate_params *params)
5913 {
5914 	if (params->disable_ht && nla_put_flag(msg, NL80211_ATTR_DISABLE_HT))
5915 		return -1;
5916 
5917 	if (params->htcaps && params->htcaps_mask) {
5918 		int sz = sizeof(struct ieee80211_ht_capabilities);
5919 		wpa_hexdump(MSG_DEBUG, "  * htcaps", params->htcaps, sz);
5920 		wpa_hexdump(MSG_DEBUG, "  * htcaps_mask",
5921 			    params->htcaps_mask, sz);
5922 		if (nla_put(msg, NL80211_ATTR_HT_CAPABILITY, sz,
5923 			    params->htcaps) ||
5924 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz,
5925 			    params->htcaps_mask))
5926 			return -1;
5927 	}
5928 
5929 #ifdef CONFIG_VHT_OVERRIDES
5930 	if (params->disable_vht) {
5931 		wpa_printf(MSG_DEBUG, "  * VHT disabled");
5932 		if (nla_put_flag(msg, NL80211_ATTR_DISABLE_VHT))
5933 			return -1;
5934 	}
5935 
5936 	if (params->vhtcaps && params->vhtcaps_mask) {
5937 		int sz = sizeof(struct ieee80211_vht_capabilities);
5938 		wpa_hexdump(MSG_DEBUG, "  * vhtcaps", params->vhtcaps, sz);
5939 		wpa_hexdump(MSG_DEBUG, "  * vhtcaps_mask",
5940 			    params->vhtcaps_mask, sz);
5941 		if (nla_put(msg, NL80211_ATTR_VHT_CAPABILITY, sz,
5942 			    params->vhtcaps) ||
5943 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz,
5944 			    params->vhtcaps_mask))
5945 			return -1;
5946 	}
5947 #endif /* CONFIG_VHT_OVERRIDES */
5948 
5949 #ifdef CONFIG_HE_OVERRIDES
5950 	if (params->disable_he) {
5951 		wpa_printf(MSG_DEBUG, "  * HE disabled");
5952 		if (nla_put_flag(msg, NL80211_ATTR_DISABLE_HE))
5953 			return -1;
5954 	}
5955 #endif /* CONFIG_HE_OVERRIDES */
5956 
5957 	return 0;
5958 }
5959 
5960 
5961 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
5962 				   struct wpa_driver_associate_params *params)
5963 {
5964 	struct nl_msg *msg;
5965 	int ret = -1;
5966 	int count = 0;
5967 
5968 	wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
5969 
5970 	if (wpa_driver_nl80211_set_mode_ibss(drv->first_bss, &params->freq)) {
5971 		wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
5972 			   "IBSS mode");
5973 		return -1;
5974 	}
5975 
5976 retry:
5977 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_JOIN_IBSS)) ||
5978 	    params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
5979 		goto fail;
5980 
5981 	wpa_printf(MSG_DEBUG, "  * SSID=%s",
5982 		   wpa_ssid_txt(params->ssid, params->ssid_len));
5983 	if (nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid))
5984 		goto fail;
5985 	os_memcpy(drv->ssid, params->ssid, params->ssid_len);
5986 	drv->ssid_len = params->ssid_len;
5987 
5988 	if (nl80211_put_freq_params(msg, &params->freq) < 0 ||
5989 	    nl80211_put_beacon_int(msg, params->beacon_int))
5990 		goto fail;
5991 
5992 	ret = nl80211_set_conn_keys(params, msg);
5993 	if (ret)
5994 		goto fail;
5995 
5996 	if (params->bssid && params->fixed_bssid) {
5997 		wpa_printf(MSG_DEBUG, "  * BSSID=" MACSTR,
5998 			   MAC2STR(params->bssid));
5999 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
6000 			goto fail;
6001 	}
6002 
6003 	if (params->fixed_freq) {
6004 		wpa_printf(MSG_DEBUG, "  * fixed_freq");
6005 		if (nla_put_flag(msg, NL80211_ATTR_FREQ_FIXED))
6006 			goto fail;
6007 	}
6008 
6009 	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
6010 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
6011 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
6012 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) {
6013 		wpa_printf(MSG_DEBUG, "  * control port");
6014 		if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT))
6015 			goto fail;
6016 	}
6017 
6018 	if (params->wpa_ie) {
6019 		wpa_hexdump(MSG_DEBUG,
6020 			    "  * Extra IEs for Beacon/Probe Response frames",
6021 			    params->wpa_ie, params->wpa_ie_len);
6022 		if (nla_put(msg, NL80211_ATTR_IE, params->wpa_ie_len,
6023 			    params->wpa_ie))
6024 			goto fail;
6025 	}
6026 
6027 	ret = nl80211_ht_vht_overrides(msg, params);
6028 	if (ret < 0)
6029 		goto fail;
6030 
6031 	ret = send_and_recv_msgs_connect_handle(drv, msg, drv->first_bss, 1);
6032 	msg = NULL;
6033 	if (ret) {
6034 		wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
6035 			   ret, strerror(-ret));
6036 		count++;
6037 		if (ret == -EALREADY && count == 1) {
6038 			wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
6039 				   "forced leave");
6040 			nl80211_leave_ibss(drv, 0);
6041 			nlmsg_free(msg);
6042 			goto retry;
6043 		}
6044 	} else {
6045 		wpa_printf(MSG_DEBUG,
6046 			   "nl80211: Join IBSS request sent successfully");
6047 	}
6048 
6049 fail:
6050 	nlmsg_free(msg);
6051 	return ret;
6052 }
6053 
6054 
6055 static int nl80211_put_fils_connect_params(struct wpa_driver_nl80211_data *drv,
6056 					   struct wpa_driver_associate_params *params,
6057 					   struct nl_msg *msg)
6058 {
6059 	if (params->fils_erp_username_len) {
6060 		wpa_hexdump_ascii(MSG_DEBUG, "  * FILS ERP EMSKname/username",
6061 				  params->fils_erp_username,
6062 				  params->fils_erp_username_len);
6063 		if (nla_put(msg, NL80211_ATTR_FILS_ERP_USERNAME,
6064 			    params->fils_erp_username_len,
6065 			    params->fils_erp_username))
6066 			return -1;
6067 	}
6068 
6069 	if (params->fils_erp_realm_len) {
6070 		wpa_hexdump_ascii(MSG_DEBUG, "  * FILS ERP Realm",
6071 				  params->fils_erp_realm,
6072 				  params->fils_erp_realm_len);
6073 		if (nla_put(msg, NL80211_ATTR_FILS_ERP_REALM,
6074 			    params->fils_erp_realm_len, params->fils_erp_realm))
6075 			return -1;
6076 	}
6077 
6078 	if (params->fils_erp_rrk_len) {
6079 		wpa_printf(MSG_DEBUG, "  * FILS ERP next seq %u",
6080 			   params->fils_erp_next_seq_num);
6081 		if (nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
6082 				params->fils_erp_next_seq_num))
6083 			return -1;
6084 
6085 		wpa_printf(MSG_DEBUG, "  * FILS ERP rRK (len=%lu)",
6086 			   (unsigned long) params->fils_erp_rrk_len);
6087 		if (nla_put(msg, NL80211_ATTR_FILS_ERP_RRK,
6088 			    params->fils_erp_rrk_len, params->fils_erp_rrk))
6089 			return -1;
6090 	}
6091 
6092 	return 0;
6093 }
6094 
6095 
6096 static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
6097 				  struct wpa_driver_associate_params *params,
6098 				  struct nl_msg *msg)
6099 {
6100 	if (nla_put_flag(msg, NL80211_ATTR_IFACE_SOCKET_OWNER))
6101 		return -1;
6102 
6103 	if (params->bssid) {
6104 		wpa_printf(MSG_DEBUG, "  * bssid=" MACSTR,
6105 			   MAC2STR(params->bssid));
6106 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
6107 			return -1;
6108 	}
6109 
6110 	if (params->bssid_hint) {
6111 		wpa_printf(MSG_DEBUG, "  * bssid_hint=" MACSTR,
6112 			   MAC2STR(params->bssid_hint));
6113 		if (nla_put(msg, NL80211_ATTR_MAC_HINT, ETH_ALEN,
6114 			    params->bssid_hint))
6115 			return -1;
6116 	}
6117 
6118 	if (params->freq.freq) {
6119 		wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq.freq);
6120 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
6121 				params->freq.freq))
6122 			return -1;
6123 		drv->assoc_freq = params->freq.freq;
6124 	} else
6125 		drv->assoc_freq = 0;
6126 
6127 	if (params->freq_hint) {
6128 		wpa_printf(MSG_DEBUG, "  * freq_hint=%d", params->freq_hint);
6129 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_HINT,
6130 				params->freq_hint))
6131 			return -1;
6132 	}
6133 
6134 	if (params->freq.edmg.channels && params->freq.edmg.bw_config) {
6135 		wpa_printf(MSG_DEBUG,
6136 			   "  * EDMG configuration: channels=0x%x bw_config=%d",
6137 			   params->freq.edmg.channels,
6138 			   params->freq.edmg.bw_config);
6139 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_CHANNELS,
6140 			       params->freq.edmg.channels) ||
6141 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_BW_CONFIG,
6142 			       params->freq.edmg.bw_config))
6143 			return -1;
6144 	}
6145 
6146 	if (params->bg_scan_period >= 0) {
6147 		wpa_printf(MSG_DEBUG, "  * bg scan period=%d",
6148 			   params->bg_scan_period);
6149 		if (nla_put_u16(msg, NL80211_ATTR_BG_SCAN_PERIOD,
6150 				params->bg_scan_period))
6151 			return -1;
6152 	}
6153 
6154 	if (params->ssid) {
6155 		wpa_printf(MSG_DEBUG, "  * SSID=%s",
6156 			   wpa_ssid_txt(params->ssid, params->ssid_len));
6157 		if (nla_put(msg, NL80211_ATTR_SSID, params->ssid_len,
6158 			    params->ssid))
6159 			return -1;
6160 		if (params->ssid_len > sizeof(drv->ssid))
6161 			return -1;
6162 		os_memcpy(drv->ssid, params->ssid, params->ssid_len);
6163 		drv->ssid_len = params->ssid_len;
6164 	}
6165 
6166 	wpa_hexdump(MSG_DEBUG, "  * IEs", params->wpa_ie, params->wpa_ie_len);
6167 	if (params->wpa_ie &&
6168 	    nla_put(msg, NL80211_ATTR_IE, params->wpa_ie_len, params->wpa_ie))
6169 		return -1;
6170 
6171 	if (params->wpa_proto) {
6172 		enum nl80211_wpa_versions ver = 0;
6173 
6174 		if (params->wpa_proto & WPA_PROTO_WPA)
6175 			ver |= NL80211_WPA_VERSION_1;
6176 		if (params->wpa_proto & WPA_PROTO_RSN)
6177 			ver |= NL80211_WPA_VERSION_2;
6178 
6179 		wpa_printf(MSG_DEBUG, "  * WPA Versions 0x%x", ver);
6180 		if (nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
6181 			return -1;
6182 	}
6183 
6184 	if (params->pairwise_suite != WPA_CIPHER_NONE) {
6185 		u32 cipher = wpa_cipher_to_cipher_suite(params->pairwise_suite);
6186 		wpa_printf(MSG_DEBUG, "  * pairwise=0x%x", cipher);
6187 		if (nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
6188 				cipher))
6189 			return -1;
6190 	}
6191 
6192 	if (params->group_suite == WPA_CIPHER_GTK_NOT_USED &&
6193 	    !(drv->capa.enc & WPA_DRIVER_CAPA_ENC_GTK_NOT_USED)) {
6194 		/*
6195 		 * This is likely to work even though many drivers do not
6196 		 * advertise support for operations without GTK.
6197 		 */
6198 		wpa_printf(MSG_DEBUG, "  * skip group cipher configuration for GTK_NOT_USED due to missing driver support advertisement");
6199 	} else if (params->group_suite != WPA_CIPHER_NONE) {
6200 		u32 cipher = wpa_cipher_to_cipher_suite(params->group_suite);
6201 		wpa_printf(MSG_DEBUG, "  * group=0x%x", cipher);
6202 		if (nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher))
6203 			return -1;
6204 	}
6205 
6206 	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
6207 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
6208 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X ||
6209 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK ||
6210 	    params->key_mgmt_suite == WPA_KEY_MGMT_CCKM ||
6211 	    params->key_mgmt_suite == WPA_KEY_MGMT_OSEN ||
6212 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
6213 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
6214 	    params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
6215 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE ||
6216 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
6217 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 ||
6218 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X_SHA384 ||
6219 	    params->key_mgmt_suite == WPA_KEY_MGMT_FILS_SHA256 ||
6220 	    params->key_mgmt_suite == WPA_KEY_MGMT_FILS_SHA384 ||
6221 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_FILS_SHA256 ||
6222 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_FILS_SHA384 ||
6223 	    params->key_mgmt_suite == WPA_KEY_MGMT_OWE ||
6224 	    params->key_mgmt_suite == WPA_KEY_MGMT_DPP) {
6225 		int mgmt = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
6226 
6227 		switch (params->key_mgmt_suite) {
6228 		case WPA_KEY_MGMT_CCKM:
6229 			mgmt = RSN_AUTH_KEY_MGMT_CCKM;
6230 			break;
6231 		case WPA_KEY_MGMT_IEEE8021X:
6232 			mgmt = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
6233 			break;
6234 		case WPA_KEY_MGMT_FT_IEEE8021X:
6235 			mgmt = RSN_AUTH_KEY_MGMT_FT_802_1X;
6236 			break;
6237 		case WPA_KEY_MGMT_FT_PSK:
6238 			mgmt = RSN_AUTH_KEY_MGMT_FT_PSK;
6239 			break;
6240 		case WPA_KEY_MGMT_IEEE8021X_SHA256:
6241 			mgmt = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
6242 			break;
6243 		case WPA_KEY_MGMT_PSK_SHA256:
6244 			mgmt = RSN_AUTH_KEY_MGMT_PSK_SHA256;
6245 			break;
6246 		case WPA_KEY_MGMT_OSEN:
6247 			mgmt = RSN_AUTH_KEY_MGMT_OSEN;
6248 			break;
6249 		case WPA_KEY_MGMT_SAE:
6250 			mgmt = RSN_AUTH_KEY_MGMT_SAE;
6251 			break;
6252 		case WPA_KEY_MGMT_FT_SAE:
6253 			mgmt = RSN_AUTH_KEY_MGMT_FT_SAE;
6254 			break;
6255 		case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
6256 			mgmt = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
6257 			break;
6258 		case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
6259 			mgmt = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
6260 			break;
6261 		case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
6262 			mgmt = RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384;
6263 			break;
6264 		case WPA_KEY_MGMT_FILS_SHA256:
6265 			mgmt = RSN_AUTH_KEY_MGMT_FILS_SHA256;
6266 			break;
6267 		case WPA_KEY_MGMT_FILS_SHA384:
6268 			mgmt = RSN_AUTH_KEY_MGMT_FILS_SHA384;
6269 			break;
6270 		case WPA_KEY_MGMT_FT_FILS_SHA256:
6271 			mgmt = RSN_AUTH_KEY_MGMT_FT_FILS_SHA256;
6272 			break;
6273 		case WPA_KEY_MGMT_FT_FILS_SHA384:
6274 			mgmt = RSN_AUTH_KEY_MGMT_FT_FILS_SHA384;
6275 			break;
6276 		case WPA_KEY_MGMT_OWE:
6277 			mgmt = RSN_AUTH_KEY_MGMT_OWE;
6278 			break;
6279 		case WPA_KEY_MGMT_DPP:
6280 			mgmt = RSN_AUTH_KEY_MGMT_DPP;
6281 			break;
6282 		case WPA_KEY_MGMT_PSK:
6283 		default:
6284 			mgmt = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
6285 			break;
6286 		}
6287 		wpa_printf(MSG_DEBUG, "  * akm=0x%x", mgmt);
6288 		if (nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, mgmt))
6289 			return -1;
6290 	}
6291 
6292 	if (params->req_handshake_offload &&
6293 	    (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)) {
6294 		    wpa_printf(MSG_DEBUG, "  * WANT_1X_4WAY_HS");
6295 		    if (nla_put_flag(msg, NL80211_ATTR_WANT_1X_4WAY_HS))
6296 			    return -1;
6297 	    }
6298 
6299 	/* Add PSK in case of 4-way handshake offload */
6300 	if (params->psk &&
6301 	    (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK)) {
6302 		wpa_hexdump_key(MSG_DEBUG, "  * PSK", params->psk, 32);
6303 		if (nla_put(msg, NL80211_ATTR_PMK, 32, params->psk))
6304 			return -1;
6305 	}
6306 
6307 	if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT))
6308 		return -1;
6309 
6310 	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
6311 	    (params->pairwise_suite == WPA_CIPHER_NONE ||
6312 	     params->pairwise_suite == WPA_CIPHER_WEP104 ||
6313 	     params->pairwise_suite == WPA_CIPHER_WEP40) &&
6314 	    (nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, ETH_P_PAE) ||
6315 	     nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
6316 		return -1;
6317 
6318 	if (params->rrm_used) {
6319 		u32 drv_rrm_flags = drv->capa.rrm_flags;
6320 		if ((!((drv_rrm_flags &
6321 			WPA_DRIVER_FLAGS_DS_PARAM_SET_IE_IN_PROBES) &&
6322 		       (drv_rrm_flags & WPA_DRIVER_FLAGS_QUIET)) &&
6323 		     !(drv_rrm_flags & WPA_DRIVER_FLAGS_SUPPORT_RRM)) ||
6324 		    nla_put_flag(msg, NL80211_ATTR_USE_RRM))
6325 			return -1;
6326 	}
6327 
6328 	if (nl80211_ht_vht_overrides(msg, params) < 0)
6329 		return -1;
6330 
6331 	if (params->p2p)
6332 		wpa_printf(MSG_DEBUG, "  * P2P group");
6333 
6334 	if (params->pbss) {
6335 		wpa_printf(MSG_DEBUG, "  * PBSS");
6336 		if (nla_put_flag(msg, NL80211_ATTR_PBSS))
6337 			return -1;
6338 	}
6339 
6340 	drv->connect_reassoc = 0;
6341 	if (params->prev_bssid) {
6342 		wpa_printf(MSG_DEBUG, "  * prev_bssid=" MACSTR,
6343 			   MAC2STR(params->prev_bssid));
6344 		if (nla_put(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
6345 			    params->prev_bssid))
6346 			return -1;
6347 		drv->connect_reassoc = 1;
6348 	}
6349 
6350 	if ((params->auth_alg & WPA_AUTH_ALG_FILS) &&
6351 	    nl80211_put_fils_connect_params(drv, params, msg) != 0)
6352 		return -1;
6353 
6354 	if ((params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
6355 	     params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) &&
6356 	    (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) &&
6357 	    nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT))
6358 		return -1;
6359 
6360 	return 0;
6361 }
6362 
6363 
6364 static int wpa_driver_nl80211_try_connect(
6365 	struct wpa_driver_nl80211_data *drv,
6366 	struct wpa_driver_associate_params *params,
6367 	struct i802_bss *bss)
6368 {
6369 	struct nl_msg *msg;
6370 	enum nl80211_auth_type type;
6371 	int ret;
6372 	int algs;
6373 
6374 #ifdef CONFIG_DRIVER_NL80211_QCA
6375 	if (params->req_key_mgmt_offload && params->psk &&
6376 	    (params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
6377 	     params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
6378 	     params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
6379 		wpa_printf(MSG_DEBUG, "nl80211: Key management set PSK");
6380 		ret = issue_key_mgmt_set_key(drv, params->psk, 32);
6381 		if (ret)
6382 			return ret;
6383 	}
6384 #endif /* CONFIG_DRIVER_NL80211_QCA */
6385 
6386 	wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
6387 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_CONNECT);
6388 	if (!msg)
6389 		return -1;
6390 
6391 	ret = nl80211_connect_common(drv, params, msg);
6392 	if (ret)
6393 		goto fail;
6394 
6395 	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
6396 	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
6397 		goto fail;
6398 
6399 	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_OPTIONAL &&
6400 	    (drv->capa.flags & WPA_DRIVER_FLAGS_MFP_OPTIONAL) &&
6401 	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_OPTIONAL))
6402 		goto fail;
6403 
6404 #ifdef CONFIG_SAE
6405 	if ((params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
6406 	     params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) &&
6407 	    nl80211_put_sae_pwe(msg, params->sae_pwe) < 0)
6408 		goto fail;
6409 #endif /* CONFIG_SAE */
6410 
6411 	algs = 0;
6412 	if (params->auth_alg & WPA_AUTH_ALG_OPEN)
6413 		algs++;
6414 	if (params->auth_alg & WPA_AUTH_ALG_SHARED)
6415 		algs++;
6416 	if (params->auth_alg & WPA_AUTH_ALG_LEAP)
6417 		algs++;
6418 	if (params->auth_alg & WPA_AUTH_ALG_FILS)
6419 		algs++;
6420 	if (params->auth_alg & WPA_AUTH_ALG_FT)
6421 		algs++;
6422 	if (algs > 1) {
6423 		wpa_printf(MSG_DEBUG, "  * Leave out Auth Type for automatic "
6424 			   "selection");
6425 		goto skip_auth_type;
6426 	}
6427 
6428 	type = get_nl_auth_type(params->auth_alg);
6429 	wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
6430 	if (type == NL80211_AUTHTYPE_MAX ||
6431 	    nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE, type))
6432 		goto fail;
6433 
6434 skip_auth_type:
6435 	ret = nl80211_set_conn_keys(params, msg);
6436 	if (ret)
6437 		goto fail;
6438 
6439 	ret = send_and_recv_msgs_connect_handle(drv, msg, bss, 1);
6440 	msg = NULL;
6441 	if (ret) {
6442 		wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
6443 			   "(%s)", ret, strerror(-ret));
6444 	} else {
6445 #ifdef CONFIG_DRIVER_NL80211_QCA
6446 		drv->roam_indication_done = false;
6447 #endif /* CONFIG_DRIVER_NL80211_QCA */
6448 		wpa_printf(MSG_DEBUG,
6449 			   "nl80211: Connect request send successfully");
6450 	}
6451 
6452 fail:
6453 	nl80211_nlmsg_clear(msg);
6454 	nlmsg_free(msg);
6455 	return ret;
6456 
6457 }
6458 
6459 
6460 static int wpa_driver_nl80211_connect(
6461 	struct wpa_driver_nl80211_data *drv,
6462 	struct wpa_driver_associate_params *params,
6463 	struct i802_bss *bss)
6464 {
6465 	int ret;
6466 
6467 	/* Store the connection attempted bssid for future use */
6468 	if (params->bssid)
6469 		os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN);
6470 	else
6471 		os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
6472 
6473 	ret = wpa_driver_nl80211_try_connect(drv, params, bss);
6474 	if (ret == -EALREADY) {
6475 		/*
6476 		 * cfg80211 does not currently accept new connections if
6477 		 * we are already connected. As a workaround, force
6478 		 * disconnection and try again.
6479 		 */
6480 		wpa_printf(MSG_DEBUG, "nl80211: Explicitly "
6481 			   "disconnecting before reassociation "
6482 			   "attempt");
6483 		if (wpa_driver_nl80211_disconnect(
6484 			    drv, WLAN_REASON_PREV_AUTH_NOT_VALID, bss))
6485 			return -1;
6486 		ret = wpa_driver_nl80211_try_connect(drv, params, bss);
6487 	}
6488 	return ret;
6489 }
6490 
6491 
6492 static int wpa_driver_nl80211_associate(
6493 	void *priv, struct wpa_driver_associate_params *params)
6494 {
6495 	struct i802_bss *bss = priv;
6496 	struct wpa_driver_nl80211_data *drv = bss->drv;
6497 	int ret = -1;
6498 	struct nl_msg *msg;
6499 
6500 	nl80211_unmask_11b_rates(bss);
6501 
6502 	if (params->mode == IEEE80211_MODE_AP)
6503 		return wpa_driver_nl80211_ap(drv, params);
6504 
6505 	if (params->mode == IEEE80211_MODE_IBSS)
6506 		return wpa_driver_nl80211_ibss(drv, params);
6507 
6508 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
6509 		enum nl80211_iftype nlmode = params->p2p ?
6510 			NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
6511 
6512 		if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
6513 			return -1;
6514 		if (params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
6515 		    params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE)
6516 			bss->use_nl_connect = 1;
6517 		else
6518 			bss->use_nl_connect = 0;
6519 
6520 		return wpa_driver_nl80211_connect(drv, params, bss);
6521 	}
6522 
6523 	nl80211_mark_disconnected(drv);
6524 
6525 	wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
6526 		   drv->ifindex);
6527 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_ASSOCIATE);
6528 	if (!msg)
6529 		return -1;
6530 
6531 	ret = nl80211_connect_common(drv, params, msg);
6532 	if (ret)
6533 		goto fail;
6534 
6535 	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
6536 	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
6537 		goto fail;
6538 
6539 	if (params->fils_kek) {
6540 		wpa_printf(MSG_DEBUG, "  * FILS KEK (len=%u)",
6541 			   (unsigned int) params->fils_kek_len);
6542 		if (nla_put(msg, NL80211_ATTR_FILS_KEK, params->fils_kek_len,
6543 			    params->fils_kek))
6544 			goto fail;
6545 	}
6546 	if (params->fils_nonces) {
6547 		wpa_hexdump(MSG_DEBUG, "  * FILS nonces (for AAD)",
6548 			    params->fils_nonces,
6549 			    params->fils_nonces_len);
6550 		if (nla_put(msg, NL80211_ATTR_FILS_NONCES,
6551 			    params->fils_nonces_len, params->fils_nonces))
6552 			goto fail;
6553 	}
6554 
6555 	ret = send_and_recv_msgs_connect_handle(drv, msg, drv->first_bss, 1);
6556 	msg = NULL;
6557 	if (ret) {
6558 		wpa_dbg(drv->ctx, MSG_DEBUG,
6559 			"nl80211: MLME command failed (assoc): ret=%d (%s)",
6560 			ret, strerror(-ret));
6561 		nl80211_dump_scan(drv);
6562 	} else {
6563 		wpa_printf(MSG_DEBUG,
6564 			   "nl80211: Association request send successfully");
6565 	}
6566 
6567 fail:
6568 	nlmsg_free(msg);
6569 	return ret;
6570 }
6571 
6572 
6573 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
6574 			    int ifindex, enum nl80211_iftype mode)
6575 {
6576 	struct nl_msg *msg;
6577 	int ret = -ENOBUFS;
6578 
6579 	wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)",
6580 		   ifindex, mode, nl80211_iftype_str(mode));
6581 
6582 	msg = nl80211_cmd_msg(drv->first_bss, 0, NL80211_CMD_SET_INTERFACE);
6583 	if (!msg || nla_put_u32(msg, NL80211_ATTR_IFTYPE, mode))
6584 		goto fail;
6585 
6586 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
6587 	msg = NULL;
6588 	if (!ret)
6589 		return 0;
6590 fail:
6591 	nlmsg_free(msg);
6592 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
6593 		   " %d (%s)", ifindex, mode, ret, strerror(-ret));
6594 	return ret;
6595 }
6596 
6597 
6598 static int wpa_driver_nl80211_set_mode_impl(
6599 		struct i802_bss *bss,
6600 		enum nl80211_iftype nlmode,
6601 		struct hostapd_freq_params *desired_freq_params)
6602 {
6603 	struct wpa_driver_nl80211_data *drv = bss->drv;
6604 	int ret = -1;
6605 	int i;
6606 	int was_ap = is_ap_interface(drv->nlmode);
6607 	int res;
6608 	int mode_switch_res;
6609 
6610 	if (TEST_FAIL())
6611 		return -1;
6612 
6613 	mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode);
6614 	if (mode_switch_res && nlmode == nl80211_get_ifmode(bss))
6615 		mode_switch_res = 0;
6616 
6617 	if (mode_switch_res == 0) {
6618 		drv->nlmode = nlmode;
6619 		ret = 0;
6620 		goto done;
6621 	}
6622 
6623 	if (mode_switch_res == -ENODEV)
6624 		return -1;
6625 
6626 	if (nlmode == drv->nlmode) {
6627 		wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
6628 			   "requested mode - ignore error");
6629 		ret = 0;
6630 		goto done; /* Already in the requested mode */
6631 	}
6632 
6633 	/* mac80211 doesn't allow mode changes while the device is up, so
6634 	 * take the device down, try to set the mode again, and bring the
6635 	 * device back up.
6636 	 */
6637 	wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
6638 		   "interface down");
6639 	for (i = 0; i < 10; i++) {
6640 		res = i802_set_iface_flags(bss, 0);
6641 		if (res == -EACCES || res == -ENODEV)
6642 			break;
6643 		if (res != 0) {
6644 			wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
6645 				   "interface down");
6646 			os_sleep(0, 100000);
6647 			continue;
6648 		}
6649 
6650 		/*
6651 		 * Setting the mode will fail for some drivers if the phy is
6652 		 * on a frequency that the mode is disallowed in.
6653 		 */
6654 		if (desired_freq_params) {
6655 			res = nl80211_set_channel(bss, desired_freq_params, 0);
6656 			if (res) {
6657 				wpa_printf(MSG_DEBUG,
6658 					   "nl80211: Failed to set frequency on interface");
6659 			}
6660 		}
6661 
6662 		if (i == 0 && was_ap && !is_ap_interface(nlmode) &&
6663 		    bss->brname[0] &&
6664 		    (bss->added_if_into_bridge || bss->already_in_bridge)) {
6665 			wpa_printf(MSG_DEBUG,
6666 				   "nl80211: Remove AP interface %s temporarily from the bridge %s to allow its mode to be set to STATION",
6667 				   bss->ifname, bss->brname);
6668 			if (linux_br_del_if(drv->global->ioctl_sock,
6669 					    bss->brname, bss->ifname) < 0)
6670 				wpa_printf(MSG_INFO,
6671 					   "nl80211: Failed to remove interface %s from bridge %s: %s",
6672 					   bss->ifname, bss->brname,
6673 					   strerror(errno));
6674 		}
6675 
6676 		/* Try to set the mode again while the interface is down */
6677 		mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode);
6678 		if (mode_switch_res == -EBUSY) {
6679 			wpa_printf(MSG_DEBUG,
6680 				   "nl80211: Delaying mode set while interface going down");
6681 			os_sleep(0, 100000);
6682 			continue;
6683 		}
6684 		ret = mode_switch_res;
6685 		break;
6686 	}
6687 
6688 	if (!ret) {
6689 		wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
6690 			   "interface is down");
6691 		drv->nlmode = nlmode;
6692 		drv->ignore_if_down_event = 1;
6693 	}
6694 
6695 	/* Bring the interface back up */
6696 	res = linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1);
6697 	if (res != 0) {
6698 		wpa_printf(MSG_DEBUG,
6699 			   "nl80211: Failed to set interface up after switching mode");
6700 		ret = -1;
6701 	}
6702 
6703 done:
6704 	if (ret) {
6705 		wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
6706 			   "from %d failed", nlmode, drv->nlmode);
6707 		return ret;
6708 	}
6709 
6710 	if (is_p2p_net_interface(nlmode)) {
6711 		wpa_printf(MSG_DEBUG,
6712 			   "nl80211: Interface %s mode change to P2P - disable 11b rates",
6713 			   bss->ifname);
6714 		nl80211_disable_11b_rates(drv, drv->ifindex, 1);
6715 	} else if (drv->disabled_11b_rates) {
6716 		wpa_printf(MSG_DEBUG,
6717 			   "nl80211: Interface %s mode changed to non-P2P - re-enable 11b rates",
6718 			   bss->ifname);
6719 		nl80211_disable_11b_rates(drv, drv->ifindex, 0);
6720 	}
6721 
6722 	if (is_ap_interface(nlmode)) {
6723 		nl80211_mgmt_unsubscribe(bss, "start AP");
6724 		/* Setup additional AP mode functionality if needed */
6725 		if (nl80211_setup_ap(bss))
6726 			return -1;
6727 	} else if (was_ap) {
6728 		/* Remove additional AP mode functionality */
6729 		nl80211_teardown_ap(bss);
6730 	} else {
6731 		nl80211_mgmt_unsubscribe(bss, "mode change");
6732 	}
6733 
6734 	if (is_mesh_interface(nlmode) &&
6735 	    nl80211_mgmt_subscribe_mesh(bss))
6736 		return -1;
6737 
6738 	if (!bss->in_deinit && !is_ap_interface(nlmode) &&
6739 	    !is_mesh_interface(nlmode) &&
6740 	    nl80211_mgmt_subscribe_non_ap(bss) < 0)
6741 		wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
6742 			   "frame processing - ignore for now");
6743 
6744 	return 0;
6745 }
6746 
6747 
6748 void nl80211_restore_ap_mode(struct i802_bss *bss)
6749 {
6750 	struct wpa_driver_nl80211_data *drv = bss->drv;
6751 	int was_ap = is_ap_interface(drv->nlmode);
6752 
6753 	wpa_driver_nl80211_set_mode(bss, drv->ap_scan_as_station);
6754 	if (!was_ap && is_ap_interface(drv->ap_scan_as_station) &&
6755 	    bss->brname[0] &&
6756 	    (bss->added_if_into_bridge || bss->already_in_bridge)) {
6757 		wpa_printf(MSG_DEBUG,
6758 			   "nl80211: Add AP interface %s back into the bridge %s",
6759 			   bss->ifname, bss->brname);
6760 		if (linux_br_add_if(drv->global->ioctl_sock, bss->brname,
6761 				    bss->ifname) < 0) {
6762 			wpa_printf(MSG_WARNING,
6763 				   "nl80211: Failed to add interface %s into bridge %s: %s",
6764 				   bss->ifname, bss->brname, strerror(errno));
6765 		}
6766 	}
6767 	drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
6768 }
6769 
6770 
6771 int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
6772 				enum nl80211_iftype nlmode)
6773 {
6774 	return wpa_driver_nl80211_set_mode_impl(bss, nlmode, NULL);
6775 }
6776 
6777 
6778 static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss,
6779 					    struct hostapd_freq_params *freq)
6780 {
6781 	return wpa_driver_nl80211_set_mode_impl(bss, NL80211_IFTYPE_ADHOC,
6782 						freq);
6783 }
6784 
6785 
6786 static int wpa_driver_nl80211_get_capa(void *priv,
6787 				       struct wpa_driver_capa *capa)
6788 {
6789 	struct i802_bss *bss = priv;
6790 	struct wpa_driver_nl80211_data *drv = bss->drv;
6791 
6792 	if (!drv->has_capability)
6793 		return -1;
6794 	os_memcpy(capa, &drv->capa, sizeof(*capa));
6795 	if (drv->extended_capa && drv->extended_capa_mask) {
6796 		capa->extended_capa = drv->extended_capa;
6797 		capa->extended_capa_mask = drv->extended_capa_mask;
6798 		capa->extended_capa_len = drv->extended_capa_len;
6799 	}
6800 
6801 	return 0;
6802 }
6803 
6804 
6805 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
6806 {
6807 	struct i802_bss *bss = priv;
6808 	struct wpa_driver_nl80211_data *drv = bss->drv;
6809 
6810 	wpa_printf(MSG_DEBUG, "nl80211: Set %s operstate %d->%d (%s)",
6811 		   bss->ifname, drv->operstate, state,
6812 		   state ? "UP" : "DORMANT");
6813 	drv->operstate = state;
6814 	return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1,
6815 				      state ? IF_OPER_UP : IF_OPER_DORMANT);
6816 }
6817 
6818 
6819 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
6820 {
6821 	struct i802_bss *bss = priv;
6822 	struct wpa_driver_nl80211_data *drv = bss->drv;
6823 	struct nl_msg *msg;
6824 	struct nl80211_sta_flag_update upd;
6825 	int ret;
6826 
6827 	if (!drv->associated && is_zero_ether_addr(drv->bssid) && !authorized) {
6828 		wpa_printf(MSG_DEBUG, "nl80211: Skip set_supp_port(unauthorized) while not associated");
6829 		return 0;
6830 	}
6831 
6832 	wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for "
6833 		   MACSTR, authorized ? "" : "un", MAC2STR(drv->bssid));
6834 
6835 	os_memset(&upd, 0, sizeof(upd));
6836 	upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
6837 	if (authorized)
6838 		upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
6839 
6840 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
6841 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid) ||
6842 	    nla_put(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd)) {
6843 		nlmsg_free(msg);
6844 		return -ENOBUFS;
6845 	}
6846 
6847 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
6848 	if (!ret)
6849 		return 0;
6850 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set STA flag: %d (%s)",
6851 		   ret, strerror(-ret));
6852 	return ret;
6853 }
6854 
6855 
6856 /* Set kernel driver on given frequency (MHz) */
6857 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
6858 {
6859 	struct i802_bss *bss = priv;
6860 	return nl80211_set_channel(bss, freq, 0);
6861 }
6862 
6863 
6864 static inline int min_int(int a, int b)
6865 {
6866 	if (a < b)
6867 		return a;
6868 	return b;
6869 }
6870 
6871 
6872 static int get_key_handler(struct nl_msg *msg, void *arg)
6873 {
6874 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
6875 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6876 
6877 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6878 		  genlmsg_attrlen(gnlh, 0), NULL);
6879 
6880 	/*
6881 	 * TODO: validate the key index and mac address!
6882 	 * Otherwise, there's a race condition as soon as
6883 	 * the kernel starts sending key notifications.
6884 	 */
6885 
6886 	if (tb[NL80211_ATTR_KEY_SEQ])
6887 		memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
6888 		       min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
6889 	nl80211_nlmsg_clear(msg);
6890 	return NL_SKIP;
6891 }
6892 
6893 
6894 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
6895 			   int idx, u8 *seq)
6896 {
6897 	struct i802_bss *bss = priv;
6898 	struct wpa_driver_nl80211_data *drv = bss->drv;
6899 	struct nl_msg *msg;
6900 
6901 	msg = nl80211_ifindex_msg(drv, if_nametoindex(iface), 0,
6902 				  NL80211_CMD_GET_KEY);
6903 	if (!msg ||
6904 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
6905 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, idx)) {
6906 		nlmsg_free(msg);
6907 		return -ENOBUFS;
6908 	}
6909 
6910 	memset(seq, 0, 6);
6911 
6912 	return send_and_recv_msgs(drv, msg, get_key_handler, seq, NULL, NULL);
6913 }
6914 
6915 
6916 static int i802_set_rts(void *priv, int rts)
6917 {
6918 	struct i802_bss *bss = priv;
6919 	struct wpa_driver_nl80211_data *drv = bss->drv;
6920 	struct nl_msg *msg;
6921 	int ret;
6922 	u32 val;
6923 
6924 	if (rts >= 2347 || rts == -1)
6925 		val = (u32) -1;
6926 	else
6927 		val = rts;
6928 
6929 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_WIPHY)) ||
6930 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val)) {
6931 		nlmsg_free(msg);
6932 		return -ENOBUFS;
6933 	}
6934 
6935 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
6936 	if (!ret)
6937 		return 0;
6938 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
6939 		   "%d (%s)", rts, ret, strerror(-ret));
6940 	return ret;
6941 }
6942 
6943 
6944 static int i802_set_frag(void *priv, int frag)
6945 {
6946 	struct i802_bss *bss = priv;
6947 	struct wpa_driver_nl80211_data *drv = bss->drv;
6948 	struct nl_msg *msg;
6949 	int ret;
6950 	u32 val;
6951 
6952 	if (frag >= 2346 || frag == -1)
6953 		val = (u32) -1;
6954 	else
6955 		val = frag;
6956 
6957 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_WIPHY)) ||
6958 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val)) {
6959 		nlmsg_free(msg);
6960 		return -ENOBUFS;
6961 	}
6962 
6963 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
6964 	if (!ret)
6965 		return 0;
6966 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
6967 		   "%d: %d (%s)", frag, ret, strerror(-ret));
6968 	return ret;
6969 }
6970 
6971 
6972 static int i802_flush(void *priv)
6973 {
6974 	struct i802_bss *bss = priv;
6975 	struct nl_msg *msg;
6976 	int res;
6977 
6978 	wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)",
6979 		   bss->ifname);
6980 
6981 	/*
6982 	 * XXX: FIX! this needs to flush all VLANs too
6983 	 */
6984 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_STATION);
6985 	res = send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
6986 	if (res) {
6987 		wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d "
6988 			   "(%s)", res, strerror(-res));
6989 	}
6990 	return res;
6991 }
6992 
6993 
6994 static void get_sta_tid_stats(struct hostap_sta_driver_data *data,
6995 			      struct nlattr *attr)
6996 {
6997 	struct nlattr *tid_stats[NL80211_TID_STATS_MAX + 1], *tidattr;
6998 	struct nlattr *txq_stats[NL80211_TXQ_STATS_MAX + 1];
6999 	static struct nla_policy txq_stats_policy[NL80211_TXQ_STATS_MAX + 1] = {
7000 		[NL80211_TXQ_STATS_BACKLOG_BYTES] = { .type = NLA_U32 },
7001 		[NL80211_TXQ_STATS_BACKLOG_PACKETS] = { .type = NLA_U32 },
7002 	};
7003 	int rem;
7004 
7005 	nla_for_each_nested(tidattr, attr, rem) {
7006 		if (nla_parse_nested(tid_stats, NL80211_TID_STATS_MAX,
7007 				     tidattr, NULL) != 0 ||
7008 		    !tid_stats[NL80211_TID_STATS_TXQ_STATS] ||
7009 		    nla_parse_nested(txq_stats, NL80211_TXQ_STATS_MAX,
7010 				     tid_stats[NL80211_TID_STATS_TXQ_STATS],
7011 				     txq_stats_policy) != 0)
7012 			continue;
7013 		/* sum the backlogs over all TIDs for station */
7014 		if (txq_stats[NL80211_TXQ_STATS_BACKLOG_BYTES])
7015 			data->backlog_bytes += nla_get_u32(
7016 				txq_stats[NL80211_TXQ_STATS_BACKLOG_BYTES]);
7017 		if (txq_stats[NL80211_TXQ_STATS_BACKLOG_PACKETS])
7018 			data->backlog_bytes += nla_get_u32(
7019 				txq_stats[NL80211_TXQ_STATS_BACKLOG_PACKETS]);
7020 	}
7021 }
7022 
7023 
7024 static int get_sta_handler(struct nl_msg *msg, void *arg)
7025 {
7026 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
7027 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
7028 	struct hostap_sta_driver_data *data = arg;
7029 	struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
7030 	static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
7031 		[NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
7032 		[NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
7033 		[NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
7034 		[NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
7035 		[NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
7036 		[NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 },
7037 		[NL80211_STA_INFO_RX_BYTES64] = { .type = NLA_U64 },
7038 		[NL80211_STA_INFO_TX_BYTES64] = { .type = NLA_U64 },
7039 		[NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
7040 		[NL80211_STA_INFO_ACK_SIGNAL] = { .type = NLA_U8 },
7041 		[NL80211_STA_INFO_RX_DURATION] = { .type = NLA_U64 },
7042 		[NL80211_STA_INFO_TX_DURATION] = { .type = NLA_U64 },
7043 		[NL80211_STA_INFO_CONNECTED_TIME] = { .type = NLA_U32 },
7044 	};
7045 	struct nlattr *rate[NL80211_RATE_INFO_MAX + 1];
7046 	static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
7047 		[NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
7048 		[NL80211_RATE_INFO_BITRATE32] = { .type = NLA_U32 },
7049 		[NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
7050 		[NL80211_RATE_INFO_VHT_MCS] = { .type = NLA_U8 },
7051 		[NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
7052 		[NL80211_RATE_INFO_VHT_NSS] = { .type = NLA_U8 },
7053 	};
7054 
7055 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
7056 		  genlmsg_attrlen(gnlh, 0), NULL);
7057 
7058 	/*
7059 	 * TODO: validate the interface and mac address!
7060 	 * Otherwise, there's a race condition as soon as
7061 	 * the kernel starts sending station notifications.
7062 	 */
7063 
7064 	if (!tb[NL80211_ATTR_STA_INFO]) {
7065 		wpa_printf(MSG_DEBUG, "sta stats missing!");
7066 		return NL_SKIP;
7067 	}
7068 	if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
7069 			     tb[NL80211_ATTR_STA_INFO],
7070 			     stats_policy)) {
7071 		wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
7072 		return NL_SKIP;
7073 	}
7074 
7075 	if (stats[NL80211_STA_INFO_INACTIVE_TIME])
7076 		data->inactive_msec =
7077 			nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
7078 	/* For backwards compatibility, fetch the 32-bit counters first. */
7079 	if (stats[NL80211_STA_INFO_RX_BYTES])
7080 		data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
7081 	if (stats[NL80211_STA_INFO_TX_BYTES])
7082 		data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
7083 	if (stats[NL80211_STA_INFO_RX_BYTES64] &&
7084 	    stats[NL80211_STA_INFO_TX_BYTES64]) {
7085 		/*
7086 		 * The driver supports 64-bit counters, so use them to override
7087 		 * the 32-bit values.
7088 		 */
7089 		data->rx_bytes =
7090 			nla_get_u64(stats[NL80211_STA_INFO_RX_BYTES64]);
7091 		data->tx_bytes =
7092 			nla_get_u64(stats[NL80211_STA_INFO_TX_BYTES64]);
7093 		data->bytes_64bit = 1;
7094 	}
7095 	if (stats[NL80211_STA_INFO_RX_PACKETS])
7096 		data->rx_packets =
7097 			nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
7098 	if (stats[NL80211_STA_INFO_TX_PACKETS])
7099 		data->tx_packets =
7100 			nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
7101 	if (stats[NL80211_STA_INFO_RX_DURATION])
7102 		data->rx_airtime =
7103 			nla_get_u64(stats[NL80211_STA_INFO_RX_DURATION]);
7104 	if (stats[NL80211_STA_INFO_TX_DURATION])
7105 		data->tx_airtime =
7106 			nla_get_u64(stats[NL80211_STA_INFO_TX_DURATION]);
7107 	if (stats[NL80211_STA_INFO_TX_FAILED])
7108 		data->tx_retry_failed =
7109 			nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]);
7110 	if (stats[NL80211_STA_INFO_SIGNAL])
7111 		data->signal = nla_get_u8(stats[NL80211_STA_INFO_SIGNAL]);
7112 	if (stats[NL80211_STA_INFO_ACK_SIGNAL]) {
7113 		data->last_ack_rssi =
7114 			nla_get_u8(stats[NL80211_STA_INFO_ACK_SIGNAL]);
7115 		data->flags |= STA_DRV_DATA_LAST_ACK_RSSI;
7116 	}
7117 
7118 	if (stats[NL80211_STA_INFO_CONNECTED_TIME]) {
7119 		data->connected_sec =
7120 			nla_get_u32(stats[NL80211_STA_INFO_CONNECTED_TIME]);
7121 		data->flags |= STA_DRV_DATA_CONN_TIME;
7122 	}
7123 
7124 	if (stats[NL80211_STA_INFO_TX_BITRATE] &&
7125 	    nla_parse_nested(rate, NL80211_RATE_INFO_MAX,
7126 			     stats[NL80211_STA_INFO_TX_BITRATE],
7127 			     rate_policy) == 0) {
7128 		if (rate[NL80211_RATE_INFO_BITRATE32])
7129 			data->current_tx_rate =
7130 				nla_get_u32(rate[NL80211_RATE_INFO_BITRATE32]);
7131 		else if (rate[NL80211_RATE_INFO_BITRATE])
7132 			data->current_tx_rate =
7133 				nla_get_u16(rate[NL80211_RATE_INFO_BITRATE]);
7134 
7135 		if (rate[NL80211_RATE_INFO_MCS]) {
7136 			data->tx_mcs = nla_get_u8(rate[NL80211_RATE_INFO_MCS]);
7137 			data->flags |= STA_DRV_DATA_TX_MCS;
7138 		}
7139 		if (rate[NL80211_RATE_INFO_VHT_MCS]) {
7140 			data->tx_vhtmcs =
7141 				nla_get_u8(rate[NL80211_RATE_INFO_VHT_MCS]);
7142 			data->flags |= STA_DRV_DATA_TX_VHT_MCS;
7143 		}
7144 		if (rate[NL80211_RATE_INFO_SHORT_GI])
7145 			data->flags |= STA_DRV_DATA_TX_SHORT_GI;
7146 		if (rate[NL80211_RATE_INFO_VHT_NSS]) {
7147 			data->tx_vht_nss =
7148 				nla_get_u8(rate[NL80211_RATE_INFO_VHT_NSS]);
7149 			data->flags |= STA_DRV_DATA_TX_VHT_NSS;
7150 		}
7151 	}
7152 
7153 	if (stats[NL80211_STA_INFO_RX_BITRATE] &&
7154 	    nla_parse_nested(rate, NL80211_RATE_INFO_MAX,
7155 			     stats[NL80211_STA_INFO_RX_BITRATE],
7156 			     rate_policy) == 0) {
7157 		if (rate[NL80211_RATE_INFO_BITRATE32])
7158 			data->current_rx_rate =
7159 				nla_get_u32(rate[NL80211_RATE_INFO_BITRATE32]);
7160 		else if (rate[NL80211_RATE_INFO_BITRATE])
7161 			data->current_rx_rate =
7162 				nla_get_u16(rate[NL80211_RATE_INFO_BITRATE]);
7163 
7164 		if (rate[NL80211_RATE_INFO_MCS]) {
7165 			data->rx_mcs =
7166 				nla_get_u8(rate[NL80211_RATE_INFO_MCS]);
7167 			data->flags |= STA_DRV_DATA_RX_MCS;
7168 		}
7169 		if (rate[NL80211_RATE_INFO_VHT_MCS]) {
7170 			data->rx_vhtmcs =
7171 				nla_get_u8(rate[NL80211_RATE_INFO_VHT_MCS]);
7172 			data->flags |= STA_DRV_DATA_RX_VHT_MCS;
7173 		}
7174 		if (rate[NL80211_RATE_INFO_SHORT_GI])
7175 			data->flags |= STA_DRV_DATA_RX_SHORT_GI;
7176 		if (rate[NL80211_RATE_INFO_VHT_NSS]) {
7177 			data->rx_vht_nss =
7178 				nla_get_u8(rate[NL80211_RATE_INFO_VHT_NSS]);
7179 			data->flags |= STA_DRV_DATA_RX_VHT_NSS;
7180 		}
7181 	}
7182 
7183 	if (stats[NL80211_STA_INFO_TID_STATS])
7184 		get_sta_tid_stats(data, stats[NL80211_STA_INFO_TID_STATS]);
7185 
7186 	return NL_SKIP;
7187 }
7188 
7189 static int i802_read_sta_data(struct i802_bss *bss,
7190 			      struct hostap_sta_driver_data *data,
7191 			      const u8 *addr)
7192 {
7193 	struct nl_msg *msg;
7194 
7195 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_GET_STATION)) ||
7196 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
7197 		nlmsg_free(msg);
7198 		return -ENOBUFS;
7199 	}
7200 
7201 	return send_and_recv_msgs(bss->drv, msg, get_sta_handler, data,
7202 				  NULL, NULL);
7203 }
7204 
7205 
7206 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
7207 				    int cw_min, int cw_max, int burst_time)
7208 {
7209 	struct i802_bss *bss = priv;
7210 	struct wpa_driver_nl80211_data *drv = bss->drv;
7211 	struct nl_msg *msg;
7212 	struct nlattr *txq, *params;
7213 	int res;
7214 
7215 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_WIPHY);
7216 	if (!msg)
7217 		return -1;
7218 
7219 	txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
7220 	if (!txq)
7221 		goto fail;
7222 
7223 	/* We are only sending parameters for a single TXQ at a time */
7224 	params = nla_nest_start(msg, 1);
7225 	if (!params)
7226 		goto fail;
7227 
7228 	switch (queue) {
7229 	case 0:
7230 		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO))
7231 			goto fail;
7232 		break;
7233 	case 1:
7234 		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI))
7235 			goto fail;
7236 		break;
7237 	case 2:
7238 		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE))
7239 			goto fail;
7240 		break;
7241 	case 3:
7242 		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK))
7243 			goto fail;
7244 		break;
7245 	}
7246 	/* Burst time is configured in units of 0.1 msec and TXOP parameter in
7247 	 * 32 usec, so need to convert the value here. */
7248 	if (nla_put_u16(msg, NL80211_TXQ_ATTR_TXOP,
7249 			(burst_time * 100 + 16) / 32) ||
7250 	    nla_put_u16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min) ||
7251 	    nla_put_u16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max) ||
7252 	    nla_put_u8(msg, NL80211_TXQ_ATTR_AIFS, aifs))
7253 		goto fail;
7254 
7255 	nla_nest_end(msg, params);
7256 
7257 	nla_nest_end(msg, txq);
7258 
7259 	res = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
7260 	wpa_printf(MSG_DEBUG,
7261 		   "nl80211: TX queue param set: queue=%d aifs=%d cw_min=%d cw_max=%d burst_time=%d --> res=%d",
7262 		   queue, aifs, cw_min, cw_max, burst_time, res);
7263 	if (res == 0)
7264 		return 0;
7265 	msg = NULL;
7266 fail:
7267 	nlmsg_free(msg);
7268 	return -1;
7269 }
7270 
7271 
7272 static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr,
7273 			     const char *ifname, int vlan_id)
7274 {
7275 	struct wpa_driver_nl80211_data *drv = bss->drv;
7276 	struct nl_msg *msg;
7277 	int ret;
7278 
7279 	wpa_printf(MSG_DEBUG, "nl80211: %s[%d]: set_sta_vlan(" MACSTR
7280 		   ", ifname=%s[%d], vlan_id=%d)",
7281 		   bss->ifname, if_nametoindex(bss->ifname),
7282 		   MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id);
7283 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
7284 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
7285 	    (vlan_id && (drv->capa.flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD) &&
7286 	     nla_put_u16(msg, NL80211_ATTR_VLAN_ID, vlan_id)) ||
7287 	    nla_put_u32(msg, NL80211_ATTR_STA_VLAN, if_nametoindex(ifname))) {
7288 		nlmsg_free(msg);
7289 		return -ENOBUFS;
7290 	}
7291 
7292 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
7293 	if (ret < 0) {
7294 		wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
7295 			   MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
7296 			   MAC2STR(addr), ifname, vlan_id, ret,
7297 			   strerror(-ret));
7298 	}
7299 	return ret;
7300 }
7301 
7302 
7303 static int i802_get_inact_sec(void *priv, const u8 *addr)
7304 {
7305 	struct hostap_sta_driver_data data;
7306 	int ret;
7307 
7308 	os_memset(&data, 0, sizeof(data));
7309 	data.inactive_msec = (unsigned long) -1;
7310 	ret = i802_read_sta_data(priv, &data, addr);
7311 	if (ret == -ENOENT)
7312 		return -ENOENT;
7313 	if (ret || data.inactive_msec == (unsigned long) -1)
7314 		return -1;
7315 	return data.inactive_msec / 1000;
7316 }
7317 
7318 
7319 static int i802_sta_clear_stats(void *priv, const u8 *addr)
7320 {
7321 #if 0
7322 	/* TODO */
7323 #endif
7324 	return 0;
7325 }
7326 
7327 
7328 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
7329 			   u16 reason)
7330 {
7331 	struct i802_bss *bss = priv;
7332 	struct wpa_driver_nl80211_data *drv = bss->drv;
7333 	struct ieee80211_mgmt mgmt;
7334 	u8 channel;
7335 
7336 	if (ieee80211_freq_to_chan(bss->freq, &channel) ==
7337 	    HOSTAPD_MODE_IEEE80211AD) {
7338 		/* Deauthentication is not used in DMG/IEEE 802.11ad;
7339 		 * disassociate the STA instead. */
7340 		return i802_sta_disassoc(priv, own_addr, addr, reason);
7341 	}
7342 
7343 	if (is_mesh_interface(drv->nlmode))
7344 		return -1;
7345 
7346 	if (drv->device_ap_sme)
7347 		return wpa_driver_nl80211_sta_remove(bss, addr, 1, reason);
7348 
7349 	memset(&mgmt, 0, sizeof(mgmt));
7350 	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
7351 					  WLAN_FC_STYPE_DEAUTH);
7352 	memcpy(mgmt.da, addr, ETH_ALEN);
7353 	memcpy(mgmt.sa, own_addr, ETH_ALEN);
7354 	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
7355 	mgmt.u.deauth.reason_code = host_to_le16(reason);
7356 	return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
7357 					    IEEE80211_HDRLEN +
7358 					    sizeof(mgmt.u.deauth), 0, 0, 0, 0,
7359 					    0, NULL, 0, 0);
7360 }
7361 
7362 
7363 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
7364 			     u16 reason)
7365 {
7366 	struct i802_bss *bss = priv;
7367 	struct wpa_driver_nl80211_data *drv = bss->drv;
7368 	struct ieee80211_mgmt mgmt;
7369 
7370 	if (is_mesh_interface(drv->nlmode))
7371 		return -1;
7372 
7373 	if (drv->device_ap_sme)
7374 		return wpa_driver_nl80211_sta_remove(bss, addr, 0, reason);
7375 
7376 	memset(&mgmt, 0, sizeof(mgmt));
7377 	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
7378 					  WLAN_FC_STYPE_DISASSOC);
7379 	memcpy(mgmt.da, addr, ETH_ALEN);
7380 	memcpy(mgmt.sa, own_addr, ETH_ALEN);
7381 	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
7382 	mgmt.u.disassoc.reason_code = host_to_le16(reason);
7383 	return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
7384 					    IEEE80211_HDRLEN +
7385 					    sizeof(mgmt.u.disassoc), 0, 0, 0, 0,
7386 					    0, NULL, 0, 0);
7387 }
7388 
7389 
7390 static void dump_ifidx(struct wpa_driver_nl80211_data *drv)
7391 {
7392 	char buf[200], *pos, *end;
7393 	int i, res;
7394 
7395 	pos = buf;
7396 	end = pos + sizeof(buf);
7397 
7398 	for (i = 0; i < drv->num_if_indices; i++) {
7399 		if (!drv->if_indices[i].ifindex)
7400 			continue;
7401 		res = os_snprintf(pos, end - pos, " %d(%d)",
7402 				  drv->if_indices[i].ifindex,
7403 				  drv->if_indices[i].reason);
7404 		if (os_snprintf_error(end - pos, res))
7405 			break;
7406 		pos += res;
7407 	}
7408 	*pos = '\0';
7409 
7410 	wpa_printf(MSG_DEBUG, "nl80211: if_indices[%d]:%s",
7411 		   drv->num_if_indices, buf);
7412 }
7413 
7414 
7415 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
7416 		      int ifidx_reason)
7417 {
7418 	int i;
7419 	struct drv_nl80211_if_info *old;
7420 
7421 	wpa_printf(MSG_DEBUG,
7422 		   "nl80211: Add own interface ifindex %d (ifidx_reason %d)",
7423 		   ifidx, ifidx_reason);
7424 	if (have_ifidx(drv, ifidx, ifidx_reason)) {
7425 		wpa_printf(MSG_DEBUG, "nl80211: ifindex %d already in the list",
7426 			   ifidx);
7427 		return;
7428 	}
7429 	for (i = 0; i < drv->num_if_indices; i++) {
7430 		if (drv->if_indices[i].ifindex == 0) {
7431 			drv->if_indices[i].ifindex = ifidx;
7432 			drv->if_indices[i].reason = ifidx_reason;
7433 			dump_ifidx(drv);
7434 			return;
7435 		}
7436 	}
7437 
7438 	if (drv->if_indices != drv->default_if_indices)
7439 		old = drv->if_indices;
7440 	else
7441 		old = NULL;
7442 
7443 	drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1,
7444 					   sizeof(*old));
7445 	if (!drv->if_indices) {
7446 		if (!old)
7447 			drv->if_indices = drv->default_if_indices;
7448 		else
7449 			drv->if_indices = old;
7450 		wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
7451 			   "interfaces");
7452 		wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
7453 		return;
7454 	}
7455 	if (!old)
7456 		os_memcpy(drv->if_indices, drv->default_if_indices,
7457 			  sizeof(drv->default_if_indices));
7458 	drv->if_indices[drv->num_if_indices].ifindex = ifidx;
7459 	drv->if_indices[drv->num_if_indices].reason = ifidx_reason;
7460 	drv->num_if_indices++;
7461 	dump_ifidx(drv);
7462 }
7463 
7464 
7465 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
7466 		      int ifidx_reason)
7467 {
7468 	int i;
7469 
7470 	for (i = 0; i < drv->num_if_indices; i++) {
7471 		if ((drv->if_indices[i].ifindex == ifidx ||
7472 		     ifidx == IFIDX_ANY) &&
7473 		    (drv->if_indices[i].reason == ifidx_reason ||
7474 		     ifidx_reason == IFIDX_ANY)) {
7475 			drv->if_indices[i].ifindex = 0;
7476 			drv->if_indices[i].reason = 0;
7477 			break;
7478 		}
7479 	}
7480 	dump_ifidx(drv);
7481 }
7482 
7483 
7484 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
7485 		      int ifidx_reason)
7486 {
7487 	int i;
7488 
7489 	for (i = 0; i < drv->num_if_indices; i++)
7490 		if (drv->if_indices[i].ifindex == ifidx &&
7491 		    (drv->if_indices[i].reason == ifidx_reason ||
7492 		     ifidx_reason == IFIDX_ANY))
7493 			return 1;
7494 
7495 	return 0;
7496 }
7497 
7498 
7499 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val,
7500 			    const char *bridge_ifname, char *ifname_wds)
7501 {
7502 	struct i802_bss *bss = priv;
7503 	struct wpa_driver_nl80211_data *drv = bss->drv;
7504 	char name[IFNAMSIZ + 1];
7505 	union wpa_event_data event;
7506 	int ret;
7507 
7508 	ret = os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
7509 	if (ret >= (int) sizeof(name))
7510 		wpa_printf(MSG_WARNING,
7511 			   "nl80211: WDS interface name was truncated");
7512 	else if (ret < 0)
7513 		return ret;
7514 
7515 	if (ifname_wds)
7516 		os_strlcpy(ifname_wds, name, IFNAMSIZ + 1);
7517 
7518 	wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
7519 		   " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
7520 	if (val) {
7521 		if (!if_nametoindex(name)) {
7522 			if (nl80211_create_iface(drv, name,
7523 						 NL80211_IFTYPE_AP_VLAN,
7524 						 bss->addr, 1, NULL, NULL, 0) <
7525 			    0)
7526 				return -1;
7527 			if (bridge_ifname &&
7528 			    linux_br_add_if(drv->global->ioctl_sock,
7529 					    bridge_ifname, name) < 0)
7530 				return -1;
7531 
7532 			os_memset(&event, 0, sizeof(event));
7533 			event.wds_sta_interface.sta_addr = addr;
7534 			event.wds_sta_interface.ifname = name;
7535 			event.wds_sta_interface.istatus = INTERFACE_ADDED;
7536 			wpa_supplicant_event(bss->ctx,
7537 					     EVENT_WDS_STA_INTERFACE_STATUS,
7538 					     &event);
7539 		}
7540 		if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) {
7541 			wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA "
7542 				   "interface %s up", name);
7543 		}
7544 		return i802_set_sta_vlan(priv, addr, name, 0);
7545 	} else {
7546 		if (bridge_ifname &&
7547 		    linux_br_del_if(drv->global->ioctl_sock, bridge_ifname,
7548 				    name) < 0)
7549 			wpa_printf(MSG_INFO,
7550 				   "nl80211: Failed to remove interface %s from bridge %s: %s",
7551 				   name, bridge_ifname, strerror(errno));
7552 
7553 		i802_set_sta_vlan(priv, addr, bss->ifname, 0);
7554 		nl80211_remove_iface(drv, if_nametoindex(name));
7555 		os_memset(&event, 0, sizeof(event));
7556 		event.wds_sta_interface.sta_addr = addr;
7557 		event.wds_sta_interface.ifname = name;
7558 		event.wds_sta_interface.istatus = INTERFACE_REMOVED;
7559 		wpa_supplicant_event(bss->ctx, EVENT_WDS_STA_INTERFACE_STATUS,
7560 				     &event);
7561 		return 0;
7562 	}
7563 }
7564 
7565 
7566 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
7567 {
7568 	struct wpa_driver_nl80211_data *drv = eloop_ctx;
7569 	struct sockaddr_ll lladdr;
7570 	unsigned char buf[3000];
7571 	int len;
7572 	socklen_t fromlen = sizeof(lladdr);
7573 
7574 	len = recvfrom(sock, buf, sizeof(buf), 0,
7575 		       (struct sockaddr *)&lladdr, &fromlen);
7576 	if (len < 0) {
7577 		wpa_printf(MSG_ERROR, "nl80211: EAPOL recv failed: %s",
7578 			   strerror(errno));
7579 		return;
7580 	}
7581 
7582 	if (have_ifidx(drv, lladdr.sll_ifindex, IFIDX_ANY))
7583 		drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
7584 }
7585 
7586 
7587 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
7588 			     struct i802_bss *bss,
7589 			     const char *brname, const char *ifname)
7590 {
7591 	int br_ifindex;
7592 	char in_br[IFNAMSIZ];
7593 
7594 	os_strlcpy(bss->brname, brname, IFNAMSIZ);
7595 	br_ifindex = if_nametoindex(brname);
7596 	if (br_ifindex == 0) {
7597 		/*
7598 		 * Bridge was configured, but the bridge device does
7599 		 * not exist. Try to add it now.
7600 		 */
7601 		if (linux_br_add(drv->global->ioctl_sock, brname) < 0) {
7602 			wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
7603 				   "bridge interface %s: %s",
7604 				   brname, strerror(errno));
7605 			return -1;
7606 		}
7607 		bss->added_bridge = 1;
7608 		br_ifindex = if_nametoindex(brname);
7609 		add_ifidx(drv, br_ifindex, drv->ifindex);
7610 	}
7611 	bss->br_ifindex = br_ifindex;
7612 
7613 	if (linux_br_get(in_br, ifname) == 0) {
7614 		if (os_strcmp(in_br, brname) == 0) {
7615 			bss->already_in_bridge = 1;
7616 			return 0; /* already in the bridge */
7617 		}
7618 
7619 		wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
7620 			   "bridge %s", ifname, in_br);
7621 		if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) <
7622 		    0) {
7623 			wpa_printf(MSG_ERROR, "nl80211: Failed to "
7624 				   "remove interface %s from bridge "
7625 				   "%s: %s",
7626 				   ifname, in_br, strerror(errno));
7627 			return -1;
7628 		}
7629 	}
7630 
7631 	wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
7632 		   ifname, brname);
7633 	if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) {
7634 		wpa_printf(MSG_WARNING,
7635 			   "nl80211: Failed to add interface %s into bridge %s: %s",
7636 			   ifname, brname, strerror(errno));
7637 		/* Try to continue without the interface being in a bridge. This
7638 		 * may be needed for some cases, e.g., with Open vSwitch, where
7639 		 * an external component will need to handle bridge
7640 		 * configuration. */
7641 		return 0;
7642 	}
7643 	bss->added_if_into_bridge = 1;
7644 
7645 	return 0;
7646 }
7647 
7648 
7649 static void *i802_init(struct hostapd_data *hapd,
7650 		       struct wpa_init_params *params)
7651 {
7652 	struct wpa_driver_nl80211_data *drv;
7653 	struct i802_bss *bss;
7654 	size_t i;
7655 	char master_ifname[IFNAMSIZ];
7656 	int ifindex, br_ifindex = 0;
7657 	int br_added = 0;
7658 
7659 	bss = wpa_driver_nl80211_drv_init(hapd, params->ifname,
7660 					  params->global_priv, 1,
7661 					  params->bssid, params->driver_params);
7662 	if (bss == NULL)
7663 		return NULL;
7664 
7665 	drv = bss->drv;
7666 
7667 	if (linux_br_get(master_ifname, params->ifname) == 0) {
7668 		wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
7669 			   params->ifname, master_ifname);
7670 		br_ifindex = if_nametoindex(master_ifname);
7671 		os_strlcpy(bss->brname, master_ifname, IFNAMSIZ);
7672 	} else if ((params->num_bridge == 0 || !params->bridge[0]) &&
7673 		   linux_master_get(master_ifname, params->ifname) == 0) {
7674 		wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in master %s",
7675 			params->ifname, master_ifname);
7676 		/* start listening for EAPOL on the master interface */
7677 		add_ifidx(drv, if_nametoindex(master_ifname), drv->ifindex);
7678 
7679 		/* check if master itself is under bridge */
7680 		if (linux_br_get(master_ifname, master_ifname) == 0) {
7681 			wpa_printf(MSG_DEBUG, "nl80211: which is in bridge %s",
7682 				   master_ifname);
7683 			br_ifindex = if_nametoindex(master_ifname);
7684 			os_strlcpy(bss->brname, master_ifname, IFNAMSIZ);
7685 		}
7686 	} else {
7687 		master_ifname[0] = '\0';
7688 	}
7689 
7690 	bss->br_ifindex = br_ifindex;
7691 
7692 	for (i = 0; i < params->num_bridge; i++) {
7693 		if (params->bridge[i]) {
7694 			ifindex = if_nametoindex(params->bridge[i]);
7695 			if (ifindex)
7696 				add_ifidx(drv, ifindex, drv->ifindex);
7697 			if (ifindex == br_ifindex)
7698 				br_added = 1;
7699 		}
7700 	}
7701 
7702 	/* start listening for EAPOL on the default AP interface */
7703 	add_ifidx(drv, drv->ifindex, IFIDX_ANY);
7704 
7705 	if (params->num_bridge && params->bridge[0]) {
7706 		if (i802_check_bridge(drv, bss, params->bridge[0],
7707 				      params->ifname) < 0)
7708 			goto failed;
7709 		if (os_strcmp(params->bridge[0], master_ifname) != 0)
7710 			br_added = 1;
7711 	}
7712 
7713 	if (!br_added && br_ifindex &&
7714 	    (params->num_bridge == 0 || !params->bridge[0]))
7715 		add_ifidx(drv, br_ifindex, drv->ifindex);
7716 
7717 #ifdef CONFIG_LIBNL3_ROUTE
7718 	if (bss->added_if_into_bridge || bss->already_in_bridge) {
7719 		int err;
7720 
7721 		drv->rtnl_sk = nl_socket_alloc();
7722 		if (drv->rtnl_sk == NULL) {
7723 			wpa_printf(MSG_ERROR, "nl80211: Failed to allocate nl_sock");
7724 			goto failed;
7725 		}
7726 
7727 		err = nl_connect(drv->rtnl_sk, NETLINK_ROUTE);
7728 		if (err) {
7729 			wpa_printf(MSG_ERROR, "nl80211: Failed to connect nl_sock to NETLINK_ROUTE: %s",
7730 				   nl_geterror(err));
7731 			goto failed;
7732 		}
7733 	}
7734 #endif /* CONFIG_LIBNL3_ROUTE */
7735 
7736 	if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
7737 		wpa_printf(MSG_DEBUG,
7738 			   "nl80211: Do not open EAPOL RX socket - using control port for RX");
7739 		goto skip_eapol_sock;
7740 	}
7741 
7742 	drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
7743 	if (drv->eapol_sock < 0) {
7744 		wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s",
7745 			   strerror(errno));
7746 		goto failed;
7747 	}
7748 
7749 	if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
7750 	{
7751 		wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol");
7752 		goto failed;
7753 	}
7754 skip_eapol_sock:
7755 
7756 	if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
7757 			       params->own_addr))
7758 		goto failed;
7759 	os_memcpy(drv->perm_addr, params->own_addr, ETH_ALEN);
7760 
7761 	memcpy(bss->addr, params->own_addr, ETH_ALEN);
7762 
7763 	return bss;
7764 
7765 failed:
7766 	wpa_driver_nl80211_deinit(bss);
7767 	return NULL;
7768 }
7769 
7770 
7771 static void i802_deinit(void *priv)
7772 {
7773 	struct i802_bss *bss = priv;
7774 	wpa_driver_nl80211_deinit(bss);
7775 }
7776 
7777 
7778 static enum nl80211_iftype wpa_driver_nl80211_if_type(
7779 	enum wpa_driver_if_type type)
7780 {
7781 	switch (type) {
7782 	case WPA_IF_STATION:
7783 		return NL80211_IFTYPE_STATION;
7784 	case WPA_IF_P2P_CLIENT:
7785 	case WPA_IF_P2P_GROUP:
7786 		return NL80211_IFTYPE_P2P_CLIENT;
7787 	case WPA_IF_AP_VLAN:
7788 		return NL80211_IFTYPE_AP_VLAN;
7789 	case WPA_IF_AP_BSS:
7790 		return NL80211_IFTYPE_AP;
7791 	case WPA_IF_P2P_GO:
7792 		return NL80211_IFTYPE_P2P_GO;
7793 	case WPA_IF_P2P_DEVICE:
7794 		return NL80211_IFTYPE_P2P_DEVICE;
7795 	case WPA_IF_MESH:
7796 		return NL80211_IFTYPE_MESH_POINT;
7797 	default:
7798 		return -1;
7799 	}
7800 }
7801 
7802 
7803 static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
7804 {
7805 	struct wpa_driver_nl80211_data *drv;
7806 	dl_list_for_each(drv, &global->interfaces,
7807 			 struct wpa_driver_nl80211_data, list) {
7808 		if (os_memcmp(addr, drv->first_bss->addr, ETH_ALEN) == 0)
7809 			return 1;
7810 	}
7811 	return 0;
7812 }
7813 
7814 
7815 static int nl80211_vif_addr(struct wpa_driver_nl80211_data *drv, u8 *new_addr)
7816 {
7817 	unsigned int idx;
7818 
7819 	if (!drv->global)
7820 		return -1;
7821 
7822 	os_memcpy(new_addr, drv->first_bss->addr, ETH_ALEN);
7823 	for (idx = 0; idx < 64; idx++) {
7824 		new_addr[0] = drv->first_bss->addr[0] | 0x02;
7825 		new_addr[0] ^= idx << 2;
7826 		if (!nl80211_addr_in_use(drv->global, new_addr))
7827 			break;
7828 	}
7829 	if (idx == 64)
7830 		return -1;
7831 
7832 	wpa_printf(MSG_DEBUG, "nl80211: Assigned new virtual interface address "
7833 		   MACSTR, MAC2STR(new_addr));
7834 
7835 	return 0;
7836 }
7837 
7838 
7839 struct wdev_info {
7840 	u64 wdev_id;
7841 	int wdev_id_set;
7842 	u8 macaddr[ETH_ALEN];
7843 };
7844 
7845 static int nl80211_wdev_handler(struct nl_msg *msg, void *arg)
7846 {
7847 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
7848 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
7849 	struct wdev_info *wi = arg;
7850 
7851 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
7852 		  genlmsg_attrlen(gnlh, 0), NULL);
7853 	if (tb[NL80211_ATTR_WDEV]) {
7854 		wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
7855 		wi->wdev_id_set = 1;
7856 	}
7857 
7858 	if (tb[NL80211_ATTR_MAC])
7859 		os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
7860 			  ETH_ALEN);
7861 
7862 	return NL_SKIP;
7863 }
7864 
7865 
7866 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
7867 				     const char *ifname, const u8 *addr,
7868 				     void *bss_ctx, void **drv_priv,
7869 				     char *force_ifname, u8 *if_addr,
7870 				     const char *bridge, int use_existing,
7871 				     int setup_ap)
7872 {
7873 	enum nl80211_iftype nlmode;
7874 	struct i802_bss *bss = priv;
7875 	struct wpa_driver_nl80211_data *drv = bss->drv;
7876 	int ifidx;
7877 	int added = 1;
7878 
7879 	if (addr)
7880 		os_memcpy(if_addr, addr, ETH_ALEN);
7881 	nlmode = wpa_driver_nl80211_if_type(type);
7882 	if (nlmode == NL80211_IFTYPE_P2P_DEVICE) {
7883 		struct wdev_info p2pdev_info;
7884 
7885 		os_memset(&p2pdev_info, 0, sizeof(p2pdev_info));
7886 		ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
7887 					     0, nl80211_wdev_handler,
7888 					     &p2pdev_info, use_existing);
7889 		if (!p2pdev_info.wdev_id_set || ifidx != 0) {
7890 			wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s",
7891 				   ifname);
7892 			return -1;
7893 		}
7894 
7895 		drv->global->if_add_wdevid = p2pdev_info.wdev_id;
7896 		drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set;
7897 		if (!is_zero_ether_addr(p2pdev_info.macaddr))
7898 			os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN);
7899 		wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created",
7900 			   ifname,
7901 			   (long long unsigned int) p2pdev_info.wdev_id);
7902 	} else {
7903 		ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
7904 					     0, NULL, NULL, use_existing);
7905 		if (use_existing && ifidx == -ENFILE) {
7906 			added = 0;
7907 			ifidx = if_nametoindex(ifname);
7908 		} else if (ifidx < 0) {
7909 			return -1;
7910 		}
7911 	}
7912 
7913 	if (!addr) {
7914 		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
7915 			os_memcpy(if_addr, bss->addr, ETH_ALEN);
7916 		else if (linux_get_ifhwaddr(drv->global->ioctl_sock,
7917 					    ifname, if_addr) < 0) {
7918 			if (added)
7919 				nl80211_remove_iface(drv, ifidx);
7920 			return -1;
7921 		}
7922 	}
7923 
7924 	if (!addr &&
7925 	    (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
7926 	     type == WPA_IF_P2P_GO || type == WPA_IF_MESH ||
7927 	     type == WPA_IF_STATION)) {
7928 		/* Enforce unique address */
7929 		u8 new_addr[ETH_ALEN];
7930 
7931 		if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname,
7932 				       new_addr) < 0) {
7933 			if (added)
7934 				nl80211_remove_iface(drv, ifidx);
7935 			return -1;
7936 		}
7937 		if (nl80211_addr_in_use(drv->global, new_addr)) {
7938 			wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
7939 				   "for interface %s type %d", ifname, type);
7940 			if (nl80211_vif_addr(drv, new_addr) < 0) {
7941 				if (added)
7942 					nl80211_remove_iface(drv, ifidx);
7943 				return -1;
7944 			}
7945 			if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
7946 					       new_addr) < 0) {
7947 				if (added)
7948 					nl80211_remove_iface(drv, ifidx);
7949 				return -1;
7950 			}
7951 		}
7952 		os_memcpy(if_addr, new_addr, ETH_ALEN);
7953 	}
7954 
7955 	if (type == WPA_IF_AP_BSS && setup_ap) {
7956 		struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss));
7957 		if (new_bss == NULL) {
7958 			if (added)
7959 				nl80211_remove_iface(drv, ifidx);
7960 			return -1;
7961 		}
7962 
7963 		if (bridge &&
7964 		    i802_check_bridge(drv, new_bss, bridge, ifname) < 0) {
7965 			wpa_printf(MSG_ERROR, "nl80211: Failed to add the new "
7966 				   "interface %s to a bridge %s",
7967 				   ifname, bridge);
7968 			if (added)
7969 				nl80211_remove_iface(drv, ifidx);
7970 			os_free(new_bss);
7971 			return -1;
7972 		}
7973 
7974 		if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1))
7975 		{
7976 			if (added)
7977 				nl80211_remove_iface(drv, ifidx);
7978 			os_free(new_bss);
7979 			return -1;
7980 		}
7981 		os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
7982 		os_memcpy(new_bss->addr, if_addr, ETH_ALEN);
7983 		new_bss->ifindex = ifidx;
7984 		new_bss->drv = drv;
7985 		new_bss->next = drv->first_bss->next;
7986 		new_bss->freq = drv->first_bss->freq;
7987 		new_bss->ctx = bss_ctx;
7988 		new_bss->added_if = added;
7989 		drv->first_bss->next = new_bss;
7990 		if (drv_priv)
7991 			*drv_priv = new_bss;
7992 		nl80211_init_bss(new_bss);
7993 
7994 		/* Subscribe management frames for this WPA_IF_AP_BSS */
7995 		if (nl80211_setup_ap(new_bss))
7996 			return -1;
7997 	}
7998 
7999 	if (drv->global)
8000 		drv->global->if_add_ifindex = ifidx;
8001 
8002 	/*
8003 	 * Some virtual interfaces need to process EAPOL packets and events on
8004 	 * the parent interface. This is used mainly with hostapd.
8005 	 */
8006 	if (ifidx > 0 &&
8007 	    (drv->hostapd ||
8008 	     nlmode == NL80211_IFTYPE_AP_VLAN ||
8009 	     nlmode == NL80211_IFTYPE_WDS ||
8010 	     nlmode == NL80211_IFTYPE_MONITOR))
8011 		add_ifidx(drv, ifidx, IFIDX_ANY);
8012 
8013 	return 0;
8014 }
8015 
8016 
8017 static int wpa_driver_nl80211_if_remove(struct i802_bss *bss,
8018 					enum wpa_driver_if_type type,
8019 					const char *ifname)
8020 {
8021 	struct wpa_driver_nl80211_data *drv = bss->drv;
8022 	int ifindex = if_nametoindex(ifname);
8023 
8024 	wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d added_if=%d",
8025 		   __func__, type, ifname, ifindex, bss->added_if);
8026 	if (ifindex > 0 && (bss->added_if || bss->ifindex != ifindex))
8027 		nl80211_remove_iface(drv, ifindex);
8028 	else if (ifindex > 0 && !bss->added_if) {
8029 		struct wpa_driver_nl80211_data *drv2;
8030 		dl_list_for_each(drv2, &drv->global->interfaces,
8031 				 struct wpa_driver_nl80211_data, list) {
8032 			del_ifidx(drv2, ifindex, IFIDX_ANY);
8033 			del_ifidx(drv2, IFIDX_ANY, ifindex);
8034 		}
8035 	}
8036 
8037 	if (type != WPA_IF_AP_BSS)
8038 		return 0;
8039 
8040 	if (bss->added_if_into_bridge) {
8041 		if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
8042 				    bss->ifname) < 0)
8043 			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
8044 				   "interface %s from bridge %s: %s",
8045 				   bss->ifname, bss->brname, strerror(errno));
8046 	}
8047 	if (bss->added_bridge) {
8048 		if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
8049 			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
8050 				   "bridge %s: %s",
8051 				   bss->brname, strerror(errno));
8052 	}
8053 
8054 	if (bss != drv->first_bss) {
8055 		struct i802_bss *tbss;
8056 
8057 		wpa_printf(MSG_DEBUG, "nl80211: Not the first BSS - remove it");
8058 		for (tbss = drv->first_bss; tbss; tbss = tbss->next) {
8059 			if (tbss->next == bss) {
8060 				tbss->next = bss->next;
8061 				/* Unsubscribe management frames */
8062 				nl80211_teardown_ap(bss);
8063 				nl80211_destroy_bss(bss);
8064 				if (!bss->added_if)
8065 					i802_set_iface_flags(bss, 0);
8066 				os_free(bss);
8067 				bss = NULL;
8068 				break;
8069 			}
8070 		}
8071 		if (bss)
8072 			wpa_printf(MSG_INFO, "nl80211: %s - could not find "
8073 				   "BSS %p in the list", __func__, bss);
8074 	} else {
8075 		wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
8076 		nl80211_teardown_ap(bss);
8077 		if (!bss->added_if && !drv->first_bss->next)
8078 			wpa_driver_nl80211_del_beacon(bss);
8079 		nl80211_destroy_bss(bss);
8080 		if (!bss->added_if)
8081 			i802_set_iface_flags(bss, 0);
8082 		if (drv->first_bss->next) {
8083 			drv->first_bss = drv->first_bss->next;
8084 			drv->ctx = drv->first_bss->ctx;
8085 			os_free(bss);
8086 		} else {
8087 			wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to");
8088 		}
8089 	}
8090 
8091 	return 0;
8092 }
8093 
8094 
8095 static int cookie_handler(struct nl_msg *msg, void *arg)
8096 {
8097 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
8098 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
8099 	u64 *cookie = arg;
8100 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
8101 		  genlmsg_attrlen(gnlh, 0), NULL);
8102 	if (tb[NL80211_ATTR_COOKIE])
8103 		*cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
8104 	return NL_SKIP;
8105 }
8106 
8107 
8108 static int nl80211_send_frame_cmd(struct i802_bss *bss,
8109 				  unsigned int freq, unsigned int wait,
8110 				  const u8 *buf, size_t buf_len,
8111 				  int save_cookie, int no_cck, int no_ack,
8112 				  int offchanok, const u16 *csa_offs,
8113 				  size_t csa_offs_len)
8114 {
8115 	struct wpa_driver_nl80211_data *drv = bss->drv;
8116 	struct nl_msg *msg;
8117 	u64 cookie;
8118 	int ret = -1;
8119 
8120 	wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d "
8121 		   "no_ack=%d offchanok=%d",
8122 		   freq, wait, no_cck, no_ack, offchanok);
8123 	wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len);
8124 
8125 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_FRAME)) ||
8126 	    (freq && nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
8127 	    (wait && nla_put_u32(msg, NL80211_ATTR_DURATION, wait)) ||
8128 	    (offchanok && ((drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
8129 			   drv->test_use_roc_tx) &&
8130 	     nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) ||
8131 	    (no_cck && nla_put_flag(msg, NL80211_ATTR_TX_NO_CCK_RATE)) ||
8132 	    (no_ack && nla_put_flag(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK)) ||
8133 	    (csa_offs && nla_put(msg, NL80211_ATTR_CSA_C_OFFSETS_TX,
8134 				 csa_offs_len * sizeof(u16), csa_offs)) ||
8135 	    nla_put(msg, NL80211_ATTR_FRAME, buf_len, buf))
8136 		goto fail;
8137 
8138 	cookie = 0;
8139 	ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie, NULL, NULL);
8140 	msg = NULL;
8141 	if (ret) {
8142 		wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d "
8143 			   "(%s) (freq=%u wait=%u)", ret, strerror(-ret),
8144 			   freq, wait);
8145 	} else {
8146 		wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; "
8147 			   "cookie 0x%llx", no_ack ? " (no ACK)" : "",
8148 			   (long long unsigned int) cookie);
8149 
8150 		if (save_cookie)
8151 			drv->send_frame_cookie = no_ack ? (u64) -1 : cookie;
8152 
8153 		if (drv->num_send_frame_cookies == MAX_SEND_FRAME_COOKIES) {
8154 			wpa_printf(MSG_DEBUG,
8155 				   "nl80211: Drop oldest pending send frame cookie 0x%llx",
8156 				   (long long unsigned int)
8157 				   drv->send_frame_cookies[0]);
8158 			os_memmove(&drv->send_frame_cookies[0],
8159 				   &drv->send_frame_cookies[1],
8160 				   (MAX_SEND_FRAME_COOKIES - 1) *
8161 				   sizeof(u64));
8162 			drv->num_send_frame_cookies--;
8163 		}
8164 		drv->send_frame_cookies[drv->num_send_frame_cookies] = cookie;
8165 		drv->num_send_frame_cookies++;
8166 	}
8167 
8168 fail:
8169 	nlmsg_free(msg);
8170 	return ret;
8171 }
8172 
8173 
8174 static int wpa_driver_nl80211_send_action(struct i802_bss *bss,
8175 					  unsigned int freq,
8176 					  unsigned int wait_time,
8177 					  const u8 *dst, const u8 *src,
8178 					  const u8 *bssid,
8179 					  const u8 *data, size_t data_len,
8180 					  int no_cck)
8181 {
8182 	struct wpa_driver_nl80211_data *drv = bss->drv;
8183 	int ret = -1;
8184 	u8 *buf;
8185 	struct ieee80211_hdr *hdr;
8186 	int offchanok = 1;
8187 
8188 	if (is_ap_interface(drv->nlmode) && (int) freq == bss->freq &&
8189 	    bss->beacon_set)
8190 		offchanok = 0;
8191 
8192 	wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
8193 		   "freq=%u MHz wait=%d ms no_cck=%d offchanok=%d)",
8194 		   drv->ifindex, freq, wait_time, no_cck, offchanok);
8195 
8196 	buf = os_zalloc(24 + data_len);
8197 	if (buf == NULL)
8198 		return ret;
8199 	os_memcpy(buf + 24, data, data_len);
8200 	hdr = (struct ieee80211_hdr *) buf;
8201 	hdr->frame_control =
8202 		IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
8203 	os_memcpy(hdr->addr1, dst, ETH_ALEN);
8204 	os_memcpy(hdr->addr2, src, ETH_ALEN);
8205 	os_memcpy(hdr->addr3, bssid, ETH_ALEN);
8206 
8207 	if (os_memcmp(bss->addr, src, ETH_ALEN) != 0) {
8208 		wpa_printf(MSG_DEBUG, "nl80211: Use random TA " MACSTR,
8209 			   MAC2STR(src));
8210 		os_memcpy(bss->rand_addr, src, ETH_ALEN);
8211 	} else {
8212 		os_memset(bss->rand_addr, 0, ETH_ALEN);
8213 	}
8214 
8215 #ifdef CONFIG_MESH
8216 	if (is_mesh_interface(drv->nlmode)) {
8217 		struct hostapd_hw_modes *modes;
8218 		u16 num_modes, flags;
8219 		u8 dfs_domain;
8220 		int i;
8221 
8222 		modes = nl80211_get_hw_feature_data(bss, &num_modes,
8223 						    &flags, &dfs_domain);
8224 		if (dfs_domain != HOSTAPD_DFS_REGION_ETSI &&
8225 		    ieee80211_is_dfs(bss->freq, modes, num_modes))
8226 			offchanok = 0;
8227 		if (modes) {
8228 			for (i = 0; i < num_modes; i++) {
8229 				os_free(modes[i].channels);
8230 				os_free(modes[i].rates);
8231 			}
8232 			os_free(modes);
8233 		}
8234 	}
8235 #endif /* CONFIG_MESH */
8236 
8237 	if (is_ap_interface(drv->nlmode) &&
8238 	    (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
8239 	     (int) freq == bss->freq || drv->device_ap_sme ||
8240 	     !drv->use_monitor))
8241 		ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len,
8242 						   0, freq, no_cck, offchanok,
8243 						   wait_time, NULL, 0, 0);
8244 	else
8245 		ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
8246 					     24 + data_len,
8247 					     1, no_cck, 0, offchanok, NULL, 0);
8248 
8249 	os_free(buf);
8250 	return ret;
8251 }
8252 
8253 
8254 static void nl80211_frame_wait_cancel(struct i802_bss *bss, u64 cookie)
8255 {
8256 	struct wpa_driver_nl80211_data *drv = bss->drv;
8257 	struct nl_msg *msg;
8258 	int ret;
8259 
8260 	wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx",
8261 		   (long long unsigned int) cookie);
8262 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_FRAME_WAIT_CANCEL)) ||
8263 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) {
8264 		nlmsg_free(msg);
8265 		return;
8266 	}
8267 
8268 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
8269 	if (ret)
8270 		wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d "
8271 			   "(%s)", ret, strerror(-ret));
8272 }
8273 
8274 
8275 static void wpa_driver_nl80211_send_action_cancel_wait(void *priv)
8276 {
8277 	struct i802_bss *bss = priv;
8278 	struct wpa_driver_nl80211_data *drv = bss->drv;
8279 	unsigned int i;
8280 	u64 cookie;
8281 
8282 	/* Cancel the last pending TX cookie */
8283 	nl80211_frame_wait_cancel(bss, drv->send_frame_cookie);
8284 
8285 	/*
8286 	 * Cancel the other pending TX cookies, if any. This is needed since
8287 	 * the driver may keep a list of all pending offchannel TX operations
8288 	 * and free up the radio only once they have expired or cancelled.
8289 	 */
8290 	for (i = drv->num_send_frame_cookies; i > 0; i--) {
8291 		cookie = drv->send_frame_cookies[i - 1];
8292 		if (cookie != drv->send_frame_cookie)
8293 			nl80211_frame_wait_cancel(bss, cookie);
8294 	}
8295 	drv->num_send_frame_cookies = 0;
8296 }
8297 
8298 
8299 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
8300 						unsigned int duration)
8301 {
8302 	struct i802_bss *bss = priv;
8303 	struct wpa_driver_nl80211_data *drv = bss->drv;
8304 	struct nl_msg *msg;
8305 	int ret;
8306 	u64 cookie;
8307 
8308 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_REMAIN_ON_CHANNEL)) ||
8309 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
8310 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) {
8311 		nlmsg_free(msg);
8312 		return -1;
8313 	}
8314 
8315 	cookie = 0;
8316 	ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie, NULL, NULL);
8317 	if (ret == 0) {
8318 		wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
8319 			   "0x%llx for freq=%u MHz duration=%u",
8320 			   (long long unsigned int) cookie, freq, duration);
8321 		drv->remain_on_chan_cookie = cookie;
8322 		drv->pending_remain_on_chan = 1;
8323 		return 0;
8324 	}
8325 	wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
8326 		   "(freq=%d duration=%u): %d (%s)",
8327 		   freq, duration, ret, strerror(-ret));
8328 	return -1;
8329 }
8330 
8331 
8332 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
8333 {
8334 	struct i802_bss *bss = priv;
8335 	struct wpa_driver_nl80211_data *drv = bss->drv;
8336 	struct nl_msg *msg;
8337 	int ret;
8338 
8339 	if (!drv->pending_remain_on_chan) {
8340 		wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
8341 			   "to cancel");
8342 		return -1;
8343 	}
8344 
8345 	wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
8346 		   "0x%llx",
8347 		   (long long unsigned int) drv->remain_on_chan_cookie);
8348 
8349 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL);
8350 	if (!msg ||
8351 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie)) {
8352 		nlmsg_free(msg);
8353 		return -1;
8354 	}
8355 
8356 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
8357 	if (ret == 0)
8358 		return 0;
8359 	wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
8360 		   "%d (%s)", ret, strerror(-ret));
8361 	return -1;
8362 }
8363 
8364 
8365 static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report)
8366 {
8367 	struct wpa_driver_nl80211_data *drv = bss->drv;
8368 
8369 	if (!report) {
8370 		if (bss->nl_preq && drv->device_ap_sme &&
8371 		    is_ap_interface(drv->nlmode) && !bss->in_deinit &&
8372 		    !bss->static_ap) {
8373 			/*
8374 			 * Do not disable Probe Request reporting that was
8375 			 * enabled in nl80211_setup_ap().
8376 			 */
8377 			wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of "
8378 				   "Probe Request reporting nl_preq=%p while "
8379 				   "in AP mode", bss->nl_preq);
8380 		} else if (bss->nl_preq) {
8381 			wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request "
8382 				   "reporting nl_preq=%p", bss->nl_preq);
8383 			nl80211_destroy_eloop_handle(&bss->nl_preq, 0);
8384 		}
8385 		return 0;
8386 	}
8387 
8388 	if (bss->nl_preq) {
8389 		wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting "
8390 			   "already on! nl_preq=%p", bss->nl_preq);
8391 		return 0;
8392 	}
8393 
8394 	bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq");
8395 	if (bss->nl_preq == NULL)
8396 		return -1;
8397 	wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request "
8398 		   "reporting nl_preq=%p", bss->nl_preq);
8399 
8400 	if (nl80211_register_frame(bss, bss->nl_preq,
8401 				   (WLAN_FC_TYPE_MGMT << 2) |
8402 				   (WLAN_FC_STYPE_PROBE_REQ << 4),
8403 				   NULL, 0, false) < 0)
8404 		goto out_err;
8405 
8406 	nl80211_register_eloop_read(&bss->nl_preq,
8407 				    wpa_driver_nl80211_event_receive,
8408 				    bss->nl_cb, 0);
8409 
8410 	return 0;
8411 
8412  out_err:
8413 	nl_destroy_handles(&bss->nl_preq);
8414 	return -1;
8415 }
8416 
8417 
8418 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
8419 				     int ifindex, int disabled)
8420 {
8421 	struct nl_msg *msg;
8422 	struct nlattr *bands, *band;
8423 	int ret;
8424 
8425 	wpa_printf(MSG_DEBUG,
8426 		   "nl80211: NL80211_CMD_SET_TX_BITRATE_MASK (ifindex=%d %s)",
8427 		   ifindex, disabled ? "NL80211_TXRATE_LEGACY=OFDM-only" :
8428 		   "no NL80211_TXRATE_LEGACY constraint");
8429 
8430 	msg = nl80211_ifindex_msg(drv, ifindex, 0,
8431 				  NL80211_CMD_SET_TX_BITRATE_MASK);
8432 	if (!msg)
8433 		return -1;
8434 
8435 	bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
8436 	if (!bands)
8437 		goto fail;
8438 
8439 	/*
8440 	 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
8441 	 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
8442 	 * rates. All 5 GHz rates are left enabled.
8443 	 */
8444 	band = nla_nest_start(msg, NL80211_BAND_2GHZ);
8445 	if (!band ||
8446 	    (disabled && nla_put(msg, NL80211_TXRATE_LEGACY, 8,
8447 				 "\x0c\x12\x18\x24\x30\x48\x60\x6c")))
8448 		goto fail;
8449 	nla_nest_end(msg, band);
8450 
8451 	nla_nest_end(msg, bands);
8452 
8453 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
8454 	if (ret) {
8455 		wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
8456 			   "(%s)", ret, strerror(-ret));
8457 	} else
8458 		drv->disabled_11b_rates = disabled;
8459 
8460 	return ret;
8461 
8462 fail:
8463 	nlmsg_free(msg);
8464 	return -1;
8465 }
8466 
8467 
8468 static int wpa_driver_nl80211_deinit_ap(void *priv)
8469 {
8470 	struct i802_bss *bss = priv;
8471 	struct wpa_driver_nl80211_data *drv = bss->drv;
8472 	if (!is_ap_interface(drv->nlmode))
8473 		return -1;
8474 	wpa_driver_nl80211_del_beacon(bss);
8475 	bss->beacon_set = 0;
8476 
8477 	/*
8478 	 * If the P2P GO interface was dynamically added, then it is
8479 	 * possible that the interface change to station is not possible.
8480 	 */
8481 	if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic)
8482 		return 0;
8483 
8484 	return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
8485 }
8486 
8487 
8488 static int wpa_driver_nl80211_stop_ap(void *priv)
8489 {
8490 	struct i802_bss *bss = priv;
8491 	struct wpa_driver_nl80211_data *drv = bss->drv;
8492 	if (!is_ap_interface(drv->nlmode))
8493 		return -1;
8494 	wpa_driver_nl80211_del_beacon(bss);
8495 	bss->beacon_set = 0;
8496 	return 0;
8497 }
8498 
8499 
8500 static int wpa_driver_nl80211_deinit_p2p_cli(void *priv)
8501 {
8502 	struct i802_bss *bss = priv;
8503 	struct wpa_driver_nl80211_data *drv = bss->drv;
8504 	if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT)
8505 		return -1;
8506 
8507 	/*
8508 	 * If the P2P Client interface was dynamically added, then it is
8509 	 * possible that the interface change to station is not possible.
8510 	 */
8511 	if (bss->if_dynamic)
8512 		return 0;
8513 
8514 	return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
8515 }
8516 
8517 
8518 static void wpa_driver_nl80211_resume(void *priv)
8519 {
8520 	struct i802_bss *bss = priv;
8521 	enum nl80211_iftype nlmode = nl80211_get_ifmode(bss);
8522 
8523 	if (i802_set_iface_flags(bss, 1))
8524 		wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event");
8525 
8526 	if (is_p2p_net_interface(nlmode))
8527 		nl80211_disable_11b_rates(bss->drv, bss->drv->ifindex, 1);
8528 }
8529 
8530 
8531 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
8532 {
8533 	struct i802_bss *bss = priv;
8534 	struct wpa_driver_nl80211_data *drv = bss->drv;
8535 	struct nl_msg *msg;
8536 	struct nlattr *cqm;
8537 
8538 	wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
8539 		   "hysteresis=%d", threshold, hysteresis);
8540 
8541 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_CQM)) ||
8542 	    !(cqm = nla_nest_start(msg, NL80211_ATTR_CQM)) ||
8543 	    nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold) ||
8544 	    nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis)) {
8545 		nlmsg_free(msg);
8546 		return -1;
8547 	}
8548 	nla_nest_end(msg, cqm);
8549 
8550 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
8551 }
8552 
8553 
8554 static int get_channel_width(struct nl_msg *msg, void *arg)
8555 {
8556 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
8557 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
8558 	struct wpa_signal_info *sig_change = arg;
8559 
8560 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
8561 		  genlmsg_attrlen(gnlh, 0), NULL);
8562 
8563 	sig_change->center_frq1 = -1;
8564 	sig_change->center_frq2 = -1;
8565 	sig_change->chanwidth = CHAN_WIDTH_UNKNOWN;
8566 
8567 	if (tb[NL80211_ATTR_CHANNEL_WIDTH]) {
8568 		sig_change->chanwidth = convert2width(
8569 			nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH]));
8570 		if (tb[NL80211_ATTR_CENTER_FREQ1])
8571 			sig_change->center_frq1 =
8572 				nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
8573 		if (tb[NL80211_ATTR_CENTER_FREQ2])
8574 			sig_change->center_frq2 =
8575 				nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
8576 	}
8577 
8578 	return NL_SKIP;
8579 }
8580 
8581 
8582 static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv,
8583 				     struct wpa_signal_info *sig)
8584 {
8585 	struct nl_msg *msg;
8586 
8587 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_INTERFACE);
8588 	return send_and_recv_msgs(drv, msg, get_channel_width, sig, NULL, NULL);
8589 }
8590 
8591 
8592 static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si)
8593 {
8594 	struct i802_bss *bss = priv;
8595 	struct wpa_driver_nl80211_data *drv = bss->drv;
8596 	int res;
8597 
8598 	os_memset(si, 0, sizeof(*si));
8599 	res = nl80211_get_link_signal(drv, si);
8600 	if (res) {
8601 		if (drv->nlmode != NL80211_IFTYPE_ADHOC &&
8602 		    drv->nlmode != NL80211_IFTYPE_MESH_POINT)
8603 			return res;
8604 		si->current_signal = 0;
8605 	}
8606 
8607 	res = nl80211_get_channel_width(drv, si);
8608 	if (res != 0)
8609 		return res;
8610 
8611 	return nl80211_get_link_noise(drv, si);
8612 }
8613 
8614 
8615 static int nl80211_set_param(void *priv, const char *param)
8616 {
8617 	struct i802_bss *bss = priv;
8618 	struct wpa_driver_nl80211_data *drv = bss->drv;
8619 
8620 	if (param == NULL)
8621 		return 0;
8622 	wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param);
8623 
8624 #ifdef CONFIG_P2P
8625 	if (os_strstr(param, "use_p2p_group_interface=1")) {
8626 		wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
8627 			   "interface");
8628 		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
8629 		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
8630 	}
8631 #endif /* CONFIG_P2P */
8632 
8633 	if (os_strstr(param, "use_monitor=1"))
8634 		drv->use_monitor = 1;
8635 
8636 	if (os_strstr(param, "force_connect_cmd=1")) {
8637 		drv->capa.flags &= ~WPA_DRIVER_FLAGS_SME;
8638 		drv->force_connect_cmd = 1;
8639 	}
8640 
8641 	if (os_strstr(param, "force_bss_selection=1"))
8642 		drv->capa.flags |= WPA_DRIVER_FLAGS_BSS_SELECTION;
8643 
8644 	if (os_strstr(param, "no_offchannel_tx=1")) {
8645 		drv->capa.flags &= ~WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
8646 		drv->test_use_roc_tx = 1;
8647 	}
8648 
8649 	if (os_strstr(param, "control_port=0")) {
8650 		drv->capa.flags &= ~WPA_DRIVER_FLAGS_CONTROL_PORT;
8651 		drv->capa.flags2 &= ~(WPA_DRIVER_FLAGS2_CONTROL_PORT_RX |
8652 				      WPA_DRIVER_FLAGS2_CONTROL_PORT_TX_STATUS);
8653 		drv->control_port_ap = 0;
8654 	}
8655 
8656 	if (os_strstr(param, "control_port_ap=1"))
8657 		drv->control_port_ap = 1;
8658 
8659 	if (os_strstr(param, "control_port_ap=0")) {
8660 		drv->capa.flags2 &= ~WPA_DRIVER_FLAGS2_CONTROL_PORT_TX_STATUS;
8661 		drv->control_port_ap = 0;
8662 	}
8663 
8664 	if (os_strstr(param, "full_ap_client_state=0"))
8665 		drv->capa.flags &= ~WPA_DRIVER_FLAGS_FULL_AP_CLIENT_STATE;
8666 
8667 	if (os_strstr(param, "no_rrm=1")) {
8668 		drv->no_rrm = 1;
8669 
8670 		if (!bss->in_deinit && !is_ap_interface(drv->nlmode) &&
8671 		    !is_mesh_interface(drv->nlmode)) {
8672 			nl80211_mgmt_unsubscribe(bss, "no_rrm=1");
8673 			if (nl80211_mgmt_subscribe_non_ap(bss) < 0)
8674 				wpa_printf(MSG_DEBUG,
8675 					   "nl80211: Failed to re-register Action frame processing - ignore for now");
8676 		}
8677 	}
8678 
8679 	return 0;
8680 }
8681 
8682 
8683 static void * nl80211_global_init(void *ctx)
8684 {
8685 	struct nl80211_global *global;
8686 	struct netlink_config *cfg;
8687 
8688 	global = os_zalloc(sizeof(*global));
8689 	if (global == NULL)
8690 		return NULL;
8691 	global->ctx = ctx;
8692 	global->ioctl_sock = -1;
8693 	dl_list_init(&global->interfaces);
8694 	global->if_add_ifindex = -1;
8695 
8696 	cfg = os_zalloc(sizeof(*cfg));
8697 	if (cfg == NULL)
8698 		goto err;
8699 
8700 	cfg->ctx = global;
8701 	cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
8702 	cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
8703 	global->netlink = netlink_init(cfg);
8704 	if (global->netlink == NULL) {
8705 		os_free(cfg);
8706 		goto err;
8707 	}
8708 
8709 	if (wpa_driver_nl80211_init_nl_global(global) < 0)
8710 		goto err;
8711 
8712 	global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
8713 	if (global->ioctl_sock < 0) {
8714 		wpa_printf(MSG_ERROR, "nl80211: socket(PF_INET,SOCK_DGRAM) failed: %s",
8715 			   strerror(errno));
8716 		goto err;
8717 	}
8718 
8719 	return global;
8720 
8721 err:
8722 	nl80211_global_deinit(global);
8723 	return NULL;
8724 }
8725 
8726 
8727 static void nl80211_global_deinit(void *priv)
8728 {
8729 	struct nl80211_global *global = priv;
8730 	if (global == NULL)
8731 		return;
8732 	if (!dl_list_empty(&global->interfaces)) {
8733 		wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at "
8734 			   "nl80211_global_deinit",
8735 			   dl_list_len(&global->interfaces));
8736 	}
8737 
8738 	if (global->netlink)
8739 		netlink_deinit(global->netlink);
8740 
8741 	nl_destroy_handles(&global->nl);
8742 
8743 	if (global->nl_event)
8744 		nl80211_destroy_eloop_handle(&global->nl_event, 0);
8745 
8746 	nl_cb_put(global->nl_cb);
8747 
8748 	if (global->ioctl_sock >= 0)
8749 		close(global->ioctl_sock);
8750 
8751 	os_free(global);
8752 }
8753 
8754 
8755 static const char * nl80211_get_radio_name(void *priv)
8756 {
8757 	struct i802_bss *bss = priv;
8758 	struct wpa_driver_nl80211_data *drv = bss->drv;
8759 	return drv->phyname;
8760 }
8761 
8762 
8763 static int nl80211_pmkid(struct i802_bss *bss, int cmd,
8764 			 struct wpa_pmkid_params *params)
8765 {
8766 	struct nl_msg *msg;
8767 	const size_t PMK_MAX_LEN = 48; /* current cfg80211 limit */
8768 
8769 	if (!(msg = nl80211_bss_msg(bss, 0, cmd)) ||
8770 	    (params->pmkid &&
8771 	     nla_put(msg, NL80211_ATTR_PMKID, 16, params->pmkid)) ||
8772 	    (params->bssid &&
8773 	     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid)) ||
8774 	    (params->ssid_len &&
8775 	     nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid)) ||
8776 	    (params->fils_cache_id &&
8777 	     nla_put(msg, NL80211_ATTR_FILS_CACHE_ID, 2,
8778 		     params->fils_cache_id)) ||
8779 	    (params->pmk_lifetime &&
8780 	     nla_put_u32(msg, NL80211_ATTR_PMK_LIFETIME,
8781 			 params->pmk_lifetime)) ||
8782 	    (params->pmk_reauth_threshold &&
8783 	     nla_put_u8(msg, NL80211_ATTR_PMK_REAUTH_THRESHOLD,
8784 			params->pmk_reauth_threshold)) ||
8785 	    (cmd != NL80211_CMD_DEL_PMKSA &&
8786 	     params->pmk_len && params->pmk_len <= PMK_MAX_LEN &&
8787 	     nla_put(msg, NL80211_ATTR_PMK, params->pmk_len, params->pmk))) {
8788 		nl80211_nlmsg_clear(msg);
8789 		nlmsg_free(msg);
8790 		return -ENOBUFS;
8791 	}
8792 
8793 	return send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
8794 }
8795 
8796 
8797 static int nl80211_add_pmkid(void *priv, struct wpa_pmkid_params *params)
8798 {
8799 	struct i802_bss *bss = priv;
8800 	int ret;
8801 
8802 	if (params->bssid)
8803 		wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR,
8804 			   MAC2STR(params->bssid));
8805 	else if (params->fils_cache_id && params->ssid_len) {
8806 		wpa_printf(MSG_DEBUG,
8807 			   "nl80211: Add PMKSA for cache id %02x%02x SSID %s",
8808 			   params->fils_cache_id[0], params->fils_cache_id[1],
8809 			   wpa_ssid_txt(params->ssid, params->ssid_len));
8810 	}
8811 
8812 	ret = nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, params);
8813 	if (ret < 0) {
8814 		wpa_printf(MSG_DEBUG,
8815 			   "nl80211: NL80211_CMD_SET_PMKSA failed: %d (%s)",
8816 			   ret, strerror(-ret));
8817 	}
8818 
8819 	return ret;
8820 }
8821 
8822 
8823 static int nl80211_remove_pmkid(void *priv, struct wpa_pmkid_params *params)
8824 {
8825 	struct i802_bss *bss = priv;
8826 	int ret;
8827 
8828 	if (params->bssid)
8829 		wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR,
8830 			   MAC2STR(params->bssid));
8831 	else if (params->fils_cache_id && params->ssid_len) {
8832 		wpa_printf(MSG_DEBUG,
8833 			   "nl80211: Delete PMKSA for cache id %02x%02x SSID %s",
8834 			   params->fils_cache_id[0], params->fils_cache_id[1],
8835 			   wpa_ssid_txt(params->ssid, params->ssid_len));
8836 	}
8837 
8838 	ret = nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, params);
8839 	if (ret < 0) {
8840 		wpa_printf(MSG_DEBUG,
8841 			   "nl80211: NL80211_CMD_DEL_PMKSA failed: %d (%s)",
8842 			   ret, strerror(-ret));
8843 	}
8844 
8845 	return ret;
8846 }
8847 
8848 
8849 static int nl80211_flush_pmkid(void *priv)
8850 {
8851 	struct i802_bss *bss = priv;
8852 	struct nl_msg *msg;
8853 
8854 	wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs");
8855 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_FLUSH_PMKSA);
8856 	if (!msg)
8857 		return -ENOBUFS;
8858 	return send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
8859 }
8860 
8861 
8862 static void clean_survey_results(struct survey_results *survey_results)
8863 {
8864 	struct freq_survey *survey, *tmp;
8865 
8866 	if (dl_list_empty(&survey_results->survey_list))
8867 		return;
8868 
8869 	dl_list_for_each_safe(survey, tmp, &survey_results->survey_list,
8870 			      struct freq_survey, list) {
8871 		dl_list_del(&survey->list);
8872 		os_free(survey);
8873 	}
8874 }
8875 
8876 
8877 static void add_survey(struct nlattr **sinfo, u32 ifidx,
8878 		       struct dl_list *survey_list)
8879 {
8880 	struct freq_survey *survey;
8881 
8882 	survey = os_zalloc(sizeof(struct freq_survey));
8883 	if  (!survey)
8884 		return;
8885 
8886 	survey->ifidx = ifidx;
8887 	survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
8888 	survey->filled = 0;
8889 
8890 	if (sinfo[NL80211_SURVEY_INFO_NOISE]) {
8891 		survey->nf = (int8_t)
8892 			nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
8893 		survey->filled |= SURVEY_HAS_NF;
8894 	}
8895 
8896 	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) {
8897 		survey->channel_time =
8898 			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]);
8899 		survey->filled |= SURVEY_HAS_CHAN_TIME;
8900 	}
8901 
8902 	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) {
8903 		survey->channel_time_busy =
8904 			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]);
8905 		survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY;
8906 	}
8907 
8908 	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) {
8909 		survey->channel_time_rx =
8910 			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]);
8911 		survey->filled |= SURVEY_HAS_CHAN_TIME_RX;
8912 	}
8913 
8914 	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) {
8915 		survey->channel_time_tx =
8916 			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]);
8917 		survey->filled |= SURVEY_HAS_CHAN_TIME_TX;
8918 	}
8919 
8920 	wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)",
8921 		   survey->freq,
8922 		   survey->nf,
8923 		   (unsigned long int) survey->channel_time,
8924 		   (unsigned long int) survey->channel_time_busy,
8925 		   (unsigned long int) survey->channel_time_tx,
8926 		   (unsigned long int) survey->channel_time_rx,
8927 		   survey->filled);
8928 
8929 	dl_list_add_tail(survey_list, &survey->list);
8930 }
8931 
8932 
8933 static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq,
8934 			   unsigned int freq_filter)
8935 {
8936 	if (!freq_filter)
8937 		return 1;
8938 
8939 	return freq_filter == surveyed_freq;
8940 }
8941 
8942 
8943 static int survey_handler(struct nl_msg *msg, void *arg)
8944 {
8945 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
8946 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
8947 	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
8948 	struct survey_results *survey_results;
8949 	u32 surveyed_freq = 0;
8950 	u32 ifidx;
8951 
8952 	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
8953 		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
8954 		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
8955 	};
8956 
8957 	survey_results = (struct survey_results *) arg;
8958 
8959 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
8960 		  genlmsg_attrlen(gnlh, 0), NULL);
8961 
8962 	if (!tb[NL80211_ATTR_IFINDEX])
8963 		return NL_SKIP;
8964 
8965 	ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
8966 
8967 	if (!tb[NL80211_ATTR_SURVEY_INFO])
8968 		return NL_SKIP;
8969 
8970 	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
8971 			     tb[NL80211_ATTR_SURVEY_INFO],
8972 			     survey_policy))
8973 		return NL_SKIP;
8974 
8975 	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) {
8976 		wpa_printf(MSG_ERROR, "nl80211: Invalid survey data");
8977 		return NL_SKIP;
8978 	}
8979 
8980 	surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
8981 
8982 	if (!check_survey_ok(sinfo, surveyed_freq,
8983 			     survey_results->freq_filter))
8984 		return NL_SKIP;
8985 
8986 	if (survey_results->freq_filter &&
8987 	    survey_results->freq_filter != surveyed_freq) {
8988 		wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz",
8989 			   surveyed_freq);
8990 		return NL_SKIP;
8991 	}
8992 
8993 	add_survey(sinfo, ifidx, &survey_results->survey_list);
8994 
8995 	return NL_SKIP;
8996 }
8997 
8998 
8999 static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq)
9000 {
9001 	struct i802_bss *bss = priv;
9002 	struct wpa_driver_nl80211_data *drv = bss->drv;
9003 	struct nl_msg *msg;
9004 	int err;
9005 	union wpa_event_data data;
9006 	struct survey_results *survey_results;
9007 
9008 	os_memset(&data, 0, sizeof(data));
9009 	survey_results = &data.survey_results;
9010 
9011 	dl_list_init(&survey_results->survey_list);
9012 
9013 	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
9014 	if (!msg)
9015 		return -ENOBUFS;
9016 
9017 	if (freq)
9018 		data.survey_results.freq_filter = freq;
9019 
9020 	do {
9021 		wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data");
9022 		err = send_and_recv_msgs(drv, msg, survey_handler,
9023 					 survey_results, NULL, NULL);
9024 	} while (err > 0);
9025 
9026 	if (err)
9027 		wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data");
9028 	else
9029 		wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data);
9030 
9031 	clean_survey_results(survey_results);
9032 	return err;
9033 }
9034 
9035 
9036 static void nl80211_set_rekey_info(void *priv, const u8 *kek, size_t kek_len,
9037 				   const u8 *kck, size_t kck_len,
9038 				   const u8 *replay_ctr)
9039 {
9040 	struct i802_bss *bss = priv;
9041 	struct wpa_driver_nl80211_data *drv = bss->drv;
9042 	struct nlattr *replay_nested;
9043 	struct nl_msg *msg;
9044 	int ret;
9045 
9046 	if (!drv->set_rekey_offload)
9047 		return;
9048 
9049 	wpa_printf(MSG_DEBUG, "nl80211: Set rekey offload");
9050 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_REKEY_OFFLOAD)) ||
9051 	    !(replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA)) ||
9052 	    nla_put(msg, NL80211_REKEY_DATA_KEK, kek_len, kek) ||
9053 	    (kck_len && nla_put(msg, NL80211_REKEY_DATA_KCK, kck_len, kck)) ||
9054 	    nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN,
9055 		    replay_ctr)) {
9056 		nl80211_nlmsg_clear(msg);
9057 		nlmsg_free(msg);
9058 		return;
9059 	}
9060 
9061 	nla_nest_end(msg, replay_nested);
9062 
9063 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9064 	if (ret == -EOPNOTSUPP) {
9065 		wpa_printf(MSG_DEBUG,
9066 			   "nl80211: Driver does not support rekey offload");
9067 		drv->set_rekey_offload = 0;
9068 	}
9069 }
9070 
9071 
9072 static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr,
9073 				    const u8 *addr, int qos)
9074 {
9075 	/* send data frame to poll STA and check whether
9076 	 * this frame is ACKed */
9077 	struct {
9078 		struct ieee80211_hdr hdr;
9079 		u16 qos_ctl;
9080 	} STRUCT_PACKED nulldata;
9081 	size_t size;
9082 
9083 	/* Send data frame to poll STA and check whether this frame is ACKed */
9084 
9085 	os_memset(&nulldata, 0, sizeof(nulldata));
9086 
9087 	if (qos) {
9088 		nulldata.hdr.frame_control =
9089 			IEEE80211_FC(WLAN_FC_TYPE_DATA,
9090 				     WLAN_FC_STYPE_QOS_NULL);
9091 		size = sizeof(nulldata);
9092 	} else {
9093 		nulldata.hdr.frame_control =
9094 			IEEE80211_FC(WLAN_FC_TYPE_DATA,
9095 				     WLAN_FC_STYPE_NULLFUNC);
9096 		size = sizeof(struct ieee80211_hdr);
9097 	}
9098 
9099 	nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS);
9100 	os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN);
9101 	os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
9102 	os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
9103 
9104 	if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0,
9105 					 0, 0, NULL, 0, 0) < 0)
9106 		wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to "
9107 			   "send poll frame");
9108 }
9109 
9110 static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr,
9111 				int qos)
9112 {
9113 	struct i802_bss *bss = priv;
9114 	struct wpa_driver_nl80211_data *drv = bss->drv;
9115 	struct nl_msg *msg;
9116 	u64 cookie;
9117 	int ret;
9118 
9119 	if (!drv->poll_command_supported) {
9120 		nl80211_send_null_frame(bss, own_addr, addr, qos);
9121 		return;
9122 	}
9123 
9124 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_PROBE_CLIENT)) ||
9125 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
9126 		nlmsg_free(msg);
9127 		return;
9128 	}
9129 
9130 	ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie, NULL, NULL);
9131 	if (ret < 0) {
9132 		wpa_printf(MSG_DEBUG, "nl80211: Client probe request for "
9133 			   MACSTR " failed: ret=%d (%s)",
9134 			   MAC2STR(addr), ret, strerror(-ret));
9135 	} else {
9136 		wpa_printf(MSG_DEBUG,
9137 			   "nl80211: Client probe request addr=" MACSTR
9138 			   " cookie=%llu", MAC2STR(addr),
9139 			   (long long unsigned int) cookie);
9140 	}
9141 }
9142 
9143 
9144 static int nl80211_set_power_save(struct i802_bss *bss, int enabled)
9145 {
9146 	struct nl_msg *msg;
9147 	int ret;
9148 
9149 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_POWER_SAVE)) ||
9150 	    nla_put_u32(msg, NL80211_ATTR_PS_STATE,
9151 			enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED)) {
9152 		nlmsg_free(msg);
9153 		return -ENOBUFS;
9154 	}
9155 
9156 	ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
9157 	if (ret < 0) {
9158 		wpa_printf(MSG_DEBUG,
9159 			   "nl80211: Setting PS state %s failed: %d (%s)",
9160 			   enabled ? "enabled" : "disabled",
9161 			   ret, strerror(-ret));
9162 	}
9163 	return ret;
9164 }
9165 
9166 
9167 static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps,
9168 				     int ctwindow)
9169 {
9170 	struct i802_bss *bss = priv;
9171 
9172 	wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d "
9173 		   "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow);
9174 
9175 	if (opp_ps != -1 || ctwindow != -1) {
9176 #ifdef ANDROID_P2P
9177 		wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow);
9178 #else /* ANDROID_P2P */
9179 		return -1; /* Not yet supported */
9180 #endif /* ANDROID_P2P */
9181 	}
9182 
9183 	if (legacy_ps == -1)
9184 		return 0;
9185 	if (legacy_ps != 0 && legacy_ps != 1)
9186 		return -1; /* Not yet supported */
9187 
9188 	return nl80211_set_power_save(bss, legacy_ps);
9189 }
9190 
9191 
9192 static int nl80211_start_radar_detection(void *priv,
9193 					 struct hostapd_freq_params *freq)
9194 {
9195 	struct i802_bss *bss = priv;
9196 	struct wpa_driver_nl80211_data *drv = bss->drv;
9197 	struct nl_msg *msg;
9198 	int ret;
9199 
9200 	wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, he_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
9201 		   freq->freq, freq->ht_enabled, freq->vht_enabled, freq->he_enabled,
9202 		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
9203 
9204 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) {
9205 		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar "
9206 			   "detection");
9207 		return -1;
9208 	}
9209 
9210 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_RADAR_DETECT)) ||
9211 	    nl80211_put_freq_params(msg, freq) < 0) {
9212 		nlmsg_free(msg);
9213 		return -1;
9214 	}
9215 
9216 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9217 	if (ret == 0)
9218 		return 0;
9219 	wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: "
9220 		   "%d (%s)", ret, strerror(-ret));
9221 	return -1;
9222 }
9223 
9224 #ifdef CONFIG_TDLS
9225 
9226 static int nl80211_add_peer_capab(struct nl_msg *msg,
9227 				  enum tdls_peer_capability capa)
9228 {
9229 	u32 peer_capab = 0;
9230 
9231 	if (!capa)
9232 		return 0;
9233 
9234 	if (capa & TDLS_PEER_HT)
9235 		peer_capab |= NL80211_TDLS_PEER_HT;
9236 	if (capa & TDLS_PEER_VHT)
9237 		peer_capab |= NL80211_TDLS_PEER_VHT;
9238 	if (capa & TDLS_PEER_WMM)
9239 		peer_capab |= NL80211_TDLS_PEER_WMM;
9240 	if (capa & TDLS_PEER_HE)
9241 		peer_capab |= NL80211_TDLS_PEER_HE;
9242 
9243 	return nla_put_u32(msg, NL80211_ATTR_TDLS_PEER_CAPABILITY,
9244 			   peer_capab);
9245 }
9246 
9247 
9248 static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code,
9249 				  u8 dialog_token, u16 status_code,
9250 				  u32 peer_capab, int initiator, const u8 *buf,
9251 				  size_t len)
9252 {
9253 	struct i802_bss *bss = priv;
9254 	struct wpa_driver_nl80211_data *drv = bss->drv;
9255 	struct nl_msg *msg;
9256 
9257 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
9258 		return -EOPNOTSUPP;
9259 
9260 	if (!dst)
9261 		return -EINVAL;
9262 
9263 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_TDLS_MGMT)) ||
9264 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
9265 	    nla_put_u8(msg, NL80211_ATTR_TDLS_ACTION, action_code) ||
9266 	    nla_put_u8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token) ||
9267 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status_code) ||
9268 	    nl80211_add_peer_capab(msg, peer_capab) ||
9269 	    (initiator && nla_put_flag(msg, NL80211_ATTR_TDLS_INITIATOR)) ||
9270 	    nla_put(msg, NL80211_ATTR_IE, len, buf))
9271 		goto fail;
9272 
9273 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9274 
9275 fail:
9276 	nlmsg_free(msg);
9277 	return -ENOBUFS;
9278 }
9279 
9280 
9281 static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer)
9282 {
9283 	struct i802_bss *bss = priv;
9284 	struct wpa_driver_nl80211_data *drv = bss->drv;
9285 	struct nl_msg *msg;
9286 	enum nl80211_tdls_operation nl80211_oper;
9287 	int res;
9288 
9289 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
9290 		return -EOPNOTSUPP;
9291 
9292 	switch (oper) {
9293 	case TDLS_DISCOVERY_REQ:
9294 		nl80211_oper = NL80211_TDLS_DISCOVERY_REQ;
9295 		break;
9296 	case TDLS_SETUP:
9297 		nl80211_oper = NL80211_TDLS_SETUP;
9298 		break;
9299 	case TDLS_TEARDOWN:
9300 		nl80211_oper = NL80211_TDLS_TEARDOWN;
9301 		break;
9302 	case TDLS_ENABLE_LINK:
9303 		nl80211_oper = NL80211_TDLS_ENABLE_LINK;
9304 		break;
9305 	case TDLS_DISABLE_LINK:
9306 		nl80211_oper = NL80211_TDLS_DISABLE_LINK;
9307 		break;
9308 	case TDLS_ENABLE:
9309 		return 0;
9310 	case TDLS_DISABLE:
9311 		return 0;
9312 	default:
9313 		return -EINVAL;
9314 	}
9315 
9316 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_TDLS_OPER)) ||
9317 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper) ||
9318 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) {
9319 		nlmsg_free(msg);
9320 		return -ENOBUFS;
9321 	}
9322 
9323 	res = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9324 	wpa_printf(MSG_DEBUG, "nl80211: TDLS_OPER: oper=%d mac=" MACSTR
9325 		   " --> res=%d (%s)", nl80211_oper, MAC2STR(peer), res,
9326 		   strerror(-res));
9327 	return res;
9328 }
9329 
9330 
9331 static int
9332 nl80211_tdls_enable_channel_switch(void *priv, const u8 *addr, u8 oper_class,
9333 				   const struct hostapd_freq_params *params)
9334 {
9335 	struct i802_bss *bss = priv;
9336 	struct wpa_driver_nl80211_data *drv = bss->drv;
9337 	struct nl_msg *msg;
9338 	int ret = -ENOBUFS;
9339 
9340 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT) ||
9341 	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH))
9342 		return -EOPNOTSUPP;
9343 
9344 	wpa_printf(MSG_DEBUG, "nl80211: Enable TDLS channel switch " MACSTR
9345 		   " oper_class=%u freq=%u",
9346 		   MAC2STR(addr), oper_class, params->freq);
9347 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_TDLS_CHANNEL_SWITCH);
9348 	if (!msg ||
9349 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
9350 	    nla_put_u8(msg, NL80211_ATTR_OPER_CLASS, oper_class) ||
9351 	    (ret = nl80211_put_freq_params(msg, params))) {
9352 		nlmsg_free(msg);
9353 		wpa_printf(MSG_DEBUG, "nl80211: Could not build TDLS chan switch");
9354 		return ret;
9355 	}
9356 
9357 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9358 }
9359 
9360 
9361 static int
9362 nl80211_tdls_disable_channel_switch(void *priv, const u8 *addr)
9363 {
9364 	struct i802_bss *bss = priv;
9365 	struct wpa_driver_nl80211_data *drv = bss->drv;
9366 	struct nl_msg *msg;
9367 
9368 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT) ||
9369 	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH))
9370 		return -EOPNOTSUPP;
9371 
9372 	wpa_printf(MSG_DEBUG, "nl80211: Disable TDLS channel switch " MACSTR,
9373 		   MAC2STR(addr));
9374 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH);
9375 	if (!msg ||
9376 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
9377 		nlmsg_free(msg);
9378 		wpa_printf(MSG_DEBUG,
9379 			   "nl80211: Could not build TDLS cancel chan switch");
9380 		return -ENOBUFS;
9381 	}
9382 
9383 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9384 }
9385 
9386 #endif /* CONFIG TDLS */
9387 
9388 
9389 static int driver_nl80211_set_key(void *priv,
9390 				  struct wpa_driver_set_key_params *params)
9391 {
9392 	struct i802_bss *bss = priv;
9393 
9394 	return wpa_driver_nl80211_set_key(bss, params);
9395 }
9396 
9397 
9398 static int driver_nl80211_scan2(void *priv,
9399 				struct wpa_driver_scan_params *params)
9400 {
9401 	struct i802_bss *bss = priv;
9402 #ifdef CONFIG_DRIVER_NL80211_QCA
9403 	struct wpa_driver_nl80211_data *drv = bss->drv;
9404 
9405 	/*
9406 	 * Do a vendor specific scan if possible. If only_new_results is
9407 	 * set, do a normal scan since a kernel (cfg80211) BSS cache flush
9408 	 * cannot be achieved through a vendor scan. The below condition may
9409 	 * need to be modified if new scan flags are added in the future whose
9410 	 * functionality can only be achieved through a normal scan.
9411 	 */
9412 	if (drv->scan_vendor_cmd_avail && !params->only_new_results)
9413 		return wpa_driver_nl80211_vendor_scan(bss, params);
9414 #endif /* CONFIG_DRIVER_NL80211_QCA */
9415 	return wpa_driver_nl80211_scan(bss, params);
9416 }
9417 
9418 
9419 static int driver_nl80211_deauthenticate(void *priv, const u8 *addr,
9420 					 u16 reason_code)
9421 {
9422 	struct i802_bss *bss = priv;
9423 	return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code);
9424 }
9425 
9426 
9427 static int driver_nl80211_authenticate(void *priv,
9428 				       struct wpa_driver_auth_params *params)
9429 {
9430 	struct i802_bss *bss = priv;
9431 	return wpa_driver_nl80211_authenticate(bss, params);
9432 }
9433 
9434 
9435 static void driver_nl80211_deinit(void *priv)
9436 {
9437 	struct i802_bss *bss = priv;
9438 	wpa_driver_nl80211_deinit(bss);
9439 }
9440 
9441 
9442 static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type,
9443 				    const char *ifname)
9444 {
9445 	struct i802_bss *bss = priv;
9446 	return wpa_driver_nl80211_if_remove(bss, type, ifname);
9447 }
9448 
9449 
9450 static int driver_nl80211_send_mlme(void *priv, const u8 *data,
9451 				    size_t data_len, int noack,
9452 				    unsigned int freq,
9453 				    const u16 *csa_offs, size_t csa_offs_len,
9454 				    int no_encrypt, unsigned int wait)
9455 {
9456 	struct i802_bss *bss = priv;
9457 	return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack,
9458 					    freq, 0, 0, wait, csa_offs,
9459 					    csa_offs_len, no_encrypt);
9460 }
9461 
9462 
9463 static int driver_nl80211_sta_remove(void *priv, const u8 *addr)
9464 {
9465 	struct i802_bss *bss = priv;
9466 	return wpa_driver_nl80211_sta_remove(bss, addr, -1, 0);
9467 }
9468 
9469 
9470 static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr,
9471 				       const char *ifname, int vlan_id)
9472 {
9473 	struct i802_bss *bss = priv;
9474 	return i802_set_sta_vlan(bss, addr, ifname, vlan_id);
9475 }
9476 
9477 
9478 static int driver_nl80211_read_sta_data(void *priv,
9479 					struct hostap_sta_driver_data *data,
9480 					const u8 *addr)
9481 {
9482 	struct i802_bss *bss = priv;
9483 
9484 	os_memset(data, 0, sizeof(*data));
9485 	return i802_read_sta_data(bss, data, addr);
9486 }
9487 
9488 
9489 static int driver_nl80211_send_action(void *priv, unsigned int freq,
9490 				      unsigned int wait_time,
9491 				      const u8 *dst, const u8 *src,
9492 				      const u8 *bssid,
9493 				      const u8 *data, size_t data_len,
9494 				      int no_cck)
9495 {
9496 	struct i802_bss *bss = priv;
9497 	return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src,
9498 					      bssid, data, data_len, no_cck);
9499 }
9500 
9501 
9502 static int driver_nl80211_probe_req_report(void *priv, int report)
9503 {
9504 	struct i802_bss *bss = priv;
9505 	return wpa_driver_nl80211_probe_req_report(bss, report);
9506 }
9507 
9508 
9509 static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md,
9510 					    const u8 *ies, size_t ies_len)
9511 {
9512 	int ret;
9513 	struct nl_msg *msg;
9514 	struct i802_bss *bss = priv;
9515 	struct wpa_driver_nl80211_data *drv = bss->drv;
9516 	u16 mdid = WPA_GET_LE16(md);
9517 
9518 	wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs");
9519 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_UPDATE_FT_IES)) ||
9520 	    nla_put(msg, NL80211_ATTR_IE, ies_len, ies) ||
9521 	    nla_put_u16(msg, NL80211_ATTR_MDID, mdid)) {
9522 		nlmsg_free(msg);
9523 		return -ENOBUFS;
9524 	}
9525 
9526 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9527 	if (ret) {
9528 		wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed "
9529 			   "err=%d (%s)", ret, strerror(-ret));
9530 	}
9531 
9532 	return ret;
9533 }
9534 
9535 
9536 static int nl80211_update_dh_ie(void *priv, const u8 *peer_mac,
9537 				u16 reason_code, const u8 *ie, size_t ie_len)
9538 {
9539 	int ret;
9540 	struct nl_msg *msg;
9541 	struct i802_bss *bss = priv;
9542 	struct wpa_driver_nl80211_data *drv = bss->drv;
9543 
9544 	wpa_printf(MSG_DEBUG, "nl80211: Updating DH IE peer: " MACSTR
9545 		   " reason %u", MAC2STR(peer_mac), reason_code);
9546 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_UPDATE_OWE_INFO)) ||
9547 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_mac) ||
9548 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, reason_code) ||
9549 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) {
9550 		nlmsg_free(msg);
9551 		return -ENOBUFS;
9552 	}
9553 
9554 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9555 	if (ret) {
9556 		wpa_printf(MSG_DEBUG,
9557 			   "nl80211: update_dh_ie failed err=%d (%s)",
9558 			   ret, strerror(-ret));
9559 	}
9560 
9561 	return ret;
9562 }
9563 
9564 
9565 static const u8 * wpa_driver_nl80211_get_macaddr(void *priv)
9566 {
9567 	struct i802_bss *bss = priv;
9568 	struct wpa_driver_nl80211_data *drv = bss->drv;
9569 
9570 	if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE)
9571 		return NULL;
9572 
9573 	return bss->addr;
9574 }
9575 
9576 
9577 static const char * scan_state_str(enum scan_states scan_state)
9578 {
9579 	switch (scan_state) {
9580 	case NO_SCAN:
9581 		return "NO_SCAN";
9582 	case SCAN_REQUESTED:
9583 		return "SCAN_REQUESTED";
9584 	case SCAN_STARTED:
9585 		return "SCAN_STARTED";
9586 	case SCAN_COMPLETED:
9587 		return "SCAN_COMPLETED";
9588 	case SCAN_ABORTED:
9589 		return "SCAN_ABORTED";
9590 	case SCHED_SCAN_STARTED:
9591 		return "SCHED_SCAN_STARTED";
9592 	case SCHED_SCAN_STOPPED:
9593 		return "SCHED_SCAN_STOPPED";
9594 	case SCHED_SCAN_RESULTS:
9595 		return "SCHED_SCAN_RESULTS";
9596 	}
9597 
9598 	return "??";
9599 }
9600 
9601 
9602 static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen)
9603 {
9604 	struct i802_bss *bss = priv;
9605 	struct wpa_driver_nl80211_data *drv = bss->drv;
9606 	int res;
9607 	char *pos, *end;
9608 	struct nl_msg *msg;
9609 	char alpha2[3] = { 0, 0, 0 };
9610 
9611 	pos = buf;
9612 	end = buf + buflen;
9613 
9614 	res = os_snprintf(pos, end - pos,
9615 			  "ifindex=%d\n"
9616 			  "ifname=%s\n"
9617 			  "brname=%s\n"
9618 			  "addr=" MACSTR "\n"
9619 			  "freq=%d\n"
9620 			  "%s%s%s%s%s%s",
9621 			  bss->ifindex,
9622 			  bss->ifname,
9623 			  bss->brname,
9624 			  MAC2STR(bss->addr),
9625 			  bss->freq,
9626 			  bss->beacon_set ? "beacon_set=1\n" : "",
9627 			  bss->added_if_into_bridge ?
9628 			  "added_if_into_bridge=1\n" : "",
9629 			  bss->already_in_bridge ? "already_in_bridge=1\n" : "",
9630 			  bss->added_bridge ? "added_bridge=1\n" : "",
9631 			  bss->in_deinit ? "in_deinit=1\n" : "",
9632 			  bss->if_dynamic ? "if_dynamic=1\n" : "");
9633 	if (os_snprintf_error(end - pos, res))
9634 		return pos - buf;
9635 	pos += res;
9636 
9637 	if (bss->wdev_id_set) {
9638 		res = os_snprintf(pos, end - pos, "wdev_id=%llu\n",
9639 				  (unsigned long long) bss->wdev_id);
9640 		if (os_snprintf_error(end - pos, res))
9641 			return pos - buf;
9642 		pos += res;
9643 	}
9644 
9645 	res = os_snprintf(pos, end - pos,
9646 			  "phyname=%s\n"
9647 			  "perm_addr=" MACSTR "\n"
9648 			  "drv_ifindex=%d\n"
9649 			  "operstate=%d\n"
9650 			  "scan_state=%s\n"
9651 			  "auth_bssid=" MACSTR "\n"
9652 			  "auth_attempt_bssid=" MACSTR "\n"
9653 			  "bssid=" MACSTR "\n"
9654 			  "prev_bssid=" MACSTR "\n"
9655 			  "associated=%d\n"
9656 			  "assoc_freq=%u\n"
9657 			  "monitor_sock=%d\n"
9658 			  "monitor_ifidx=%d\n"
9659 			  "monitor_refcount=%d\n"
9660 			  "last_mgmt_freq=%u\n"
9661 			  "eapol_tx_sock=%d\n"
9662 			  "%s%s%s%s%s%s%s%s%s%s%s%s%s",
9663 			  drv->phyname,
9664 			  MAC2STR(drv->perm_addr),
9665 			  drv->ifindex,
9666 			  drv->operstate,
9667 			  scan_state_str(drv->scan_state),
9668 			  MAC2STR(drv->auth_bssid),
9669 			  MAC2STR(drv->auth_attempt_bssid),
9670 			  MAC2STR(drv->bssid),
9671 			  MAC2STR(drv->prev_bssid),
9672 			  drv->associated,
9673 			  drv->assoc_freq,
9674 			  drv->monitor_sock,
9675 			  drv->monitor_ifidx,
9676 			  drv->monitor_refcount,
9677 			  drv->last_mgmt_freq,
9678 			  drv->eapol_tx_sock,
9679 			  drv->ignore_if_down_event ?
9680 			  "ignore_if_down_event=1\n" : "",
9681 			  drv->scan_complete_events ?
9682 			  "scan_complete_events=1\n" : "",
9683 			  drv->disabled_11b_rates ?
9684 			  "disabled_11b_rates=1\n" : "",
9685 			  drv->pending_remain_on_chan ?
9686 			  "pending_remain_on_chan=1\n" : "",
9687 			  drv->in_interface_list ? "in_interface_list=1\n" : "",
9688 			  drv->device_ap_sme ? "device_ap_sme=1\n" : "",
9689 			  drv->poll_command_supported ?
9690 			  "poll_command_supported=1\n" : "",
9691 			  drv->data_tx_status ? "data_tx_status=1\n" : "",
9692 			  drv->scan_for_auth ? "scan_for_auth=1\n" : "",
9693 			  drv->retry_auth ? "retry_auth=1\n" : "",
9694 			  drv->use_monitor ? "use_monitor=1\n" : "",
9695 			  drv->ignore_next_local_disconnect ?
9696 			  "ignore_next_local_disconnect=1\n" : "",
9697 			  drv->ignore_next_local_deauth ?
9698 			  "ignore_next_local_deauth=1\n" : "");
9699 	if (os_snprintf_error(end - pos, res))
9700 		return pos - buf;
9701 	pos += res;
9702 
9703 	if (drv->has_capability) {
9704 		res = os_snprintf(pos, end - pos,
9705 				  "capa.key_mgmt=0x%x\n"
9706 				  "capa.enc=0x%x\n"
9707 				  "capa.auth=0x%x\n"
9708 				  "capa.flags=0x%llx\n"
9709 				  "capa.rrm_flags=0x%x\n"
9710 				  "capa.max_scan_ssids=%d\n"
9711 				  "capa.max_sched_scan_ssids=%d\n"
9712 				  "capa.sched_scan_supported=%d\n"
9713 				  "capa.max_match_sets=%d\n"
9714 				  "capa.max_remain_on_chan=%u\n"
9715 				  "capa.max_stations=%u\n"
9716 				  "capa.probe_resp_offloads=0x%x\n"
9717 				  "capa.max_acl_mac_addrs=%u\n"
9718 				  "capa.num_multichan_concurrent=%u\n"
9719 				  "capa.mac_addr_rand_sched_scan_supported=%d\n"
9720 				  "capa.mac_addr_rand_scan_supported=%d\n"
9721 				  "capa.conc_capab=%u\n"
9722 				  "capa.max_conc_chan_2_4=%u\n"
9723 				  "capa.max_conc_chan_5_0=%u\n"
9724 				  "capa.max_sched_scan_plans=%u\n"
9725 				  "capa.max_sched_scan_plan_interval=%u\n"
9726 				  "capa.max_sched_scan_plan_iterations=%u\n",
9727 				  drv->capa.key_mgmt,
9728 				  drv->capa.enc,
9729 				  drv->capa.auth,
9730 				  (unsigned long long) drv->capa.flags,
9731 				  drv->capa.rrm_flags,
9732 				  drv->capa.max_scan_ssids,
9733 				  drv->capa.max_sched_scan_ssids,
9734 				  drv->capa.sched_scan_supported,
9735 				  drv->capa.max_match_sets,
9736 				  drv->capa.max_remain_on_chan,
9737 				  drv->capa.max_stations,
9738 				  drv->capa.probe_resp_offloads,
9739 				  drv->capa.max_acl_mac_addrs,
9740 				  drv->capa.num_multichan_concurrent,
9741 				  drv->capa.mac_addr_rand_sched_scan_supported,
9742 				  drv->capa.mac_addr_rand_scan_supported,
9743 				  drv->capa.conc_capab,
9744 				  drv->capa.max_conc_chan_2_4,
9745 				  drv->capa.max_conc_chan_5_0,
9746 				  drv->capa.max_sched_scan_plans,
9747 				  drv->capa.max_sched_scan_plan_interval,
9748 				  drv->capa.max_sched_scan_plan_iterations);
9749 		if (os_snprintf_error(end - pos, res))
9750 			return pos - buf;
9751 		pos += res;
9752 	}
9753 
9754 	msg = nlmsg_alloc();
9755 	if (msg &&
9756 	    nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG) &&
9757 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, drv->wiphy_idx) == 0) {
9758 		if (send_and_recv_msgs(drv, msg, nl80211_get_country,
9759 				       alpha2, NULL, NULL) == 0 &&
9760 		    alpha2[0]) {
9761 			res = os_snprintf(pos, end - pos, "country=%s\n",
9762 					  alpha2);
9763 			if (os_snprintf_error(end - pos, res))
9764 				return pos - buf;
9765 			pos += res;
9766 		}
9767 	} else {
9768 		nlmsg_free(msg);
9769 	}
9770 
9771 	return pos - buf;
9772 }
9773 
9774 
9775 static int set_beacon_data(struct nl_msg *msg, struct beacon_data *settings)
9776 {
9777 	if ((settings->head &&
9778 	     nla_put(msg, NL80211_ATTR_BEACON_HEAD,
9779 		     settings->head_len, settings->head)) ||
9780 	    (settings->tail &&
9781 	     nla_put(msg, NL80211_ATTR_BEACON_TAIL,
9782 		     settings->tail_len, settings->tail)) ||
9783 	    (settings->beacon_ies &&
9784 	     nla_put(msg, NL80211_ATTR_IE,
9785 		     settings->beacon_ies_len, settings->beacon_ies)) ||
9786 	    (settings->proberesp_ies &&
9787 	     nla_put(msg, NL80211_ATTR_IE_PROBE_RESP,
9788 		     settings->proberesp_ies_len, settings->proberesp_ies)) ||
9789 	    (settings->assocresp_ies &&
9790 	     nla_put(msg, NL80211_ATTR_IE_ASSOC_RESP,
9791 		     settings->assocresp_ies_len, settings->assocresp_ies)) ||
9792 	    (settings->probe_resp &&
9793 	     nla_put(msg, NL80211_ATTR_PROBE_RESP,
9794 		     settings->probe_resp_len, settings->probe_resp)))
9795 		return -ENOBUFS;
9796 
9797 	return 0;
9798 }
9799 
9800 
9801 static int nl80211_switch_channel(void *priv, struct csa_settings *settings)
9802 {
9803 	struct nl_msg *msg;
9804 	struct i802_bss *bss = priv;
9805 	struct wpa_driver_nl80211_data *drv = bss->drv;
9806 	struct nlattr *beacon_csa;
9807 	int ret = -ENOBUFS;
9808 	int csa_off_len = 0;
9809 	int i;
9810 
9811 	wpa_printf(MSG_DEBUG,
9812 		   "nl80211: Channel switch request (cs_count=%u block_tx=%u freq=%d channel=%d sec_channel_offset=%d width=%d cf1=%d cf2=%d%s%s%s)",
9813 		   settings->cs_count, settings->block_tx,
9814 		   settings->freq_params.freq,
9815 		   settings->freq_params.channel,
9816 		   settings->freq_params.sec_channel_offset,
9817 		   settings->freq_params.bandwidth,
9818 		   settings->freq_params.center_freq1,
9819 		   settings->freq_params.center_freq2,
9820 		   settings->freq_params.ht_enabled ? " ht" : "",
9821 		   settings->freq_params.vht_enabled ? " vht" : "",
9822 		   settings->freq_params.he_enabled ? " he" : "");
9823 
9824 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_AP_CSA)) {
9825 		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support channel switch command");
9826 		return -EOPNOTSUPP;
9827 	}
9828 
9829 	if (drv->nlmode != NL80211_IFTYPE_AP &&
9830 	    drv->nlmode != NL80211_IFTYPE_P2P_GO &&
9831 	    drv->nlmode != NL80211_IFTYPE_MESH_POINT)
9832 		return -EOPNOTSUPP;
9833 
9834 	/*
9835 	 * Remove empty counters, assuming Probe Response and Beacon frame
9836 	 * counters match. This implementation assumes that there are only two
9837 	 * counters.
9838 	 */
9839 	if (settings->counter_offset_beacon[0] &&
9840 	    !settings->counter_offset_beacon[1]) {
9841 		csa_off_len = 1;
9842 	} else if (settings->counter_offset_beacon[1] &&
9843 		   !settings->counter_offset_beacon[0]) {
9844 		csa_off_len = 1;
9845 		settings->counter_offset_beacon[0] =
9846 			settings->counter_offset_beacon[1];
9847 		settings->counter_offset_presp[0] =
9848 			settings->counter_offset_presp[1];
9849 	} else if (settings->counter_offset_beacon[1] &&
9850 		   settings->counter_offset_beacon[0]) {
9851 		csa_off_len = 2;
9852 	} else {
9853 		wpa_printf(MSG_ERROR, "nl80211: No CSA counters provided");
9854 		return -EINVAL;
9855 	}
9856 
9857 	/* Check CSA counters validity */
9858 	if (drv->capa.max_csa_counters &&
9859 	    csa_off_len > drv->capa.max_csa_counters) {
9860 		wpa_printf(MSG_ERROR,
9861 			   "nl80211: Too many CSA counters provided");
9862 		return -EINVAL;
9863 	}
9864 
9865 	if (!settings->beacon_csa.tail)
9866 		return -EINVAL;
9867 
9868 	for (i = 0; i < csa_off_len; i++) {
9869 		u16 csa_c_off_bcn = settings->counter_offset_beacon[i];
9870 		u16 csa_c_off_presp = settings->counter_offset_presp[i];
9871 
9872 		if ((settings->beacon_csa.tail_len <= csa_c_off_bcn) ||
9873 		    (settings->beacon_csa.tail[csa_c_off_bcn] !=
9874 		     settings->cs_count))
9875 			return -EINVAL;
9876 
9877 		if (settings->beacon_csa.probe_resp &&
9878 		    ((settings->beacon_csa.probe_resp_len <=
9879 		      csa_c_off_presp) ||
9880 		     (settings->beacon_csa.probe_resp[csa_c_off_presp] !=
9881 		      settings->cs_count)))
9882 			return -EINVAL;
9883 	}
9884 
9885 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_CHANNEL_SWITCH)) ||
9886 	    nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT,
9887 			settings->cs_count) ||
9888 	    (ret = nl80211_put_freq_params(msg, &settings->freq_params)) ||
9889 	    (settings->block_tx &&
9890 	     nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX)))
9891 		goto error;
9892 
9893 	/* beacon_after params */
9894 	ret = set_beacon_data(msg, &settings->beacon_after);
9895 	if (ret)
9896 		goto error;
9897 
9898 	/* beacon_csa params */
9899 	beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES);
9900 	if (!beacon_csa)
9901 		goto fail;
9902 
9903 	ret = set_beacon_data(msg, &settings->beacon_csa);
9904 	if (ret)
9905 		goto error;
9906 
9907 	if (nla_put(msg, NL80211_ATTR_CSA_C_OFF_BEACON,
9908 		    csa_off_len * sizeof(u16),
9909 		    settings->counter_offset_beacon) ||
9910 	    (settings->beacon_csa.probe_resp &&
9911 	     nla_put(msg, NL80211_ATTR_CSA_C_OFF_PRESP,
9912 		     csa_off_len * sizeof(u16),
9913 		     settings->counter_offset_presp)))
9914 		goto fail;
9915 
9916 	nla_nest_end(msg, beacon_csa);
9917 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9918 	if (ret) {
9919 		wpa_printf(MSG_DEBUG, "nl80211: switch_channel failed err=%d (%s)",
9920 			   ret, strerror(-ret));
9921 	}
9922 	return ret;
9923 
9924 fail:
9925 	ret = -ENOBUFS;
9926 error:
9927 	nlmsg_free(msg);
9928 	wpa_printf(MSG_DEBUG, "nl80211: Could not build channel switch request");
9929 	return ret;
9930 }
9931 
9932 
9933 static int nl80211_add_ts(void *priv, u8 tsid, const u8 *addr,
9934 			  u8 user_priority, u16 admitted_time)
9935 {
9936 	struct i802_bss *bss = priv;
9937 	struct wpa_driver_nl80211_data *drv = bss->drv;
9938 	struct nl_msg *msg;
9939 	int ret;
9940 
9941 	wpa_printf(MSG_DEBUG,
9942 		   "nl80211: add_ts request: tsid=%u admitted_time=%u up=%d",
9943 		   tsid, admitted_time, user_priority);
9944 
9945 	if (!is_sta_interface(drv->nlmode))
9946 		return -ENOTSUP;
9947 
9948 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_ADD_TX_TS);
9949 	if (!msg ||
9950 	    nla_put_u8(msg, NL80211_ATTR_TSID, tsid) ||
9951 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
9952 	    nla_put_u8(msg, NL80211_ATTR_USER_PRIO, user_priority) ||
9953 	    nla_put_u16(msg, NL80211_ATTR_ADMITTED_TIME, admitted_time)) {
9954 		nlmsg_free(msg);
9955 		return -ENOBUFS;
9956 	}
9957 
9958 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9959 	if (ret)
9960 		wpa_printf(MSG_DEBUG, "nl80211: add_ts failed err=%d (%s)",
9961 			   ret, strerror(-ret));
9962 	return ret;
9963 }
9964 
9965 
9966 static int nl80211_del_ts(void *priv, u8 tsid, const u8 *addr)
9967 {
9968 	struct i802_bss *bss = priv;
9969 	struct wpa_driver_nl80211_data *drv = bss->drv;
9970 	struct nl_msg *msg;
9971 	int ret;
9972 
9973 	wpa_printf(MSG_DEBUG, "nl80211: del_ts request: tsid=%u", tsid);
9974 
9975 	if (!is_sta_interface(drv->nlmode))
9976 		return -ENOTSUP;
9977 
9978 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_DEL_TX_TS)) ||
9979 	    nla_put_u8(msg, NL80211_ATTR_TSID, tsid) ||
9980 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
9981 		nlmsg_free(msg);
9982 		return -ENOBUFS;
9983 	}
9984 
9985 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9986 	if (ret)
9987 		wpa_printf(MSG_DEBUG, "nl80211: del_ts failed err=%d (%s)",
9988 			   ret, strerror(-ret));
9989 	return ret;
9990 }
9991 
9992 
9993 #ifdef CONFIG_TESTING_OPTIONS
9994 static int cmd_reply_handler(struct nl_msg *msg, void *arg)
9995 {
9996 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9997 	struct wpabuf *buf = arg;
9998 
9999 	if (!buf)
10000 		return NL_SKIP;
10001 
10002 	if ((size_t) genlmsg_attrlen(gnlh, 0) > wpabuf_tailroom(buf)) {
10003 		wpa_printf(MSG_INFO, "nl80211: insufficient buffer space for reply");
10004 		return NL_SKIP;
10005 	}
10006 
10007 	wpabuf_put_data(buf, genlmsg_attrdata(gnlh, 0),
10008 			genlmsg_attrlen(gnlh, 0));
10009 
10010 	return NL_SKIP;
10011 }
10012 #endif /* CONFIG_TESTING_OPTIONS */
10013 
10014 
10015 static int vendor_reply_handler(struct nl_msg *msg, void *arg)
10016 {
10017 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
10018 	struct nlattr *nl_vendor_reply, *nl;
10019 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
10020 	struct wpabuf *buf = arg;
10021 	int rem;
10022 
10023 	if (!buf)
10024 		return NL_SKIP;
10025 
10026 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
10027 		  genlmsg_attrlen(gnlh, 0), NULL);
10028 	nl_vendor_reply = tb[NL80211_ATTR_VENDOR_DATA];
10029 
10030 	if (!nl_vendor_reply)
10031 		return NL_SKIP;
10032 
10033 	if ((size_t) nla_len(nl_vendor_reply) > wpabuf_tailroom(buf)) {
10034 		wpa_printf(MSG_INFO, "nl80211: Vendor command: insufficient buffer space for reply");
10035 		return NL_SKIP;
10036 	}
10037 
10038 	nla_for_each_nested(nl, nl_vendor_reply, rem) {
10039 		wpabuf_put_data(buf, nla_data(nl), nla_len(nl));
10040 	}
10041 
10042 	return NL_SKIP;
10043 }
10044 
10045 
10046 static bool is_cmd_with_nested_attrs(unsigned int vendor_id,
10047 				     unsigned int subcmd)
10048 {
10049 	if (vendor_id != OUI_QCA)
10050 		return true;
10051 
10052 	switch (subcmd) {
10053 	case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY:
10054 	case QCA_NL80211_VENDOR_SUBCMD_STATS_EXT:
10055 	case QCA_NL80211_VENDOR_SUBCMD_SCANNING_MAC_OUI:
10056 	case QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_SET_KEY:
10057 	case QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_STATUS:
10058 	case QCA_NL80211_VENDOR_SUBCMD_NAN:
10059 		return false;
10060 	default:
10061 		return true;
10062 	}
10063 }
10064 
10065 
10066 static int nl80211_vendor_cmd(void *priv, unsigned int vendor_id,
10067 			      unsigned int subcmd, const u8 *data,
10068 			      size_t data_len, enum nested_attr nested_attr,
10069 			      struct wpabuf *buf)
10070 {
10071 	struct i802_bss *bss = priv;
10072 	struct wpa_driver_nl80211_data *drv = bss->drv;
10073 	struct nl_msg *msg;
10074 	int ret, nla_flag;
10075 
10076 #ifdef CONFIG_TESTING_OPTIONS
10077 	if (vendor_id == 0xffffffff) {
10078 		msg = nlmsg_alloc();
10079 		if (!msg)
10080 			return -ENOMEM;
10081 
10082 		nl80211_cmd(drv, msg, 0, subcmd);
10083 		if (nlmsg_append(msg, (void *) data, data_len, NLMSG_ALIGNTO) <
10084 		    0)
10085 			goto fail;
10086 		/* This test vendor_cmd can be used with nl80211 commands that
10087 		 * need the connect nl_sock, so use the owner-setting variant
10088 		 * of send_and_recv_msgs(). */
10089 		ret = send_and_recv_msgs_owner(drv, msg,
10090 					       get_connect_handle(bss), 0,
10091 					       cmd_reply_handler, buf,
10092 					       NULL, NULL);
10093 		if (ret)
10094 			wpa_printf(MSG_DEBUG, "nl80211: command failed err=%d",
10095 				   ret);
10096 		return ret;
10097 	}
10098 #endif /* CONFIG_TESTING_OPTIONS */
10099 
10100 	if (nested_attr == NESTED_ATTR_USED)
10101 		nla_flag = NLA_F_NESTED;
10102 	else if (nested_attr == NESTED_ATTR_UNSPECIFIED &&
10103 		 is_cmd_with_nested_attrs(vendor_id, subcmd))
10104 		nla_flag = NLA_F_NESTED;
10105 	else
10106 		nla_flag = 0;
10107 
10108 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_VENDOR)) ||
10109 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, vendor_id) ||
10110 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD, subcmd) ||
10111 	    (data &&
10112 	     nla_put(msg, nla_flag | NL80211_ATTR_VENDOR_DATA,
10113 		     data_len, data)))
10114 		goto fail;
10115 
10116 	ret = send_and_recv_msgs(drv, msg, vendor_reply_handler, buf,
10117 				 NULL, NULL);
10118 	if (ret)
10119 		wpa_printf(MSG_DEBUG, "nl80211: vendor command failed err=%d",
10120 			   ret);
10121 	return ret;
10122 
10123 fail:
10124 	nlmsg_free(msg);
10125 	return -ENOBUFS;
10126 }
10127 
10128 
10129 static int nl80211_set_qos_map(void *priv, const u8 *qos_map_set,
10130 			       u8 qos_map_set_len)
10131 {
10132 	struct i802_bss *bss = priv;
10133 	struct wpa_driver_nl80211_data *drv = bss->drv;
10134 	struct nl_msg *msg;
10135 	int ret;
10136 
10137 	wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map",
10138 		    qos_map_set, qos_map_set_len);
10139 
10140 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_QOS_MAP)) ||
10141 	    nla_put(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set)) {
10142 		nlmsg_free(msg);
10143 		return -ENOBUFS;
10144 	}
10145 
10146 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10147 	if (ret)
10148 		wpa_printf(MSG_DEBUG, "nl80211: Setting QoS Map failed");
10149 
10150 	return ret;
10151 }
10152 
10153 
10154 static int get_wowlan_handler(struct nl_msg *msg, void *arg)
10155 {
10156 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
10157 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
10158 	int *wowlan_enabled = arg;
10159 
10160 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
10161 		  genlmsg_attrlen(gnlh, 0), NULL);
10162 
10163 	*wowlan_enabled = !!tb[NL80211_ATTR_WOWLAN_TRIGGERS];
10164 
10165 	return NL_SKIP;
10166 }
10167 
10168 
10169 static int nl80211_get_wowlan(void *priv)
10170 {
10171 	struct i802_bss *bss = priv;
10172 	struct wpa_driver_nl80211_data *drv = bss->drv;
10173 	struct nl_msg *msg;
10174 	int wowlan_enabled;
10175 	int ret;
10176 
10177 	wpa_printf(MSG_DEBUG, "nl80211: Getting wowlan status");
10178 
10179 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_WOWLAN);
10180 
10181 	ret = send_and_recv_msgs(drv, msg, get_wowlan_handler, &wowlan_enabled,
10182 				 NULL, NULL);
10183 	if (ret) {
10184 		wpa_printf(MSG_DEBUG, "nl80211: Getting wowlan status failed");
10185 		return 0;
10186 	}
10187 
10188 	wpa_printf(MSG_DEBUG, "nl80211: wowlan is %s",
10189 		   wowlan_enabled ? "enabled" : "disabled");
10190 
10191 	return wowlan_enabled;
10192 }
10193 
10194 
10195 static int nl80211_set_wowlan(void *priv,
10196 			      const struct wowlan_triggers *triggers)
10197 {
10198 	struct i802_bss *bss = priv;
10199 	struct wpa_driver_nl80211_data *drv = bss->drv;
10200 	struct nl_msg *msg;
10201 	struct nlattr *wowlan_triggers;
10202 	int ret;
10203 
10204 	wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan");
10205 
10206 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_SET_WOWLAN)) ||
10207 	    !(wowlan_triggers = nla_nest_start(msg,
10208 					       NL80211_ATTR_WOWLAN_TRIGGERS)) ||
10209 	    (triggers->any &&
10210 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
10211 	    (triggers->disconnect &&
10212 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
10213 	    (triggers->magic_pkt &&
10214 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
10215 	    (triggers->gtk_rekey_failure &&
10216 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
10217 	    (triggers->eap_identity_req &&
10218 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
10219 	    (triggers->four_way_handshake &&
10220 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
10221 	    (triggers->rfkill_release &&
10222 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) {
10223 		nlmsg_free(msg);
10224 		return -ENOBUFS;
10225 	}
10226 
10227 	nla_nest_end(msg, wowlan_triggers);
10228 
10229 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10230 	if (ret)
10231 		wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan failed");
10232 
10233 	return ret;
10234 }
10235 
10236 
10237 #ifdef CONFIG_DRIVER_NL80211_QCA
10238 static int nl80211_roaming(void *priv, int allowed, const u8 *bssid)
10239 {
10240 	struct i802_bss *bss = priv;
10241 	struct wpa_driver_nl80211_data *drv = bss->drv;
10242 	struct nl_msg *msg;
10243 	struct nlattr *params;
10244 
10245 	wpa_printf(MSG_DEBUG, "nl80211: Roaming policy: allowed=%d", allowed);
10246 
10247 	if (!drv->roaming_vendor_cmd_avail) {
10248 		wpa_printf(MSG_DEBUG,
10249 			   "nl80211: Ignore roaming policy change since driver does not provide command for setting it");
10250 		return -1;
10251 	}
10252 
10253 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
10254 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
10255 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
10256 			QCA_NL80211_VENDOR_SUBCMD_ROAMING) ||
10257 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
10258 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_ROAMING_POLICY,
10259 			allowed ? QCA_ROAMING_ALLOWED_WITHIN_ESS :
10260 			QCA_ROAMING_NOT_ALLOWED) ||
10261 	    (bssid &&
10262 	     nla_put(msg, QCA_WLAN_VENDOR_ATTR_MAC_ADDR, ETH_ALEN, bssid))) {
10263 		nlmsg_free(msg);
10264 		return -1;
10265 	}
10266 	nla_nest_end(msg, params);
10267 
10268 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10269 }
10270 
10271 
10272 static int nl80211_disable_fils(void *priv, int disable)
10273 {
10274 	struct i802_bss *bss = priv;
10275 	struct wpa_driver_nl80211_data *drv = bss->drv;
10276 	struct nl_msg *msg;
10277 	struct nlattr *params;
10278 
10279 	wpa_printf(MSG_DEBUG, "nl80211: Disable FILS=%d", disable);
10280 
10281 	if (!drv->set_wifi_conf_vendor_cmd_avail)
10282 		return -1;
10283 
10284 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
10285 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
10286 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
10287 			QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION) ||
10288 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
10289 	    nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_CONFIG_DISABLE_FILS,
10290 		       disable)) {
10291 		nlmsg_free(msg);
10292 		return -1;
10293 	}
10294 	nla_nest_end(msg, params);
10295 
10296 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10297 }
10298 
10299 
10300 /* Reserved QCA_WLAN_VENDOR_ATTR_ROAMING_REQ_ID value for wpa_supplicant */
10301 #define WPA_SUPPLICANT_CLIENT_ID 1
10302 
10303 static int nl80211_set_bssid_tmp_disallow(void *priv, unsigned int num_bssid,
10304 					  const u8 *bssid)
10305 {
10306 	struct i802_bss *bss = priv;
10307 	struct wpa_driver_nl80211_data *drv = bss->drv;
10308 	struct nl_msg *msg;
10309 	struct nlattr *params, *nlbssids, *attr;
10310 	unsigned int i;
10311 
10312 	wpa_printf(MSG_DEBUG,
10313 		   "nl80211: Set temporarily disallowed BSSIDs (num=%u)",
10314 		   num_bssid);
10315 
10316 	if (!drv->roam_vendor_cmd_avail)
10317 		return -1;
10318 
10319 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
10320 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
10321 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
10322 			QCA_NL80211_VENDOR_SUBCMD_ROAM) ||
10323 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
10324 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_ROAMING_SUBCMD,
10325 			QCA_WLAN_VENDOR_ROAMING_SUBCMD_SET_BLACKLIST_BSSID) ||
10326 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_ROAMING_REQ_ID,
10327 			WPA_SUPPLICANT_CLIENT_ID) ||
10328 	    nla_put_u32(msg,
10329 			QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS_NUM_BSSID,
10330 			num_bssid))
10331 		goto fail;
10332 
10333 	nlbssids = nla_nest_start(
10334 		msg, QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS);
10335 	if (!nlbssids)
10336 		goto fail;
10337 
10338 	for (i = 0; i < num_bssid; i++) {
10339 		attr = nla_nest_start(msg, i);
10340 		if (!attr)
10341 			goto fail;
10342 		if (nla_put(msg,
10343 			    QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS_BSSID,
10344 			    ETH_ALEN, &bssid[i * ETH_ALEN]))
10345 			goto fail;
10346 		wpa_printf(MSG_DEBUG, "nl80211:   BSSID[%u]: " MACSTR, i,
10347 			   MAC2STR(&bssid[i * ETH_ALEN]));
10348 		nla_nest_end(msg, attr);
10349 	}
10350 	nla_nest_end(msg, nlbssids);
10351 	nla_nest_end(msg, params);
10352 
10353 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10354 
10355 fail:
10356 	nlmsg_free(msg);
10357 	return -1;
10358 }
10359 
10360 
10361 static int nl80211_add_sta_node(void *priv, const u8 *addr, u16 auth_alg)
10362 {
10363 	struct i802_bss *bss = priv;
10364 	struct wpa_driver_nl80211_data *drv = bss->drv;
10365 	struct nl_msg *msg;
10366 	struct nlattr *params;
10367 
10368 	if (!drv->add_sta_node_vendor_cmd_avail)
10369 		return -EOPNOTSUPP;
10370 
10371 	wpa_printf(MSG_DEBUG, "nl80211: Add STA node");
10372 
10373 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
10374 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
10375 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
10376 			QCA_NL80211_VENDOR_SUBCMD_ADD_STA_NODE) ||
10377 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
10378 	    (addr &&
10379 	     nla_put(msg, QCA_WLAN_VENDOR_ATTR_ADD_STA_NODE_MAC_ADDR, ETH_ALEN,
10380 		     addr)) ||
10381 	    nla_put_u16(msg, QCA_WLAN_VENDOR_ATTR_ADD_STA_NODE_AUTH_ALGO,
10382 			auth_alg)) {
10383 		nlmsg_free(msg);
10384 		wpa_printf(MSG_ERROR,
10385 			   "%s: err in adding vendor_cmd and vendor_data",
10386 			   __func__);
10387 		return -1;
10388 	}
10389 	nla_nest_end(msg, params);
10390 
10391 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10392 }
10393 
10394 #endif /* CONFIG_DRIVER_NL80211_QCA */
10395 
10396 
10397 static int nl80211_set_mac_addr(void *priv, const u8 *addr)
10398 {
10399 	struct i802_bss *bss = priv;
10400 	struct wpa_driver_nl80211_data *drv = bss->drv;
10401 	int new_addr = addr != NULL;
10402 
10403 	if (TEST_FAIL())
10404 		return -1;
10405 
10406 	if (!addr)
10407 		addr = drv->perm_addr;
10408 
10409 	if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) < 0)
10410 		return -1;
10411 
10412 	if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname, addr) < 0)
10413 	{
10414 		wpa_printf(MSG_DEBUG,
10415 			   "nl80211: failed to set_mac_addr for %s to " MACSTR,
10416 			   bss->ifname, MAC2STR(addr));
10417 		if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname,
10418 					  1) < 0) {
10419 			wpa_printf(MSG_DEBUG,
10420 				   "nl80211: Could not restore interface UP after failed set_mac_addr");
10421 		}
10422 		return -1;
10423 	}
10424 
10425 	wpa_printf(MSG_DEBUG, "nl80211: set_mac_addr for %s to " MACSTR,
10426 		   bss->ifname, MAC2STR(addr));
10427 	drv->addr_changed = new_addr;
10428 	os_memcpy(bss->addr, addr, ETH_ALEN);
10429 
10430 	if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1) < 0)
10431 	{
10432 		wpa_printf(MSG_DEBUG,
10433 			   "nl80211: Could not restore interface UP after set_mac_addr");
10434 	}
10435 
10436 	return 0;
10437 }
10438 
10439 
10440 #ifdef CONFIG_MESH
10441 
10442 static int wpa_driver_nl80211_init_mesh(void *priv)
10443 {
10444 	if (wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_MESH_POINT)) {
10445 		wpa_printf(MSG_INFO,
10446 			   "nl80211: Failed to set interface into mesh mode");
10447 		return -1;
10448 	}
10449 	return 0;
10450 }
10451 
10452 
10453 static int nl80211_put_mesh_id(struct nl_msg *msg, const u8 *mesh_id,
10454 			       size_t mesh_id_len)
10455 {
10456 	if (mesh_id) {
10457 		wpa_printf(MSG_DEBUG, "  * Mesh ID (SSID)=%s",
10458 			   wpa_ssid_txt(mesh_id, mesh_id_len));
10459 		return nla_put(msg, NL80211_ATTR_MESH_ID, mesh_id_len, mesh_id);
10460 	}
10461 
10462 	return 0;
10463 }
10464 
10465 
10466 static int nl80211_put_mesh_config(struct nl_msg *msg,
10467 				   struct wpa_driver_mesh_bss_params *params)
10468 {
10469 	struct nlattr *container;
10470 
10471 	container = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
10472 	if (!container)
10473 		return -1;
10474 
10475 	if (((params->flags & WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS) &&
10476 	     nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
10477 			params->auto_plinks)) ||
10478 	    ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_FORWARDING) &&
10479 	     nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
10480 			params->forwarding)) ||
10481 	    ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_MAX_PEER_LINKS) &&
10482 	     nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
10483 			 params->max_peer_links)) ||
10484 	    ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_RSSI_THRESHOLD) &&
10485 	     nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
10486 			 params->rssi_threshold)))
10487 		return -1;
10488 
10489 	/*
10490 	 * Set NL80211_MESHCONF_PLINK_TIMEOUT even if user mpm is used because
10491 	 * the timer could disconnect stations even in that case.
10492 	 */
10493 	if ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_PEER_LINK_TIMEOUT) &&
10494 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
10495 			params->peer_link_timeout)) {
10496 		wpa_printf(MSG_ERROR, "nl80211: Failed to set PLINK_TIMEOUT");
10497 		return -1;
10498 	}
10499 
10500 	if ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE) &&
10501 	    nla_put_u16(msg, NL80211_MESHCONF_HT_OPMODE, params->ht_opmode)) {
10502 		wpa_printf(MSG_ERROR, "nl80211: Failed to set HT_OP_MODE");
10503 		return -1;
10504 	}
10505 
10506 	nla_nest_end(msg, container);
10507 
10508 	return 0;
10509 }
10510 
10511 
10512 static int nl80211_join_mesh(struct i802_bss *bss,
10513 			     struct wpa_driver_mesh_join_params *params)
10514 {
10515 	struct wpa_driver_nl80211_data *drv = bss->drv;
10516 	struct nl_msg *msg;
10517 	struct nlattr *container;
10518 	int ret = -1;
10519 
10520 	wpa_printf(MSG_DEBUG, "nl80211: mesh join (ifindex=%d)", drv->ifindex);
10521 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_JOIN_MESH);
10522 	if (!msg ||
10523 	    nl80211_put_freq_params(msg, &params->freq) ||
10524 	    nl80211_put_basic_rates(msg, params->basic_rates) ||
10525 	    nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
10526 	    nl80211_put_beacon_int(msg, params->beacon_int) ||
10527 	    nl80211_put_dtim_period(msg, params->dtim_period))
10528 		goto fail;
10529 
10530 	wpa_printf(MSG_DEBUG, "  * flags=%08X", params->flags);
10531 
10532 	if (params->handle_dfs && nla_put_flag(msg, NL80211_ATTR_HANDLE_DFS))
10533 		goto fail;
10534 
10535 	container = nla_nest_start(msg, NL80211_ATTR_MESH_SETUP);
10536 	if (!container)
10537 		goto fail;
10538 
10539 	if (params->ies) {
10540 		wpa_hexdump(MSG_DEBUG, "  * IEs", params->ies, params->ie_len);
10541 		if (nla_put(msg, NL80211_MESH_SETUP_IE, params->ie_len,
10542 			    params->ies))
10543 			goto fail;
10544 	}
10545 	/* WPA_DRIVER_MESH_FLAG_OPEN_AUTH is treated as default by nl80211 */
10546 	if (params->flags & WPA_DRIVER_MESH_FLAG_SAE_AUTH) {
10547 		if (nla_put_u8(msg, NL80211_MESH_SETUP_AUTH_PROTOCOL, 0x1) ||
10548 		    nla_put_flag(msg, NL80211_MESH_SETUP_USERSPACE_AUTH))
10549 			goto fail;
10550 	}
10551 	if ((params->flags & WPA_DRIVER_MESH_FLAG_AMPE) &&
10552 	    nla_put_flag(msg, NL80211_MESH_SETUP_USERSPACE_AMPE))
10553 		goto fail;
10554 	if ((params->flags & WPA_DRIVER_MESH_FLAG_USER_MPM) &&
10555 	    nla_put_flag(msg, NL80211_MESH_SETUP_USERSPACE_MPM))
10556 		goto fail;
10557 	nla_nest_end(msg, container);
10558 
10559 	params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS;
10560 	params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_PEER_LINK_TIMEOUT;
10561 	params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_MAX_PEER_LINKS;
10562 	if (nl80211_put_mesh_config(msg, &params->conf) < 0)
10563 		goto fail;
10564 
10565 	ret = send_and_recv_msgs_connect_handle(drv, msg, bss, 1);
10566 	msg = NULL;
10567 	if (ret) {
10568 		wpa_printf(MSG_DEBUG, "nl80211: mesh join failed: ret=%d (%s)",
10569 			   ret, strerror(-ret));
10570 		goto fail;
10571 	}
10572 	ret = 0;
10573 	drv->assoc_freq = bss->freq = params->freq.freq;
10574 	wpa_printf(MSG_DEBUG, "nl80211: mesh join request send successfully");
10575 
10576 fail:
10577 	nlmsg_free(msg);
10578 	return ret;
10579 }
10580 
10581 
10582 static int
10583 wpa_driver_nl80211_join_mesh(void *priv,
10584 			     struct wpa_driver_mesh_join_params *params)
10585 {
10586 	struct i802_bss *bss = priv;
10587 	int ret, timeout;
10588 
10589 	timeout = params->conf.peer_link_timeout;
10590 
10591 	/* Disable kernel inactivity timer */
10592 	if (params->flags & WPA_DRIVER_MESH_FLAG_USER_MPM)
10593 		params->conf.peer_link_timeout = 0;
10594 
10595 	ret = nl80211_join_mesh(bss, params);
10596 	if (ret == -EINVAL && params->conf.peer_link_timeout == 0) {
10597 		wpa_printf(MSG_DEBUG,
10598 			   "nl80211: Mesh join retry for peer_link_timeout");
10599 		/*
10600 		 * Old kernel does not support setting
10601 		 * NL80211_MESHCONF_PLINK_TIMEOUT to zero, so set 60 seconds
10602 		 * into future from peer_link_timeout.
10603 		 */
10604 		params->conf.peer_link_timeout = timeout + 60;
10605 		ret = nl80211_join_mesh(priv, params);
10606 	}
10607 
10608 	params->conf.peer_link_timeout = timeout;
10609 	return ret;
10610 }
10611 
10612 
10613 static int wpa_driver_nl80211_leave_mesh(void *priv)
10614 {
10615 	struct i802_bss *bss = priv;
10616 	struct wpa_driver_nl80211_data *drv = bss->drv;
10617 	struct nl_msg *msg;
10618 	int ret;
10619 
10620 	wpa_printf(MSG_DEBUG, "nl80211: mesh leave (ifindex=%d)", drv->ifindex);
10621 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_MESH);
10622 	ret = send_and_recv_msgs_connect_handle(drv, msg, bss, 0);
10623 	if (ret) {
10624 		wpa_printf(MSG_DEBUG, "nl80211: mesh leave failed: ret=%d (%s)",
10625 			   ret, strerror(-ret));
10626 	} else {
10627 		wpa_printf(MSG_DEBUG,
10628 			   "nl80211: mesh leave request send successfully");
10629 	}
10630 
10631 	if (drv->start_mode_sta &&
10632 	    wpa_driver_nl80211_set_mode(drv->first_bss,
10633 					NL80211_IFTYPE_STATION)) {
10634 		wpa_printf(MSG_INFO,
10635 			   "nl80211: Failed to set interface into station mode");
10636 	}
10637 	return ret;
10638 }
10639 
10640 
10641 static int nl80211_probe_mesh_link(void *priv, const u8 *addr, const u8 *eth,
10642 				   size_t len)
10643 {
10644 	struct i802_bss *bss = priv;
10645 	struct wpa_driver_nl80211_data *drv = bss->drv;
10646 	struct nl_msg *msg;
10647 	int ret;
10648 
10649 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_PROBE_MESH_LINK);
10650 	if (!msg ||
10651 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
10652 	    nla_put(msg, NL80211_ATTR_FRAME, len, eth)) {
10653 		nlmsg_free(msg);
10654 		return -ENOBUFS;
10655 	}
10656 
10657 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10658 	if (ret) {
10659 		wpa_printf(MSG_DEBUG, "nl80211: mesh link probe to " MACSTR
10660 			   " failed: ret=%d (%s)",
10661 			   MAC2STR(addr), ret, strerror(-ret));
10662 	} else {
10663 		wpa_printf(MSG_DEBUG, "nl80211: Mesh link to " MACSTR
10664 			   " probed successfully", MAC2STR(addr));
10665 	}
10666 
10667 	return ret;
10668 }
10669 
10670 #endif /* CONFIG_MESH */
10671 
10672 
10673 static int wpa_driver_br_add_ip_neigh(void *priv, u8 version,
10674 				      const u8 *ipaddr, int prefixlen,
10675 				      const u8 *addr)
10676 {
10677 #ifdef CONFIG_LIBNL3_ROUTE
10678 	struct i802_bss *bss = priv;
10679 	struct wpa_driver_nl80211_data *drv = bss->drv;
10680 	struct rtnl_neigh *rn;
10681 	struct nl_addr *nl_ipaddr = NULL;
10682 	struct nl_addr *nl_lladdr = NULL;
10683 	int family, addrsize;
10684 	int res;
10685 
10686 	if (!ipaddr || prefixlen == 0 || !addr)
10687 		return -EINVAL;
10688 
10689 	if (bss->br_ifindex == 0) {
10690 		wpa_printf(MSG_DEBUG,
10691 			   "nl80211: bridge must be set before adding an ip neigh to it");
10692 		return -1;
10693 	}
10694 
10695 	if (!drv->rtnl_sk) {
10696 		wpa_printf(MSG_DEBUG,
10697 			   "nl80211: nl_sock for NETLINK_ROUTE is not initialized");
10698 		return -1;
10699 	}
10700 
10701 	if (version == 4) {
10702 		family = AF_INET;
10703 		addrsize = 4;
10704 	} else if (version == 6) {
10705 		family = AF_INET6;
10706 		addrsize = 16;
10707 	} else {
10708 		return -EINVAL;
10709 	}
10710 
10711 	rn = rtnl_neigh_alloc();
10712 	if (rn == NULL)
10713 		return -ENOMEM;
10714 
10715 	/* set the destination ip address for neigh */
10716 	nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
10717 	if (nl_ipaddr == NULL) {
10718 		wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
10719 		res = -ENOMEM;
10720 		goto errout;
10721 	}
10722 	nl_addr_set_prefixlen(nl_ipaddr, prefixlen);
10723 	res = rtnl_neigh_set_dst(rn, nl_ipaddr);
10724 	if (res) {
10725 		wpa_printf(MSG_DEBUG,
10726 			   "nl80211: neigh set destination addr failed");
10727 		goto errout;
10728 	}
10729 
10730 	/* set the corresponding lladdr for neigh */
10731 	nl_lladdr = nl_addr_build(AF_BRIDGE, (u8 *) addr, ETH_ALEN);
10732 	if (nl_lladdr == NULL) {
10733 		wpa_printf(MSG_DEBUG, "nl80211: neigh set lladdr failed");
10734 		res = -ENOMEM;
10735 		goto errout;
10736 	}
10737 	rtnl_neigh_set_lladdr(rn, nl_lladdr);
10738 
10739 	rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
10740 	rtnl_neigh_set_state(rn, NUD_PERMANENT);
10741 
10742 	res = rtnl_neigh_add(drv->rtnl_sk, rn, NLM_F_CREATE);
10743 	if (res) {
10744 		wpa_printf(MSG_DEBUG,
10745 			   "nl80211: Adding bridge ip neigh failed: %s",
10746 			   nl_geterror(res));
10747 	}
10748 errout:
10749 	if (nl_lladdr)
10750 		nl_addr_put(nl_lladdr);
10751 	if (nl_ipaddr)
10752 		nl_addr_put(nl_ipaddr);
10753 	if (rn)
10754 		rtnl_neigh_put(rn);
10755 	return res;
10756 #else /* CONFIG_LIBNL3_ROUTE */
10757 	return -1;
10758 #endif /* CONFIG_LIBNL3_ROUTE */
10759 }
10760 
10761 
10762 static int wpa_driver_br_delete_ip_neigh(void *priv, u8 version,
10763 					 const u8 *ipaddr)
10764 {
10765 #ifdef CONFIG_LIBNL3_ROUTE
10766 	struct i802_bss *bss = priv;
10767 	struct wpa_driver_nl80211_data *drv = bss->drv;
10768 	struct rtnl_neigh *rn;
10769 	struct nl_addr *nl_ipaddr;
10770 	int family, addrsize;
10771 	int res;
10772 
10773 	if (!ipaddr)
10774 		return -EINVAL;
10775 
10776 	if (version == 4) {
10777 		family = AF_INET;
10778 		addrsize = 4;
10779 	} else if (version == 6) {
10780 		family = AF_INET6;
10781 		addrsize = 16;
10782 	} else {
10783 		return -EINVAL;
10784 	}
10785 
10786 	if (bss->br_ifindex == 0) {
10787 		wpa_printf(MSG_DEBUG,
10788 			   "nl80211: bridge must be set to delete an ip neigh");
10789 		return -1;
10790 	}
10791 
10792 	if (!drv->rtnl_sk) {
10793 		wpa_printf(MSG_DEBUG,
10794 			   "nl80211: nl_sock for NETLINK_ROUTE is not initialized");
10795 		return -1;
10796 	}
10797 
10798 	rn = rtnl_neigh_alloc();
10799 	if (rn == NULL)
10800 		return -ENOMEM;
10801 
10802 	/* set the destination ip address for neigh */
10803 	nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
10804 	if (nl_ipaddr == NULL) {
10805 		wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
10806 		res = -ENOMEM;
10807 		goto errout;
10808 	}
10809 	res = rtnl_neigh_set_dst(rn, nl_ipaddr);
10810 	if (res) {
10811 		wpa_printf(MSG_DEBUG,
10812 			   "nl80211: neigh set destination addr failed");
10813 		goto errout;
10814 	}
10815 
10816 	rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
10817 
10818 	res = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
10819 	if (res) {
10820 		wpa_printf(MSG_DEBUG,
10821 			   "nl80211: Deleting bridge ip neigh failed: %s",
10822 			   nl_geterror(res));
10823 	}
10824 errout:
10825 	if (nl_ipaddr)
10826 		nl_addr_put(nl_ipaddr);
10827 	if (rn)
10828 		rtnl_neigh_put(rn);
10829 	return res;
10830 #else /* CONFIG_LIBNL3_ROUTE */
10831 	return -1;
10832 #endif /* CONFIG_LIBNL3_ROUTE */
10833 }
10834 
10835 
10836 static int linux_write_system_file(const char *path, unsigned int val)
10837 {
10838 	char buf[50];
10839 	int fd, len;
10840 
10841 	len = os_snprintf(buf, sizeof(buf), "%u\n", val);
10842 	if (os_snprintf_error(sizeof(buf), len))
10843 		return -1;
10844 
10845 	fd = open(path, O_WRONLY);
10846 	if (fd < 0)
10847 		return -1;
10848 
10849 	if (write(fd, buf, len) < 0) {
10850 		wpa_printf(MSG_DEBUG,
10851 			   "nl80211: Failed to write Linux system file: %s with the value of %d",
10852 			   path, val);
10853 		close(fd);
10854 		return -1;
10855 	}
10856 	close(fd);
10857 
10858 	return 0;
10859 }
10860 
10861 
10862 static const char * drv_br_port_attr_str(enum drv_br_port_attr attr)
10863 {
10864 	switch (attr) {
10865 	case DRV_BR_PORT_ATTR_PROXYARP:
10866 		return "proxyarp_wifi";
10867 	case DRV_BR_PORT_ATTR_HAIRPIN_MODE:
10868 		return "hairpin_mode";
10869 	}
10870 
10871 	return NULL;
10872 }
10873 
10874 
10875 static int wpa_driver_br_port_set_attr(void *priv, enum drv_br_port_attr attr,
10876 				       unsigned int val)
10877 {
10878 	struct i802_bss *bss = priv;
10879 	char path[128];
10880 	const char *attr_txt;
10881 
10882 	attr_txt = drv_br_port_attr_str(attr);
10883 	if (attr_txt == NULL)
10884 		return -EINVAL;
10885 
10886 	os_snprintf(path, sizeof(path), "/sys/class/net/%s/brport/%s",
10887 		    bss->ifname, attr_txt);
10888 
10889 	if (linux_write_system_file(path, val))
10890 		return -1;
10891 
10892 	return 0;
10893 }
10894 
10895 
10896 static const char * drv_br_net_param_str(enum drv_br_net_param param)
10897 {
10898 	switch (param) {
10899 	case DRV_BR_NET_PARAM_GARP_ACCEPT:
10900 		return "arp_accept";
10901 	default:
10902 		return NULL;
10903 	}
10904 }
10905 
10906 
10907 static int wpa_driver_br_set_net_param(void *priv, enum drv_br_net_param param,
10908 				       unsigned int val)
10909 {
10910 	struct i802_bss *bss = priv;
10911 	char path[128];
10912 	const char *param_txt;
10913 	int ip_version = 4;
10914 
10915 	if (param == DRV_BR_MULTICAST_SNOOPING) {
10916 		os_snprintf(path, sizeof(path),
10917 			    "/sys/devices/virtual/net/%s/bridge/multicast_snooping",
10918 			    bss->brname);
10919 		goto set_val;
10920 	}
10921 
10922 	param_txt = drv_br_net_param_str(param);
10923 	if (param_txt == NULL)
10924 		return -EINVAL;
10925 
10926 	switch (param) {
10927 		case DRV_BR_NET_PARAM_GARP_ACCEPT:
10928 			ip_version = 4;
10929 			break;
10930 		default:
10931 			return -EINVAL;
10932 	}
10933 
10934 	os_snprintf(path, sizeof(path), "/proc/sys/net/ipv%d/conf/%s/%s",
10935 		    ip_version, bss->brname, param_txt);
10936 
10937 set_val:
10938 	if (linux_write_system_file(path, val))
10939 		return -1;
10940 
10941 	return 0;
10942 }
10943 
10944 
10945 #ifdef CONFIG_DRIVER_NL80211_QCA
10946 
10947 static int hw_mode_to_qca_acs(enum hostapd_hw_mode hw_mode)
10948 {
10949 	switch (hw_mode) {
10950 	case HOSTAPD_MODE_IEEE80211B:
10951 		return QCA_ACS_MODE_IEEE80211B;
10952 	case HOSTAPD_MODE_IEEE80211G:
10953 		return QCA_ACS_MODE_IEEE80211G;
10954 	case HOSTAPD_MODE_IEEE80211A:
10955 		return QCA_ACS_MODE_IEEE80211A;
10956 	case HOSTAPD_MODE_IEEE80211AD:
10957 		return QCA_ACS_MODE_IEEE80211AD;
10958 	case HOSTAPD_MODE_IEEE80211ANY:
10959 		return QCA_ACS_MODE_IEEE80211ANY;
10960 	default:
10961 		return -1;
10962 	}
10963 }
10964 
10965 
10966 static int add_acs_ch_list(struct nl_msg *msg, const int *freq_list)
10967 {
10968 	int num_channels = 0, num_freqs;
10969 	u8 *ch_list;
10970 	enum hostapd_hw_mode hw_mode;
10971 	int ret = 0;
10972 	int i;
10973 
10974 	if (!freq_list)
10975 		return 0;
10976 
10977 	num_freqs = int_array_len(freq_list);
10978 	ch_list = os_malloc(sizeof(u8) * num_freqs);
10979 	if (!ch_list)
10980 		return -1;
10981 
10982 	for (i = 0; i < num_freqs; i++) {
10983 		const int freq = freq_list[i];
10984 
10985 		if (freq == 0)
10986 			break;
10987 		/* Send 2.4 GHz and 5 GHz channels with
10988 		 * QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST to maintain backwards
10989 		 * compatibility.
10990 		 */
10991 		if (!(freq >= 2412 && freq <= 2484) &&
10992 		    !(freq >= 5180 && freq <= 5900) &&
10993 		    !(freq >= 5945 && freq <= 7115))
10994 			continue;
10995 		hw_mode = ieee80211_freq_to_chan(freq, &ch_list[num_channels]);
10996 		if (hw_mode != NUM_HOSTAPD_MODES)
10997 			num_channels++;
10998 	}
10999 
11000 	if (num_channels)
11001 		ret = nla_put(msg, QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST,
11002 			      num_channels, ch_list);
11003 
11004 	os_free(ch_list);
11005 	return ret;
11006 }
11007 
11008 
11009 static int add_acs_freq_list(struct nl_msg *msg, const int *freq_list)
11010 {
11011 	int i, len, ret;
11012 	u32 *freqs;
11013 
11014 	if (!freq_list)
11015 		return 0;
11016 	len = int_array_len(freq_list);
11017 	freqs = os_malloc(sizeof(u32) * len);
11018 	if (!freqs)
11019 		return -1;
11020 	for (i = 0; i < len; i++)
11021 		freqs[i] = freq_list[i];
11022 	ret = nla_put(msg, QCA_WLAN_VENDOR_ATTR_ACS_FREQ_LIST,
11023 		      sizeof(u32) * len, freqs);
11024 	os_free(freqs);
11025 	return ret;
11026 }
11027 
11028 
11029 static int nl80211_qca_do_acs(struct wpa_driver_nl80211_data *drv,
11030 			      struct drv_acs_params *params)
11031 {
11032 	struct nl_msg *msg;
11033 	struct nlattr *data;
11034 	int ret;
11035 	int mode;
11036 
11037 	mode = hw_mode_to_qca_acs(params->hw_mode);
11038 	if (mode < 0)
11039 		return -1;
11040 
11041 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11042 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11043 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11044 			QCA_NL80211_VENDOR_SUBCMD_DO_ACS) ||
11045 	    !(data = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11046 	    nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_ACS_HW_MODE, mode) ||
11047 	    (params->ht_enabled &&
11048 	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_HT_ENABLED)) ||
11049 	    (params->ht40_enabled &&
11050 	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_HT40_ENABLED)) ||
11051 	    (params->vht_enabled &&
11052 	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_VHT_ENABLED)) ||
11053 	    nla_put_u16(msg, QCA_WLAN_VENDOR_ATTR_ACS_CHWIDTH,
11054 			params->ch_width) ||
11055 	    add_acs_ch_list(msg, params->freq_list) ||
11056 	    add_acs_freq_list(msg, params->freq_list) ||
11057 	    (params->edmg_enabled &&
11058 	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED))) {
11059 		nlmsg_free(msg);
11060 		return -ENOBUFS;
11061 	}
11062 	nla_nest_end(msg, data);
11063 
11064 	wpa_printf(MSG_DEBUG,
11065 		   "nl80211: ACS Params: HW_MODE: %d HT: %d HT40: %d VHT: %d BW: %d EDMG: %d",
11066 		   params->hw_mode, params->ht_enabled, params->ht40_enabled,
11067 		   params->vht_enabled, params->ch_width, params->edmg_enabled);
11068 
11069 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11070 	if (ret) {
11071 		wpa_printf(MSG_DEBUG,
11072 			   "nl80211: Failed to invoke driver ACS function: %s",
11073 			   strerror(-ret));
11074 	}
11075 	return ret;
11076 }
11077 
11078 
11079 static int nl80211_set_band(void *priv, u32 band_mask)
11080 {
11081 	struct i802_bss *bss = priv;
11082 	struct wpa_driver_nl80211_data *drv = bss->drv;
11083 	struct nl_msg *msg;
11084 	struct nlattr *data;
11085 	int ret;
11086 	enum qca_set_band qca_band_value;
11087 	u32 qca_band_mask = QCA_SETBAND_AUTO;
11088 
11089 	if (!drv->setband_vendor_cmd_avail ||
11090 	    (band_mask > (WPA_SETBAND_2G | WPA_SETBAND_5G | WPA_SETBAND_6G)))
11091 		return -1;
11092 
11093 	if (band_mask & WPA_SETBAND_5G)
11094 		qca_band_mask |= QCA_SETBAND_5G;
11095 	if (band_mask & WPA_SETBAND_2G)
11096 		qca_band_mask |= QCA_SETBAND_2G;
11097 	if (band_mask & WPA_SETBAND_6G)
11098 		qca_band_mask |= QCA_SETBAND_6G;
11099 
11100 	/*
11101 	 * QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE is a legacy interface hence make
11102 	 * it suite to its values (AUTO/5G/2G) for backwards compatibility.
11103 	 */
11104 	qca_band_value = ((qca_band_mask & QCA_SETBAND_5G) &&
11105 			  (qca_band_mask & QCA_SETBAND_2G)) ?
11106 				QCA_SETBAND_AUTO :
11107 				qca_band_mask & ~QCA_SETBAND_6G;
11108 
11109 	wpa_printf(MSG_DEBUG,
11110 		   "nl80211: QCA_BAND_MASK = 0x%x, QCA_BAND_VALUE = %d",
11111 		   qca_band_mask, qca_band_value);
11112 
11113 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11114 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11115 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11116 			QCA_NL80211_VENDOR_SUBCMD_SETBAND) ||
11117 	    !(data = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11118 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE,
11119 			qca_band_value) ||
11120 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_SETBAND_MASK,
11121 			qca_band_mask)) {
11122 		nlmsg_free(msg);
11123 		return -ENOBUFS;
11124 	}
11125 	nla_nest_end(msg, data);
11126 
11127 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11128 	if (ret) {
11129 		wpa_printf(MSG_DEBUG,
11130 			   "nl80211: Driver setband function failed: %s",
11131 			   strerror(-ret));
11132 	}
11133 	return ret;
11134 }
11135 
11136 
11137 struct nl80211_pcl {
11138 	unsigned int num;
11139 	unsigned int *freq_list;
11140 };
11141 
11142 static int preferred_freq_info_handler(struct nl_msg *msg, void *arg)
11143 {
11144 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
11145 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
11146 	struct nl80211_pcl *param = arg;
11147 	struct nlattr *nl_vend, *attr;
11148 	enum qca_iface_type iface_type;
11149 	struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1];
11150 	unsigned int num, max_num;
11151 	u32 *freqs;
11152 
11153 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
11154 		  genlmsg_attrlen(gnlh, 0), NULL);
11155 
11156 	nl_vend = tb[NL80211_ATTR_VENDOR_DATA];
11157 	if (!nl_vend)
11158 		return NL_SKIP;
11159 
11160 	nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX,
11161 		  nla_data(nl_vend), nla_len(nl_vend), NULL);
11162 
11163 	attr = tb_vendor[
11164 		QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST_IFACE_TYPE];
11165 	if (!attr) {
11166 		wpa_printf(MSG_ERROR, "nl80211: iface_type couldn't be found");
11167 		param->num = 0;
11168 		return NL_SKIP;
11169 	}
11170 
11171 	iface_type = (enum qca_iface_type) nla_get_u32(attr);
11172 	wpa_printf(MSG_DEBUG, "nl80211: Driver returned iface_type=%d",
11173 		   iface_type);
11174 
11175 	attr = tb_vendor[QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST];
11176 	if (!attr) {
11177 		wpa_printf(MSG_ERROR,
11178 			   "nl80211: preferred_freq_list couldn't be found");
11179 		param->num = 0;
11180 		return NL_SKIP;
11181 	}
11182 
11183 	/*
11184 	 * param->num has the maximum number of entries for which there
11185 	 * is room in the freq_list provided by the caller.
11186 	 */
11187 	freqs = nla_data(attr);
11188 	max_num = nla_len(attr) / sizeof(u32);
11189 	if (max_num > param->num)
11190 		max_num = param->num;
11191 	for (num = 0; num < max_num; num++)
11192 		param->freq_list[num] = freqs[num];
11193 	param->num = num;
11194 
11195 	return NL_SKIP;
11196 }
11197 
11198 
11199 static int nl80211_get_pref_freq_list(void *priv,
11200 				      enum wpa_driver_if_type if_type,
11201 				      unsigned int *num,
11202 				      unsigned int *freq_list)
11203 {
11204 	struct i802_bss *bss = priv;
11205 	struct wpa_driver_nl80211_data *drv = bss->drv;
11206 	struct nl_msg *msg;
11207 	int ret;
11208 	unsigned int i;
11209 	struct nlattr *params;
11210 	struct nl80211_pcl param;
11211 	enum qca_iface_type iface_type;
11212 
11213 	if (!drv->get_pref_freq_list)
11214 		return -1;
11215 
11216 	switch (if_type) {
11217 	case WPA_IF_STATION:
11218 		iface_type = QCA_IFACE_TYPE_STA;
11219 		break;
11220 	case WPA_IF_AP_BSS:
11221 		iface_type = QCA_IFACE_TYPE_AP;
11222 		break;
11223 	case WPA_IF_P2P_GO:
11224 		iface_type = QCA_IFACE_TYPE_P2P_GO;
11225 		break;
11226 	case WPA_IF_P2P_CLIENT:
11227 		iface_type = QCA_IFACE_TYPE_P2P_CLIENT;
11228 		break;
11229 	case WPA_IF_IBSS:
11230 		iface_type = QCA_IFACE_TYPE_IBSS;
11231 		break;
11232 	case WPA_IF_TDLS:
11233 		iface_type = QCA_IFACE_TYPE_TDLS;
11234 		break;
11235 	default:
11236 		return -1;
11237 	}
11238 
11239 	param.num = *num;
11240 	param.freq_list = freq_list;
11241 
11242 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11243 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, drv->ifindex) ||
11244 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11245 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11246 			QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST) ||
11247 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11248 	    nla_put_u32(msg,
11249 			QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST_IFACE_TYPE,
11250 			iface_type)) {
11251 		wpa_printf(MSG_ERROR,
11252 			   "%s: err in adding vendor_cmd and vendor_data",
11253 			   __func__);
11254 		nlmsg_free(msg);
11255 		return -1;
11256 	}
11257 	nla_nest_end(msg, params);
11258 
11259 	os_memset(freq_list, 0, *num * sizeof(freq_list[0]));
11260 	ret = send_and_recv_msgs(drv, msg, preferred_freq_info_handler, &param,
11261 				 NULL, NULL);
11262 	if (ret) {
11263 		wpa_printf(MSG_ERROR,
11264 			   "%s: err in send_and_recv_msgs", __func__);
11265 		return ret;
11266 	}
11267 
11268 	*num = param.num;
11269 
11270 	for (i = 0; i < *num; i++) {
11271 		wpa_printf(MSG_DEBUG, "nl80211: preferred_channel_list[%d]=%d",
11272 			   i, freq_list[i]);
11273 	}
11274 
11275 	return 0;
11276 }
11277 
11278 
11279 static int nl80211_set_prob_oper_freq(void *priv, unsigned int freq)
11280 {
11281 	struct i802_bss *bss = priv;
11282 	struct wpa_driver_nl80211_data *drv = bss->drv;
11283 	struct nl_msg *msg;
11284 	int ret;
11285 	struct nlattr *params;
11286 
11287 	if (!drv->set_prob_oper_freq)
11288 		return -1;
11289 
11290 	wpa_printf(MSG_DEBUG,
11291 		   "nl80211: Set P2P probable operating freq %u for ifindex %d",
11292 		   freq, bss->ifindex);
11293 
11294 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11295 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11296 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11297 			QCA_NL80211_VENDOR_SUBCMD_SET_PROBABLE_OPER_CHANNEL) ||
11298 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11299 	    nla_put_u32(msg,
11300 			QCA_WLAN_VENDOR_ATTR_PROBABLE_OPER_CHANNEL_IFACE_TYPE,
11301 			QCA_IFACE_TYPE_P2P_CLIENT) ||
11302 	    nla_put_u32(msg,
11303 			QCA_WLAN_VENDOR_ATTR_PROBABLE_OPER_CHANNEL_FREQ,
11304 			freq)) {
11305 		wpa_printf(MSG_ERROR,
11306 			   "%s: err in adding vendor_cmd and vendor_data",
11307 			   __func__);
11308 		nlmsg_free(msg);
11309 		return -1;
11310 	}
11311 	nla_nest_end(msg, params);
11312 
11313 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11314 	msg = NULL;
11315 	if (ret) {
11316 		wpa_printf(MSG_ERROR, "%s: err in send_and_recv_msgs",
11317 			   __func__);
11318 		return ret;
11319 	}
11320 	nlmsg_free(msg);
11321 	return 0;
11322 }
11323 
11324 
11325 static int nl80211_p2p_lo_start(void *priv, unsigned int freq,
11326 				unsigned int period, unsigned int interval,
11327 				unsigned int count, const u8 *device_types,
11328 				size_t dev_types_len,
11329 				const u8 *ies, size_t ies_len)
11330 {
11331 	struct i802_bss *bss = priv;
11332 	struct wpa_driver_nl80211_data *drv = bss->drv;
11333 	struct nl_msg *msg;
11334 	struct nlattr *container;
11335 	int ret;
11336 
11337 	wpa_printf(MSG_DEBUG,
11338 		   "nl80211: Start P2P Listen offload: freq=%u, period=%u, interval=%u, count=%u",
11339 		   freq, period, interval, count);
11340 
11341 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_P2P_LISTEN_OFFLOAD))
11342 		return -1;
11343 
11344 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11345 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11346 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11347 			QCA_NL80211_VENDOR_SUBCMD_P2P_LISTEN_OFFLOAD_START))
11348 		goto fail;
11349 
11350 	container = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
11351 	if (!container)
11352 		goto fail;
11353 
11354 	if (nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_CHANNEL,
11355 			freq) ||
11356 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_PERIOD,
11357 			period) ||
11358 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_INTERVAL,
11359 			interval) ||
11360 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_COUNT,
11361 			count) ||
11362 	    nla_put(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_DEVICE_TYPES,
11363 		    dev_types_len, device_types) ||
11364 	    nla_put(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_VENDOR_IE,
11365 		    ies_len, ies))
11366 		goto fail;
11367 
11368 	nla_nest_end(msg, container);
11369 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11370 	msg = NULL;
11371 	if (ret) {
11372 		wpa_printf(MSG_DEBUG,
11373 			   "nl80211: Failed to send P2P Listen offload vendor command");
11374 		goto fail;
11375 	}
11376 
11377 	return 0;
11378 
11379 fail:
11380 	nlmsg_free(msg);
11381 	return -1;
11382 }
11383 
11384 
11385 static int nl80211_p2p_lo_stop(void *priv)
11386 {
11387 	struct i802_bss *bss = priv;
11388 	struct wpa_driver_nl80211_data *drv = bss->drv;
11389 	struct nl_msg *msg;
11390 
11391 	wpa_printf(MSG_DEBUG, "nl80211: Stop P2P Listen offload");
11392 
11393 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_P2P_LISTEN_OFFLOAD))
11394 		return -1;
11395 
11396 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11397 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11398 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11399 			QCA_NL80211_VENDOR_SUBCMD_P2P_LISTEN_OFFLOAD_STOP)) {
11400 		nlmsg_free(msg);
11401 		return -1;
11402 	}
11403 
11404 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11405 }
11406 
11407 
11408 static int nl80211_set_tdls_mode(void *priv, int tdls_external_control)
11409 {
11410 	struct i802_bss *bss = priv;
11411 	struct wpa_driver_nl80211_data *drv = bss->drv;
11412 	struct nl_msg *msg;
11413 	struct nlattr *params;
11414 	int ret;
11415 	u32 tdls_mode;
11416 
11417 	wpa_printf(MSG_DEBUG,
11418 		   "nl80211: Set TDKS mode: tdls_external_control=%d",
11419 		   tdls_external_control);
11420 
11421 	if (tdls_external_control == 1)
11422 		tdls_mode = QCA_WLAN_VENDOR_TDLS_TRIGGER_MODE_IMPLICIT |
11423 			QCA_WLAN_VENDOR_TDLS_TRIGGER_MODE_EXTERNAL;
11424 	else
11425 		tdls_mode = QCA_WLAN_VENDOR_TDLS_TRIGGER_MODE_EXPLICIT;
11426 
11427 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11428 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11429 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11430 			QCA_NL80211_VENDOR_SUBCMD_CONFIGURE_TDLS))
11431 		goto fail;
11432 
11433 	params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
11434 	if (!params)
11435 		goto fail;
11436 
11437 	if (nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_TDLS_CONFIG_TRIGGER_MODE,
11438 			tdls_mode))
11439 		goto fail;
11440 
11441 	nla_nest_end(msg, params);
11442 
11443 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11444 	msg = NULL;
11445 	if (ret) {
11446 		wpa_printf(MSG_ERROR,
11447 			   "nl80211: Set TDLS mode failed: ret=%d (%s)",
11448 			   ret, strerror(-ret));
11449 		goto fail;
11450 	}
11451 	return 0;
11452 fail:
11453 	nlmsg_free(msg);
11454 	return -1;
11455 }
11456 
11457 
11458 #ifdef CONFIG_MBO
11459 
11460 static enum mbo_transition_reject_reason
11461 nl80211_mbo_reject_reason_mapping(enum qca_wlan_btm_candidate_status status)
11462 {
11463 	switch (status) {
11464 	case QCA_STATUS_REJECT_EXCESSIVE_FRAME_LOSS_EXPECTED:
11465 		return MBO_TRANSITION_REJECT_REASON_FRAME_LOSS;
11466 	case QCA_STATUS_REJECT_EXCESSIVE_DELAY_EXPECTED:
11467 		return MBO_TRANSITION_REJECT_REASON_DELAY;
11468 	case QCA_STATUS_REJECT_INSUFFICIENT_QOS_CAPACITY:
11469 		return MBO_TRANSITION_REJECT_REASON_QOS_CAPACITY;
11470 	case QCA_STATUS_REJECT_LOW_RSSI:
11471 		return MBO_TRANSITION_REJECT_REASON_RSSI;
11472 	case QCA_STATUS_REJECT_HIGH_INTERFERENCE:
11473 		return MBO_TRANSITION_REJECT_REASON_INTERFERENCE;
11474 	case QCA_STATUS_REJECT_UNKNOWN:
11475 	default:
11476 		return MBO_TRANSITION_REJECT_REASON_UNSPECIFIED;
11477 	}
11478 }
11479 
11480 
11481 static void nl80211_parse_btm_candidate_info(struct candidate_list *candidate,
11482 					     struct nlattr *tb[], int num)
11483 {
11484 	enum qca_wlan_btm_candidate_status status;
11485 	char buf[50];
11486 
11487 	os_memcpy(candidate->bssid,
11488 		  nla_data(tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_BSSID]),
11489 		  ETH_ALEN);
11490 
11491 	status = nla_get_u32(
11492 		tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_STATUS]);
11493 	candidate->is_accept = status == QCA_STATUS_ACCEPT;
11494 	candidate->reject_reason = nl80211_mbo_reject_reason_mapping(status);
11495 
11496 	if (candidate->is_accept)
11497 		os_snprintf(buf, sizeof(buf), "Accepted");
11498 	else
11499 		os_snprintf(buf, sizeof(buf),
11500 			    "Rejected, Reject_reason: %d",
11501 			    candidate->reject_reason);
11502 	wpa_printf(MSG_DEBUG, "nl80211:   BSSID[%d]: " MACSTR " %s",
11503 		   num, MAC2STR(candidate->bssid), buf);
11504 }
11505 
11506 
11507 static int
11508 nl80211_get_bss_transition_status_handler(struct nl_msg *msg, void *arg)
11509 {
11510 	struct wpa_bss_candidate_info *info = arg;
11511 	struct candidate_list *candidate = info->candidates;
11512 	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
11513 	struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1];
11514 	struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_MAX + 1];
11515 	static struct nla_policy policy[
11516 		QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_MAX + 1] = {
11517 		[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_BSSID] = {
11518 			.minlen = ETH_ALEN
11519 		},
11520 		[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_STATUS] = {
11521 			.type = NLA_U32,
11522 		},
11523 	};
11524 	struct nlattr *attr;
11525 	int rem;
11526 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
11527 	u8 num;
11528 
11529 	num = info->num; /* number of candidates sent to driver */
11530 	info->num = 0;
11531 	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
11532 		  genlmsg_attrlen(gnlh, 0), NULL);
11533 
11534 	if (!tb_msg[NL80211_ATTR_VENDOR_DATA] ||
11535 	    nla_parse_nested(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX,
11536 			     tb_msg[NL80211_ATTR_VENDOR_DATA], NULL) ||
11537 	    !tb_vendor[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO])
11538 		return NL_SKIP;
11539 
11540 	wpa_printf(MSG_DEBUG,
11541 		   "nl80211: WNM Candidate list received from driver");
11542 	nla_for_each_nested(attr,
11543 			    tb_vendor[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO],
11544 			    rem) {
11545 		if (info->num >= num ||
11546 		    nla_parse_nested(
11547 			    tb, QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_MAX,
11548 			    attr, policy) ||
11549 		    !tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_BSSID] ||
11550 		    !tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_STATUS])
11551 			break;
11552 
11553 		nl80211_parse_btm_candidate_info(candidate, tb, info->num);
11554 
11555 		candidate++;
11556 		info->num++;
11557 	}
11558 
11559 	return NL_SKIP;
11560 }
11561 
11562 
11563 static struct wpa_bss_candidate_info *
11564 nl80211_get_bss_transition_status(void *priv, struct wpa_bss_trans_info *params)
11565 {
11566 	struct i802_bss *bss = priv;
11567 	struct wpa_driver_nl80211_data *drv = bss->drv;
11568 	struct nl_msg *msg;
11569 	struct nlattr *attr, *attr1, *attr2;
11570 	struct wpa_bss_candidate_info *info;
11571 	u8 i;
11572 	int ret;
11573 	u8 *pos;
11574 
11575 	if (!drv->fetch_bss_trans_status)
11576 		return NULL;
11577 
11578 	info = os_zalloc(sizeof(*info));
11579 	if (!info)
11580 		return NULL;
11581 	/* Allocate memory for number of candidates sent to driver */
11582 	info->candidates = os_calloc(params->n_candidates,
11583 				     sizeof(*info->candidates));
11584 	if (!info->candidates) {
11585 		os_free(info);
11586 		return NULL;
11587 	}
11588 
11589 	/* Copy the number of candidates being sent to driver. This is used in
11590 	 * nl80211_get_bss_transition_status_handler() to limit the number of
11591 	 * candidates that can be populated in info->candidates and will be
11592 	 * later overwritten with the actual number of candidates received from
11593 	 * the driver.
11594 	 */
11595 	info->num = params->n_candidates;
11596 
11597 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11598 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11599 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11600 			QCA_NL80211_VENDOR_SUBCMD_FETCH_BSS_TRANSITION_STATUS))
11601 		goto fail;
11602 
11603 	attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
11604 	if (!attr)
11605 		goto fail;
11606 
11607 	if (nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_BTM_MBO_TRANSITION_REASON,
11608 		       params->mbo_transition_reason))
11609 		goto fail;
11610 
11611 	attr1 = nla_nest_start(msg, QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO);
11612 	if (!attr1)
11613 		goto fail;
11614 
11615 	wpa_printf(MSG_DEBUG,
11616 		   "nl80211: WNM Candidate list info sending to driver: mbo_transition_reason: %d n_candidates: %d",
11617 		   params->mbo_transition_reason, params->n_candidates);
11618 	pos = params->bssid;
11619 	for (i = 0; i < params->n_candidates; i++) {
11620 		wpa_printf(MSG_DEBUG, "nl80211:   BSSID[%d]: " MACSTR, i,
11621 			   MAC2STR(pos));
11622 		attr2 = nla_nest_start(msg, i);
11623 		if (!attr2 ||
11624 		    nla_put(msg, QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_BSSID,
11625 			    ETH_ALEN, pos))
11626 			goto fail;
11627 		pos += ETH_ALEN;
11628 		nla_nest_end(msg, attr2);
11629 	}
11630 
11631 	nla_nest_end(msg, attr1);
11632 	nla_nest_end(msg, attr);
11633 
11634 	ret = send_and_recv_msgs(drv, msg,
11635 				 nl80211_get_bss_transition_status_handler,
11636 				 info, NULL, NULL);
11637 	msg = NULL;
11638 	if (ret) {
11639 		wpa_printf(MSG_ERROR,
11640 			   "nl80211: WNM Get BSS transition status failed: ret=%d (%s)",
11641 			   ret, strerror(-ret));
11642 		goto fail;
11643 	}
11644 	return info;
11645 
11646 fail:
11647 	nlmsg_free(msg);
11648 	os_free(info->candidates);
11649 	os_free(info);
11650 	return NULL;
11651 }
11652 
11653 
11654 /**
11655  * nl80211_ignore_assoc_disallow - Configure driver to ignore assoc_disallow
11656  * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
11657  * @ignore_assoc_disallow: 0 to not ignore, 1 to ignore
11658  * Returns: 0 on success, -1 on failure
11659  */
11660 static int nl80211_ignore_assoc_disallow(void *priv, int ignore_disallow)
11661 {
11662 	struct i802_bss *bss = priv;
11663 	struct wpa_driver_nl80211_data *drv = bss->drv;
11664 	struct nl_msg *msg;
11665 	struct nlattr *attr;
11666 	int ret = -1;
11667 
11668 	if (!drv->set_wifi_conf_vendor_cmd_avail)
11669 		return -1;
11670 
11671 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11672 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11673 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11674 			QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION))
11675 		goto fail;
11676 
11677 	attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
11678 	if (!attr)
11679 		goto fail;
11680 
11681 	wpa_printf(MSG_DEBUG, "nl80211: Set ignore_assoc_disallow %d",
11682 		   ignore_disallow);
11683 	if (nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_CONFIG_IGNORE_ASSOC_DISALLOWED,
11684 		       ignore_disallow))
11685 		goto fail;
11686 
11687 	nla_nest_end(msg, attr);
11688 
11689 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11690 	msg = NULL;
11691 	if (ret) {
11692 		wpa_printf(MSG_ERROR,
11693 			   "nl80211: Set ignore_assoc_disallow failed: ret=%d (%s)",
11694 			   ret, strerror(-ret));
11695 		goto fail;
11696 	}
11697 
11698 fail:
11699 	nlmsg_free(msg);
11700 	return ret;
11701 }
11702 
11703 #endif /* CONFIG_MBO */
11704 
11705 #endif /* CONFIG_DRIVER_NL80211_QCA */
11706 
11707 
11708 #ifdef CONFIG_DRIVER_NL80211_BRCM
11709 static int wpa_driver_do_broadcom_acs(struct wpa_driver_nl80211_data *drv,
11710 				      struct drv_acs_params *params)
11711 {
11712 	struct nl_msg *msg;
11713 	struct nlattr *data;
11714 	int freq_list_len;
11715 	int ret = -1;
11716 
11717 	freq_list_len = int_array_len(params->freq_list);
11718 	wpa_printf(MSG_DEBUG, "%s: freq_list_len=%d",
11719 		   __func__, freq_list_len);
11720 
11721 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
11722 	if (!msg ||
11723 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_BRCM) ||
11724 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11725 			BRCM_VENDOR_SCMD_ACS) ||
11726 	    !(data = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11727 	    nla_put_u8(msg, BRCM_VENDOR_ATTR_ACS_HW_MODE, params->hw_mode) ||
11728 	    nla_put_u8(msg, BRCM_VENDOR_ATTR_ACS_HT_ENABLED,
11729 		       params->ht_enabled) ||
11730 	    nla_put_u8(msg, BRCM_VENDOR_ATTR_ACS_HT40_ENABLED,
11731 		       params->ht40_enabled) ||
11732 	    nla_put_u8(msg, BRCM_VENDOR_ATTR_ACS_VHT_ENABLED,
11733 		       params->vht_enabled) ||
11734 	    nla_put_u16(msg, BRCM_VENDOR_ATTR_ACS_CHWIDTH, params->ch_width) ||
11735 	    (freq_list_len > 0 &&
11736 	     nla_put(msg, BRCM_VENDOR_ATTR_ACS_FREQ_LIST,
11737 		     sizeof(int) * freq_list_len, params->freq_list)))
11738 		goto fail;
11739 	nla_nest_end(msg, data);
11740 
11741 	wpa_printf(MSG_DEBUG,
11742 		   "nl80211: ACS Params: HW_MODE: %d HT: %d HT40: %d VHT: %d BW: %d",
11743 		   params->hw_mode, params->ht_enabled, params->ht40_enabled,
11744 		   params->vht_enabled, params->ch_width);
11745 
11746 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11747 	if (ret) {
11748 		wpa_printf(MSG_ERROR,
11749 			   "nl80211: BRCM Failed to invoke driver ACS function: %s",
11750 			   strerror(errno));
11751 	}
11752 
11753 	msg = NULL;
11754 fail:
11755 	nlmsg_free(msg);
11756 	return ret;
11757 }
11758 #endif /* CONFIG_DRIVER_NL80211_BRCM */
11759 
11760 
11761 static int nl80211_do_acs(void *priv, struct drv_acs_params *params)
11762 {
11763 #if defined(CONFIG_DRIVER_NL80211_QCA) || defined(CONFIG_DRIVER_NL80211_BRCM)
11764 	struct i802_bss *bss = priv;
11765 	struct wpa_driver_nl80211_data *drv = bss->drv;
11766 #endif /* CONFIG_DRIVER_NL80211_QCA || CONFIG_DRIVER_NL80211_BRCM */
11767 
11768 #ifdef CONFIG_DRIVER_NL80211_QCA
11769 	if (drv->qca_do_acs)
11770 		return nl80211_qca_do_acs(drv, params);
11771 #endif /* CONFIG_DRIVER_NL80211_QCA */
11772 
11773 #ifdef CONFIG_DRIVER_NL80211_BRCM
11774 	if (drv->brcm_do_acs)
11775 		return wpa_driver_do_broadcom_acs(drv, params);
11776 #endif /* CONFIG_DRIVER_NL80211_BRCM */
11777 
11778 	return -1;
11779 }
11780 
11781 
11782 static int nl80211_write_to_file(const char *name, unsigned int val)
11783 {
11784 	int fd, len;
11785 	char tmp[128];
11786 	int ret = 0;
11787 
11788 	fd = open(name, O_RDWR);
11789 	if (fd < 0) {
11790 		int level;
11791 		/*
11792 		 * Flags may not exist on older kernels, or while we're tearing
11793 		 * down a disappearing device.
11794 		 */
11795 		if (errno == ENOENT) {
11796 			ret = 0;
11797 			level = MSG_DEBUG;
11798 		} else {
11799 			ret = -1;
11800 			level = MSG_ERROR;
11801 		}
11802 		wpa_printf(level, "nl80211: Failed to open %s: %s",
11803 			   name, strerror(errno));
11804 		return ret;
11805 	}
11806 
11807 	len = os_snprintf(tmp, sizeof(tmp), "%u\n", val);
11808 	len = write(fd, tmp, len);
11809 	if (len < 0) {
11810 		ret = -1;
11811 		wpa_printf(MSG_ERROR, "nl80211: Failed to write to %s: %s",
11812 			   name, strerror(errno));
11813 	}
11814 	close(fd);
11815 
11816 	return ret;
11817 }
11818 
11819 
11820 static int nl80211_configure_data_frame_filters(void *priv, u32 filter_flags)
11821 {
11822 	struct i802_bss *bss = priv;
11823 	char path[128];
11824 	int ret;
11825 
11826 	/* P2P-Device has no netdev that can (or should) be configured here */
11827 	if (nl80211_get_ifmode(bss) == NL80211_IFTYPE_P2P_DEVICE)
11828 		return 0;
11829 
11830 	wpa_printf(MSG_DEBUG, "nl80211: Data frame filter flags=0x%x",
11831 		   filter_flags);
11832 
11833 	/* Configure filtering of unicast frame encrypted using GTK */
11834 	ret = os_snprintf(path, sizeof(path),
11835 			  "/proc/sys/net/ipv4/conf/%s/drop_unicast_in_l2_multicast",
11836 			  bss->ifname);
11837 	if (os_snprintf_error(sizeof(path), ret))
11838 		return -1;
11839 
11840 	ret = nl80211_write_to_file(path,
11841 				    !!(filter_flags &
11842 				       WPA_DATA_FRAME_FILTER_FLAG_GTK));
11843 	if (ret) {
11844 		wpa_printf(MSG_ERROR,
11845 			   "nl80211: Failed to set IPv4 unicast in multicast filter");
11846 		return ret;
11847 	}
11848 
11849 	os_snprintf(path, sizeof(path),
11850 		    "/proc/sys/net/ipv6/conf/%s/drop_unicast_in_l2_multicast",
11851 		    bss->ifname);
11852 	ret = nl80211_write_to_file(path,
11853 				    !!(filter_flags &
11854 				       WPA_DATA_FRAME_FILTER_FLAG_GTK));
11855 
11856 	if (ret) {
11857 		wpa_printf(MSG_ERROR,
11858 			   "nl80211: Failed to set IPv6 unicast in multicast filter");
11859 		return ret;
11860 	}
11861 
11862 	/* Configure filtering of unicast frame encrypted using GTK */
11863 	os_snprintf(path, sizeof(path),
11864 		    "/proc/sys/net/ipv4/conf/%s/drop_gratuitous_arp",
11865 		    bss->ifname);
11866 	ret = nl80211_write_to_file(path,
11867 				    !!(filter_flags &
11868 				       WPA_DATA_FRAME_FILTER_FLAG_ARP));
11869 	if (ret) {
11870 		wpa_printf(MSG_ERROR,
11871 			   "nl80211: Failed set gratuitous ARP filter");
11872 		return ret;
11873 	}
11874 
11875 	/* Configure filtering of IPv6 NA frames */
11876 	os_snprintf(path, sizeof(path),
11877 		    "/proc/sys/net/ipv6/conf/%s/drop_unsolicited_na",
11878 		    bss->ifname);
11879 	ret = nl80211_write_to_file(path,
11880 				    !!(filter_flags &
11881 				       WPA_DATA_FRAME_FILTER_FLAG_NA));
11882 	if (ret) {
11883 		wpa_printf(MSG_ERROR,
11884 			   "nl80211: Failed to set unsolicited NA filter");
11885 		return ret;
11886 	}
11887 
11888 	return 0;
11889 }
11890 
11891 
11892 static int nl80211_get_ext_capab(void *priv, enum wpa_driver_if_type type,
11893 				 const u8 **ext_capa, const u8 **ext_capa_mask,
11894 				 unsigned int *ext_capa_len)
11895 {
11896 	struct i802_bss *bss = priv;
11897 	struct wpa_driver_nl80211_data *drv = bss->drv;
11898 	enum nl80211_iftype nlmode;
11899 	unsigned int i;
11900 
11901 	if (!ext_capa || !ext_capa_mask || !ext_capa_len)
11902 		return -1;
11903 
11904 	nlmode = wpa_driver_nl80211_if_type(type);
11905 
11906 	/* By default, use the per-radio values */
11907 	*ext_capa = drv->extended_capa;
11908 	*ext_capa_mask = drv->extended_capa_mask;
11909 	*ext_capa_len = drv->extended_capa_len;
11910 
11911 	/* Replace the default value if a per-interface type value exists */
11912 	for (i = 0; i < drv->num_iface_ext_capa; i++) {
11913 		if (nlmode == drv->iface_ext_capa[i].iftype) {
11914 			*ext_capa = drv->iface_ext_capa[i].ext_capa;
11915 			*ext_capa_mask = drv->iface_ext_capa[i].ext_capa_mask;
11916 			*ext_capa_len = drv->iface_ext_capa[i].ext_capa_len;
11917 			break;
11918 		}
11919 	}
11920 
11921 	return 0;
11922 }
11923 
11924 
11925 static int nl80211_update_connection_params(
11926 	void *priv, struct wpa_driver_associate_params *params,
11927 	enum wpa_drv_update_connect_params_mask mask)
11928 {
11929 	struct i802_bss *bss = priv;
11930 	struct wpa_driver_nl80211_data *drv = bss->drv;
11931 	struct nl_msg *msg;
11932 	int ret = -1;
11933 	enum nl80211_auth_type type;
11934 
11935 	/* Update Connection Params is intended for drivers that implement
11936 	 * internal SME and expect these updated connection params from
11937 	 * wpa_supplicant. Do not send this request for the drivers using
11938 	 * SME from wpa_supplicant.
11939 	 */
11940 	if (drv->capa.flags & WPA_DRIVER_FLAGS_SME)
11941 		return 0;
11942 
11943 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_UPDATE_CONNECT_PARAMS);
11944 	if (!msg)
11945 		goto fail;
11946 
11947 	wpa_printf(MSG_DEBUG, "nl80211: Update connection params (ifindex=%d)",
11948 		   drv->ifindex);
11949 
11950 	if ((mask & WPA_DRV_UPDATE_ASSOC_IES) && params->wpa_ie) {
11951 		if (nla_put(msg, NL80211_ATTR_IE, params->wpa_ie_len,
11952 			    params->wpa_ie))
11953 			goto fail;
11954 		wpa_hexdump(MSG_DEBUG, "  * IEs", params->wpa_ie,
11955 			    params->wpa_ie_len);
11956 	}
11957 
11958 	if (mask & WPA_DRV_UPDATE_AUTH_TYPE) {
11959 		type = get_nl_auth_type(params->auth_alg);
11960 		if (type == NL80211_AUTHTYPE_MAX ||
11961 		    nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE, type))
11962 			goto fail;
11963 		wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
11964 	}
11965 
11966 	if ((mask & WPA_DRV_UPDATE_FILS_ERP_INFO) &&
11967 	    nl80211_put_fils_connect_params(drv, params, msg))
11968 		goto fail;
11969 
11970 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11971 	msg = NULL;
11972 	if (ret)
11973 		wpa_dbg(drv->ctx, MSG_DEBUG,
11974 			"nl80211: Update connect params command failed: ret=%d (%s)",
11975 			ret, strerror(-ret));
11976 
11977 fail:
11978 	nlmsg_free(msg);
11979 	return ret;
11980 }
11981 
11982 
11983 static int nl80211_send_external_auth_status(void *priv,
11984 					     struct external_auth *params)
11985 {
11986 	struct i802_bss *bss = priv;
11987 	struct wpa_driver_nl80211_data *drv = bss->drv;
11988 	struct nl_msg *msg = NULL;
11989 	int ret = -1;
11990 
11991 	/* External auth command/status is intended for drivers that implement
11992 	 * internal SME but want to offload authentication processing (e.g.,
11993 	 * SAE) to hostapd/wpa_supplicant. Do not send the status to drivers
11994 	 * which do not support AP SME or use wpa_supplicant/hostapd SME.
11995 	 */
11996 	if ((is_ap_interface(drv->nlmode) && !bss->drv->device_ap_sme) ||
11997 	    (drv->capa.flags & WPA_DRIVER_FLAGS_SME))
11998 		return -1;
11999 
12000 	wpa_dbg(drv->ctx, MSG_DEBUG,
12001 		"nl80211: External auth status: %u", params->status);
12002 
12003 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_EXTERNAL_AUTH);
12004 	if (!msg ||
12005 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, params->status) ||
12006 	    (params->ssid && params->ssid_len &&
12007 	     nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid)) ||
12008 	    (params->pmkid &&
12009 	     nla_put(msg, NL80211_ATTR_PMKID, PMKID_LEN, params->pmkid)) ||
12010 	    (params->bssid &&
12011 	     nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid)))
12012 		goto fail;
12013 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
12014 	msg = NULL;
12015 	if (ret) {
12016 		wpa_printf(MSG_DEBUG,
12017 			   "nl80211: External Auth status update failed: ret=%d (%s)",
12018 			   ret, strerror(-ret));
12019 		goto fail;
12020 	}
12021 fail:
12022 	nlmsg_free(msg);
12023 	return ret;
12024 }
12025 
12026 
12027 static int nl80211_set_4addr_mode(void *priv, const char *bridge_ifname,
12028 				  int val)
12029 {
12030 	struct i802_bss *bss = priv;
12031 	struct wpa_driver_nl80211_data *drv = bss->drv;
12032 	struct nl_msg *msg;
12033 	int ret = -ENOBUFS;
12034 
12035 	wpa_printf(MSG_DEBUG, "nl80211: %s 4addr mode (bridge_ifname: %s)",
12036 		   val ? "Enable" : "Disable", bridge_ifname);
12037 
12038 	msg = nl80211_cmd_msg(drv->first_bss, 0, NL80211_CMD_SET_INTERFACE);
12039 	if (!msg || nla_put_u8(msg, NL80211_ATTR_4ADDR, val))
12040 		goto fail;
12041 
12042 	if (bridge_ifname[0] && bss->added_if_into_bridge && !val) {
12043 		if (linux_br_del_if(drv->global->ioctl_sock,
12044 				    bridge_ifname, bss->ifname)) {
12045 			wpa_printf(MSG_ERROR,
12046 				   "nl80211: Failed to remove interface %s from bridge %s",
12047 				   bss->ifname, bridge_ifname);
12048 			return -1;
12049 		}
12050 		bss->added_if_into_bridge = 0;
12051 	}
12052 
12053 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
12054 	msg = NULL;
12055 	if (ret && val && nl80211_get_4addr(bss) == 1) {
12056 		wpa_printf(MSG_DEBUG,
12057 			   "nl80211: 4addr mode was already enabled");
12058 		ret = 0;
12059 	}
12060 	if (!ret) {
12061 		if (bridge_ifname[0] && val &&
12062 		    i802_check_bridge(drv, bss, bridge_ifname, bss->ifname) < 0)
12063 			return -1;
12064 		return 0;
12065 	}
12066 
12067 fail:
12068 	nlmsg_free(msg);
12069 	wpa_printf(MSG_ERROR, "nl80211: Failed to enable/disable 4addr");
12070 
12071 	return ret;
12072 }
12073 
12074 
12075 #ifdef CONFIG_DPP
12076 static int nl80211_dpp_listen(void *priv, bool enable)
12077 {
12078 	struct i802_bss *bss = priv;
12079 	struct wpa_driver_nl80211_data *drv = bss->drv;
12080 	u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
12081 	struct nl_sock *handle;
12082 
12083 	if (!drv->multicast_registrations || !bss->nl_mgmt)
12084 		return 0; /* cannot do more than hope broadcast RX works */
12085 
12086 	wpa_printf(MSG_DEBUG,
12087 		   "nl80211: Update DPP Public Action frame registration (%s multicast RX)",
12088 		   enable ? "enable" : "disable");
12089 	handle = (void *) (((intptr_t) bss->nl_mgmt) ^ ELOOP_SOCKET_INVALID);
12090 	return nl80211_register_frame(bss, handle, type,
12091 				      (u8 *) "\x04\x09\x50\x6f\x9a\x1a", 6,
12092 				      enable);
12093 }
12094 #endif /* CONFIG_DPP */
12095 
12096 
12097 #ifdef CONFIG_TESTING_OPTIONS
12098 static int testing_nl80211_register_frame(void *priv, u16 type,
12099 					  const u8 *match, size_t match_len,
12100 					  bool multicast)
12101 {
12102 	struct i802_bss *bss = priv;
12103 	struct nl_sock *handle;
12104 
12105 	if (!bss->nl_mgmt)
12106 		return -1;
12107 	handle = (void *) (((intptr_t) bss->nl_mgmt) ^ ELOOP_SOCKET_INVALID);
12108 	return nl80211_register_frame(bss, handle, type, match, match_len,
12109 				      multicast);
12110 }
12111 #endif /* CONFIG_TESTING_OPTIONS */
12112 
12113 
12114 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
12115 	.name = "nl80211",
12116 	.desc = "Linux nl80211/cfg80211",
12117 	.get_bssid = wpa_driver_nl80211_get_bssid,
12118 	.get_ssid = wpa_driver_nl80211_get_ssid,
12119 	.set_key = driver_nl80211_set_key,
12120 	.scan2 = driver_nl80211_scan2,
12121 	.sched_scan = wpa_driver_nl80211_sched_scan,
12122 	.stop_sched_scan = wpa_driver_nl80211_stop_sched_scan,
12123 	.get_scan_results2 = wpa_driver_nl80211_get_scan_results,
12124 	.abort_scan = wpa_driver_nl80211_abort_scan,
12125 	.deauthenticate = driver_nl80211_deauthenticate,
12126 	.authenticate = driver_nl80211_authenticate,
12127 	.associate = wpa_driver_nl80211_associate,
12128 	.global_init = nl80211_global_init,
12129 	.global_deinit = nl80211_global_deinit,
12130 	.init2 = wpa_driver_nl80211_init,
12131 	.deinit = driver_nl80211_deinit,
12132 	.get_capa = wpa_driver_nl80211_get_capa,
12133 	.set_operstate = wpa_driver_nl80211_set_operstate,
12134 	.set_supp_port = wpa_driver_nl80211_set_supp_port,
12135 	.set_country = wpa_driver_nl80211_set_country,
12136 	.get_country = wpa_driver_nl80211_get_country,
12137 	.set_ap = wpa_driver_nl80211_set_ap,
12138 	.set_acl = wpa_driver_nl80211_set_acl,
12139 	.if_add = wpa_driver_nl80211_if_add,
12140 	.if_remove = driver_nl80211_if_remove,
12141 	.send_mlme = driver_nl80211_send_mlme,
12142 	.get_hw_feature_data = nl80211_get_hw_feature_data,
12143 	.sta_add = wpa_driver_nl80211_sta_add,
12144 	.sta_remove = driver_nl80211_sta_remove,
12145 	.tx_control_port = nl80211_tx_control_port,
12146 	.hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
12147 	.sta_set_flags = wpa_driver_nl80211_sta_set_flags,
12148 	.sta_set_airtime_weight = driver_nl80211_sta_set_airtime_weight,
12149 	.hapd_init = i802_init,
12150 	.hapd_deinit = i802_deinit,
12151 	.set_wds_sta = i802_set_wds_sta,
12152 	.get_seqnum = i802_get_seqnum,
12153 	.flush = i802_flush,
12154 	.get_inact_sec = i802_get_inact_sec,
12155 	.sta_clear_stats = i802_sta_clear_stats,
12156 	.set_rts = i802_set_rts,
12157 	.set_frag = i802_set_frag,
12158 	.set_tx_queue_params = i802_set_tx_queue_params,
12159 	.set_sta_vlan = driver_nl80211_set_sta_vlan,
12160 	.sta_deauth = i802_sta_deauth,
12161 	.sta_disassoc = i802_sta_disassoc,
12162 	.read_sta_data = driver_nl80211_read_sta_data,
12163 	.set_freq = i802_set_freq,
12164 	.send_action = driver_nl80211_send_action,
12165 	.send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait,
12166 	.remain_on_channel = wpa_driver_nl80211_remain_on_channel,
12167 	.cancel_remain_on_channel =
12168 	wpa_driver_nl80211_cancel_remain_on_channel,
12169 	.probe_req_report = driver_nl80211_probe_req_report,
12170 	.deinit_ap = wpa_driver_nl80211_deinit_ap,
12171 	.deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli,
12172 	.resume = wpa_driver_nl80211_resume,
12173 	.signal_monitor = nl80211_signal_monitor,
12174 	.signal_poll = nl80211_signal_poll,
12175 	.channel_info = nl80211_channel_info,
12176 	.set_param = nl80211_set_param,
12177 	.get_radio_name = nl80211_get_radio_name,
12178 	.add_pmkid = nl80211_add_pmkid,
12179 	.remove_pmkid = nl80211_remove_pmkid,
12180 	.flush_pmkid = nl80211_flush_pmkid,
12181 	.set_rekey_info = nl80211_set_rekey_info,
12182 	.poll_client = nl80211_poll_client,
12183 	.set_p2p_powersave = nl80211_set_p2p_powersave,
12184 	.start_dfs_cac = nl80211_start_radar_detection,
12185 	.stop_ap = wpa_driver_nl80211_stop_ap,
12186 #ifdef CONFIG_TDLS
12187 	.send_tdls_mgmt = nl80211_send_tdls_mgmt,
12188 	.tdls_oper = nl80211_tdls_oper,
12189 	.tdls_enable_channel_switch = nl80211_tdls_enable_channel_switch,
12190 	.tdls_disable_channel_switch = nl80211_tdls_disable_channel_switch,
12191 #endif /* CONFIG_TDLS */
12192 	.update_ft_ies = wpa_driver_nl80211_update_ft_ies,
12193 	.update_dh_ie = nl80211_update_dh_ie,
12194 	.get_mac_addr = wpa_driver_nl80211_get_macaddr,
12195 	.get_survey = wpa_driver_nl80211_get_survey,
12196 	.status = wpa_driver_nl80211_status,
12197 	.switch_channel = nl80211_switch_channel,
12198 #ifdef ANDROID_P2P
12199 	.set_noa = wpa_driver_set_p2p_noa,
12200 	.get_noa = wpa_driver_get_p2p_noa,
12201 	.set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie,
12202 #endif /* ANDROID_P2P */
12203 #ifdef ANDROID
12204 #ifndef ANDROID_LIB_STUB
12205 	.driver_cmd = wpa_driver_nl80211_driver_cmd,
12206 #endif /* !ANDROID_LIB_STUB */
12207 #endif /* ANDROID */
12208 	.vendor_cmd = nl80211_vendor_cmd,
12209 	.set_qos_map = nl80211_set_qos_map,
12210 	.get_wowlan = nl80211_get_wowlan,
12211 	.set_wowlan = nl80211_set_wowlan,
12212 	.set_mac_addr = nl80211_set_mac_addr,
12213 #ifdef CONFIG_MESH
12214 	.init_mesh = wpa_driver_nl80211_init_mesh,
12215 	.join_mesh = wpa_driver_nl80211_join_mesh,
12216 	.leave_mesh = wpa_driver_nl80211_leave_mesh,
12217 	.probe_mesh_link = nl80211_probe_mesh_link,
12218 #endif /* CONFIG_MESH */
12219 	.br_add_ip_neigh = wpa_driver_br_add_ip_neigh,
12220 	.br_delete_ip_neigh = wpa_driver_br_delete_ip_neigh,
12221 	.br_port_set_attr = wpa_driver_br_port_set_attr,
12222 	.br_set_net_param = wpa_driver_br_set_net_param,
12223 	.add_tx_ts = nl80211_add_ts,
12224 	.del_tx_ts = nl80211_del_ts,
12225 	.get_ifindex = nl80211_get_ifindex,
12226 #ifdef CONFIG_DRIVER_NL80211_QCA
12227 	.roaming = nl80211_roaming,
12228 	.disable_fils = nl80211_disable_fils,
12229 	.set_band = nl80211_set_band,
12230 	.get_pref_freq_list = nl80211_get_pref_freq_list,
12231 	.set_prob_oper_freq = nl80211_set_prob_oper_freq,
12232 	.p2p_lo_start = nl80211_p2p_lo_start,
12233 	.p2p_lo_stop = nl80211_p2p_lo_stop,
12234 	.set_default_scan_ies = nl80211_set_default_scan_ies,
12235 	.set_tdls_mode = nl80211_set_tdls_mode,
12236 #ifdef CONFIG_MBO
12237 	.get_bss_transition_status = nl80211_get_bss_transition_status,
12238 	.ignore_assoc_disallow = nl80211_ignore_assoc_disallow,
12239 #endif /* CONFIG_MBO */
12240 	.set_bssid_tmp_disallow = nl80211_set_bssid_tmp_disallow,
12241 	.add_sta_node = nl80211_add_sta_node,
12242 #endif /* CONFIG_DRIVER_NL80211_QCA */
12243 	.do_acs = nl80211_do_acs,
12244 	.configure_data_frame_filters = nl80211_configure_data_frame_filters,
12245 	.get_ext_capab = nl80211_get_ext_capab,
12246 	.update_connect_params = nl80211_update_connection_params,
12247 	.send_external_auth_status = nl80211_send_external_auth_status,
12248 	.set_4addr_mode = nl80211_set_4addr_mode,
12249 #ifdef CONFIG_DPP
12250 	.dpp_listen = nl80211_dpp_listen,
12251 #endif /* CONFIG_DPP */
12252 #ifdef CONFIG_TESTING_OPTIONS
12253 	.register_frame = testing_nl80211_register_frame,
12254 #endif /* CONFIG_TESTING_OPTIONS */
12255 };
12256